Some Yoog malware on my Firefox and IE search engine

[rocks21]

My Google search engine is replaced by some Yoog search engine,i have deleted many times and it's still on. I would like some help, thx

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:37:39 p.m., on 10/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DataStudio\PASPortal.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11925 bytes

[peku006]

Hello and Welcome to Safer Networking,

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
• Update Malwarebytes' Anti-Malware
• Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

• Make sure the "Perform full scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found here:
  
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006

[rocks21]

MBAM log

Malwarebytes' Anti-Malware 1.34
Database version: 1826
Windows 5.1.2600 Service Pack 3

14/03/2009 12:23:56 a.m.
mbam-log-2009-03-14 (00-23-56).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 159035
Time elapsed: 1 hour(s), 44 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9d77f30a-2da9-ee35-1977-b78c429635fa} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\623b6372-e205-b8cd-79ab-356d5ae485e6 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ovulyzfunjcs (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0e69838f-416a-91f3-478d-558bebe8347d} (Adware.MySideSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\akhivgdjksczdth.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\623b6372-e205-b8cd-79ab-356d5ae485e6.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovulyzfunjcs.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irpecufxanhh.dll-uninst.exe (Adware.MySideSearch) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\igfxtray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\results.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\EXPLORER.EX_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\EXPLORER.SC_ (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\userinit.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\Documents and Settings\i386\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

***********************************************************
info.txt

info.txt logfile of random's system information tool 1.05 2009-03-14 00:27:40

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canvas 11-->MsiExec.exe /I{1A103C8B-3DFA-4F05-BE9B-97B7ECC12925}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DataStudio-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4AB1A2A-72A8-4801-B238-0CB789C992FE} /l1033
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Graphical Analysis 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFE637-E44E-4648-9183-D77E9F48F9F1}\SETUP.EXE" -l0x9
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Lizardtech Express View Browser Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE983D56-28C6-4E5D-A146-8A8339B9CC1F}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mineralogy Tutorials 2.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Wiley\Mineralogy Tutorials 2.1\DeIsL1.isu" -c"C:\Program Files\Wiley\Mineralogy Tutorials 2.1\_ISREG32.DLL"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MrSID GeoViewer-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Lizardtech\MrSID GeoViewer\DeIsL1.isu" -c"C:\Program Files\Lizardtech\MrSID GeoViewer\_ISREG32.DLL"
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.134\InstStub.exe /X
OpenOffice.org Installer 1.0-->MsiExec.exe /X{CE38B24E-4146-4DAC-AD4E-4EC8BF24C261}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe -datfile hphscr01.dat
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 SET_LIM_RADIO - ALL
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung Samples Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0-->C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DpInst.exe /u PSSENSOR_ab977ca22ef595e0c55853eb3fbfffd950acc82c
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

Hosts File Missing
======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

System event log

Computer Name: COMPUTADOR
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 100184
Source Name: Tcpip
Time Written: 20090302205052.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 100183
Source Name: Tcpip
Time Written: 20090302204442.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{06953035-5532-47F7-986A-E86B4913951E} because a master browser was stopped.

Record Number: 100182
Source Name: BROWSER
Time Written: 20090302204435.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 100181
Source Name: Tcpip
Time Written: 20090302203337.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{06953035-5532-47F7-986A-E86B4913951E} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 100180
Source Name: Tcpip
Time Written: 20090302203242.000000-240
Event Type: information
User:

Application event log

Computer Name: COMPUTADOR
Event Code: 103
Message: MsnMsgr (2632) \\.\C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\anticool75@hotmail.com\SharingMetadata\Working\database_3470_5C4B_705C_15C8\dfsr.db: The database engine stopped the instance (0).

Record Number: 20366
Source Name: ESENT
Time Written: 20081112220244.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 102
Message: MsnMsgr (2632) \\.\C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\anticool75@hotmail.com\SharingMetadata\Working\database_3470_5C4B_705C_15C8\dfsr.db: The database engine started a new instance (0).

Record Number: 20365
Source Name: ESENT
Time Written: 20081112210756.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 100
Message: MsnMsgr (2632) The database engine 5.01.2600.5512 started.

Record Number: 20364
Source Name: ESENT
Time Written: 20081112210756.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 101
Message: MsnMsgr (2632) The database engine stopped.

Record Number: 20363
Source Name: ESENT
Time Written: 20081112210653.000000-240
Event Type: information
User:

Computer Name: COMPUTADOR
Event Code: 103
Message: MsnMsgr (2632) \\.\C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\anticool75@hotmail.com\SharingMetadata\Working\database_3470_5C4B_705C_15C8\dfsr.db: The database engine stopped the instance (0).

Record Number: 20362
Source Name: ESENT
Time Written: 20081112210653.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\ACD Systems\EN;C:\Program Files\Common Files\ACD Systems
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"PROJSO"=C:\Program Files\Common Files\LizardTech Shared\GDAL_LIB\proj.dll
"PROJ_LIB"=C:\Program Files\Common Files\LizardTech Shared\GDAL_ETC
"GDAL_DATA"=C:\Program Files\Common Files\LizardTech Shared\GDAL_ETC
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[rocks21]

log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Omar at 2009-03-14 00:27:12
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (25%) free of 72 GB
Total RAM: 1015 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:36 a.m., on 14/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Omar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Omar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PASPortal.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...nt/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll
O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servicio de actualización de Google (gupdate1c9955416be3348) (gupdate1c9955416be3348) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11923 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [2009-02-27 372592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL [2009-02-27 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-18 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-18 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-18 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [2009-02-27 372592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-18 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-09-10 393216]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006-05-03 98304]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-09-01 684032]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2005-07-08 176128]
"HPHUPD05"=C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [2005-07-08 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"HPHmon05"=C:\WINDOWS\system32\hphmon05.exe [2005-07-08 491520]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-09-13 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
PASPortal.lnk - C:\WINDOWS\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe"="C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe"="C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe"="C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}]
shell\AutoRun\command - H:\jfvkcsy.bat
shell\explore\command - H:\jfvkcsy.bat
shell\open\command - H:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{265c1748-a16b-11dd-a206-0014229e8b54}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
shell\verb1\command - desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
shell\AutoRun\command - F:\oq.cmd
shell\explore\command - F:\oq.cmd
shell\open\command - F:\oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - G:\system.exe
shell\Open\command - G:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}]
shell\AutoRun\command - F:\xlu8a8sy.exe
shell\explore\command - F:\xlu8a8sy.exe
shell\open\command - F:\xlu8a8sy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]
shell\AutoRun\command - F:\oq.cmd
shell\explore\command - F:\oq.cmd
shell\open\command - F:\oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}]
shell\AutoRun\command - F:\jfvkcsy.bat
shell\explore\command - F:\jfvkcsy.bat
shell\open\command - F:\jfvkcsy.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204177-eed7-11dc-a123-0014229e8b54}]
shell\AutoRun\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe
shell\open\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}]
shell\AutoRun\command - F:\ntde1ect.com
shell\explore\command - F:\ntde1ect.com
shell\open\command - F:\ntde1ect.com


======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 1 months======

2009-03-14 00:27:12 ----D---- C:\rsit
2009-03-13 21:55:02 ----D---- C:\Documents and Settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-11 09:45:11 ----D---- C:\Documents and Settings\Omar\Application Data\URSoft
2009-03-11 09:44:59 ----D---- C:\Program Files\Your Uninstaller 2008
2009-03-11 01:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 01:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 01:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 00:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 23:19:27 ----RD---- C:\Program Files\Norton Support
2009-03-09 18:48:43 ----D---- C:\_OTScanIt
2009-03-07 13:28:50 ----D---- C:\Program Files\Common Files\Common Share
2009-03-04 21:14:20 ----D---- C:\Documents and Settings\Omar\Application Data\DivX
2009-03-04 19:40:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-03-04 09:16:58 ----A---- C:\WINDOWS\system32\irpecufxanhh.dll
2009-03-02 09:51:47 ----D---- C:\Program Files\Bonjour
2009-02-27 09:25:58 ----A---- C:\WINDOWS\system32\nsk9E.dll
2009-02-25 01:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 22:01:49 ----D---- C:\Documents and Settings\Omar\Application Data\ACD Systems
2009-02-24 22:01:07 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-02-24 21:59:03 ----D---- C:\Program Files\Common Files\ACD Systems
2009-02-24 21:59:03 ----D---- C:\Program Files\ACD Systems
2009-02-22 21:09:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

======List of files/folders modified in the last 1 months======

2009-03-14 00:27:14 ----D---- C:\WINDOWS\Temp
2009-03-14 00:26:25 ----D---- C:\WINDOWS\Prefetch
2009-03-14 00:23:55 ----D---- C:\WINDOWS\system32
2009-03-14 00:21:02 ----D---- C:\Program Files\Mozilla Firefox
2009-03-13 22:42:00 ----SD---- C:\WINDOWS\Tasks
2009-03-13 22:05:20 ----D---- C:\WINDOWS
2009-03-13 22:04:31 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-03-13 22:02:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-13 22:02:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-13 21:54:59 ----D---- C:\WINDOWS\system32\drivers
2009-03-13 21:54:52 ----RD---- C:\Program Files
2009-03-13 21:51:05 ----HD---- C:\WINDOWS\inf
2009-03-12 08:49:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-11 18:57:14 ----D---- C:\Program Files\World of Warcraft
2009-03-11 09:51:07 ----SHD---- C:\WINDOWS\Installer
2009-03-11 09:50:04 ----D---- C:\WINDOWS\repair
2009-03-11 09:50:04 ----D---- C:\Program Files\IrfanView
2009-03-11 09:48:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-11 01:01:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-11 01:00:50 ----D---- C:\WINDOWS\WinSxS
2009-03-10 23:22:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-10 19:34:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 18:28:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-07 16:20:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 16:14:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-07 13:28:50 ----D---- C:\Program Files\Common Files
2009-03-04 19:41:09 ----D---- C:\Program Files\DivX
2009-03-03 14:56:18 ----D---- C:\Program Files\Symantec
2009-03-03 14:56:16 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-02-27 12:51:12 ----D---- C:\Documents and Settings\Omar\Application Data\U3
2009-02-24 16:23:41 ----D---- C:\Program Files\iPod
2009-02-22 21:14:13 ----D---- C:\Program Files\Google
2009-02-22 18:41:47 ----D---- C:\Documents and Settings
2009-02-22 18:40:30 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-18 10:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-03 16128]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\BHDrvx86.sys [2009-02-27 258608]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1005000.086\ccHPx86.sys [2009-03-03 482352]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SRTSP.SYS [2009-02-27 307760]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\NIS\1005000.086\SRTSPX.SYS []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMTDI.SYS [2009-02-27 217392]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-11 17056]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090313.032\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090313.032\NAVEX15.SYS []
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-10 1032472]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMFW.SYS [2009-02-27 89776]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMIDS.SYS [2009-02-27 34736]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1005000.086\SYMNDIS.SYS [2009-02-27 37296]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2003-05-21 253672]
S3 ac5190jt;ac5190jt; C:\WINDOWS\system32\drivers\ac5190jt.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-08 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-08 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nuvaudio;NUVision Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaudio.sys [2001-03-30 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+); C:\WINDOWS\system32\DRIVERS\NUVision.sys [2001-03-30 145184]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Servicio Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-06-09 356352]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R3 iPod Service;Servicio del iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

[rocks21]

Yoog search engine that replaces my search engine in Firefox and IE.Also I'm having trouble with the windows update system since every time i turn on my computer it tells me that "new updates are available for my computer".I installed them like two times and every time i turn off my computer it ask me if i want to install new updates.

thx for help.

[peku006]

Hi rocks21

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply


Thanks peku006

[rocks21]

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe SVG Viewer 3.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom Management Programs
Canvas 11
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DataStudio
Dell CinePlayer
Dell Driver Reset Tool
DellSupport
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
ESET Online Scanner
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphical Analysis 3.2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Software Update
HP Update
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IrfanView (remove only)
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Kaspersky Online Scanner
Lizardtech Express View Browser Plug-in
Malwarebytes' Anti-Malware
MathPlayer
mCore
MCU
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
Mineralogy Tutorials 2.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.7)
mPfMgr
mPfWiz
mProSafe
MrSID GeoViewer
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
NetWaiting
Norton Internet Security
OpenOffice.org Installer 1.0
overland
Photosmart 140,240,7200,7600,7700,7900 Series
QuickSet
QuickTime
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sonic Activation Module
Sonic Update Manager
Spybot - Search & Destroy
Starcraft
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
WebCyberCoach 3.2 Dell
Windows Driver Package - PASCO Scientific (PASCO) USB 01/17/2004 1.9.0.0
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
World of Warcraft
Yahoo! Install Manager
Your Uninstaller! 2008 Version 6.2

[peku006]

Hi rocks21

Please download OTScanIt2 from Geeks to Go or Bleeping Computer. Save it to your desktop.

1. Double click on OTScanIt2.exe to run it.
2. Click on Extract. Once done, you will be prompted. Click OK and click Close.
3. Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
4. Under Rookit Search, select Yes.
5. Click on Run Scan at the top left hand corner.
6. When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

[rocks21]

[code]
OTScanIt2 logfile created on: 14/03/2009 01:40:51 p.m. - Run 3
OTScanIt2 by OldTimer - Version 1.0.8.0 Folder = C:\Documents and Settings\Omar\Desktop\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000500A | Country: Puerto Rico | Language: ESU | Date Format: dd/MM/yyyy

1015.37 Mb Total Physical Memory | 459.94 Mb Available Physical Memory | 45.30% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.08 Gb Total Space | 17.16 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTADOR
Current User Name: Omar
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> [2004/09/07 18:03:40 | 00,245,760 | ---- | M] (Intel)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
ccsvchst.exe -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe -> [2009/02/27 07:20:17 | 00,115,560 | R--- | M] (Symantec Corporation)
ccsvchst.exe -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe -> [2009/02/27 07:20:17 | 00,115,560 | R--- | M] (Symantec Corporation)
daemon.exe -> %ProgramFiles%\DAEMON Tools\daemon.exe -> [2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.)
dlactrlw.exe -> %SystemRoot%\System32\DLA\DLACTRLW.EXE -> [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions)
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software)
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2006/05/03 03:12:00 | 00,098,304 | ---- | M] ()
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 18:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
explorer.exe -> %SystemRoot%\Explorer.EXE -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> [2009/03/05 09:56:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
googleupdate.exe -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/22 21:14:08 | 00,133,104 | ---- | M] (Google Inc.)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2005/10/14 22:46:34 | 00,077,824 | ---- | M] (Intel Corporation)
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> [2005/07/08 00:55:02 | 00,491,520 | ---- | M] (Hewlett-Packard)
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> [2005/07/08 00:55:00 | 00,176,128 | ---- | M] (HP)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\ifrmewrk.exe -> [2004/10/30 16:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2005/10/14 22:50:30 | 00,114,688 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> [2005/10/14 22:46:24 | 00,159,744 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/14 11:39:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/14 11:39:05 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
msnmsgr.exe -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
nicconfigsvc.exe -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> [2005/06/09 10:53:18 | 00,356,352 | ---- | M] (Dell Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/02/19 11:15:40 | 00,489,984 | ---- | M] (OldTimer Tools)
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2005/09/01 19:24:08 | 00,684,032 | ---- | M] ()
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 18:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 18:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
stsystra.exe -> %SystemRoot%\stsystra.exe -> [2005/09/10 01:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2005/11/29 06:56:30 | 00,761,947 | ---- | M] (Synaptics, Inc.)
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKeeper.exe -> [2004/09/07 18:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZcfgSvc.exe -> [2004/09/07 18:08:02 | 00,389,120 | ---- | M] (Intel Corporation)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 03:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(Bonjour Service) Servicio Bonjour [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 00,076,848 | ---- | M] ()
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 18:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
(gupdate1c9955416be3348) Servicio de actualización de Google (gupdate1c9955416be3348) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Update\GoogleUpdate.exe -> [2009/02/22 21:14:08 | 00,133,104 | ---- | M] (Google Inc.)
(gusvc) Google Software Updater [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/02/22 21:09:04 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) Servicio del iPod [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/14 11:39:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7Debug\mdm.exe -> [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> [2005/06/09 10:53:18 | 00,356,352 | ---- | M] (Dell Inc.)
(Norton Internet Security) Norton Internet Security [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe -> [2009/02/27 07:20:17 | 00,115,560 | R--- | M] (Symantec Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 00,073,728 | ---- | M] (HP)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 18:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 18:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKeeper.exe -> [2004/09/07 18:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> [2006/03/11 04:48:29 | 00,017,056 | ---- | M] (Meetinghouse Data Communications)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\aliide.sys -> [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\amdagp.sys -> [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005/08/03 12:44:16 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc.sys -> [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\asc3550.sys -> [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\bcm4sbxp.sys -> [2005/08/05 05:32:16 | 00,045,312 | R--- | M] (Broadcom Corporation)
(BHDrvx86) Symantec Heuristics Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\BHDrvx86.sys -> [2009/02/27 07:20:26 | 00,258,608 | ---- | M] (Symantec Corporation)
(ccHP) Symantec Hash Provider [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\ccHPx86.sys -> [2009/03/03 14:55:16 | 00,482,352 | ---- | M] (Symantec Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\cmdide.sys -> [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLABOIOM.SYS -> [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLACDBHM.SYS -> [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions)
(DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLADResN.SYS -> [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAIFS_M.SYS -> [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAOPIOM.SYS -> [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAPoolM.SYS -> [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions)
(DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\System32\Drivers\DLARTL_N.SYS -> [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDFAM.SYS -> [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\System32\DLA\DLAUDF_M.SYS -> [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\DRVMCDB.SYS -> [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\System32\Drivers\DRVNDDM.SYS -> [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\dsunidrv.sys -> [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\e100b325.sys -> [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2009/02/25 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation)
(EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> [2009/02/25 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> [2005/07/08 00:55:01 | 00,051,088 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> [2005/07/08 00:55:01 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> [2005/07/08 00:55:01 | 00,021,744 | ---- | M] (HP)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSFHWAZL.sys -> [2005/07/22 05:01:08 | 00,201,600 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_DPV.sys -> [2005/07/22 05:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ialmnt5.sys -> [2005/10/14 23:15:18 | 01,302,812 | ---- | M] (Intel Corporation)
(IDSxpx86) IDSxpx86 [Kernel | System | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090310.003\IDSxpx86.sys -> [2009/02/06 02:04:44 | 00,276,344 | ---- | M] (Symantec Corporation)
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\iwca.sys -> [2004/08/12 10:44:04 | 00,234,496 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\mdmxsdk.sys -> [2004/03/17 05:04:14 | 00,013,059 | ---- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\mraid35x.sys -> [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090314.003\NAVENG.SYS -> [2009/02/19 05:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %AllUsersProfile%\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090314.003\NAVEX15.SYS -> [2009/02/19 05:00:00 | 00,876,144 | ---- | M] (Symantec Corporation)
(nuvaudio) NUVision Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nuvaudio.sys -> [2001/03/30 10:52:29 | 00,020,704 | R--- | M] (Nogatech Ltd.)
(NUVision) ATI TV Wonder, USB Edition (NTSC+) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\NUVision.sys -> [2001/03/30 10:52:29 | 00,145,184 | R--- | M] (Nogatech Ltd.)
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\nv4_mini.sys -> [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> [2008/11/06 12:37:28 | 00,043,528 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1080.sys -> [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql12160.sys -> [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ql1280.sys -> [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rimmptsk.sys -> [2005/07/14 12:58:14 | 00,028,544 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rimsptsk.sys -> [2005/07/12 13:00:30 | 00,051,328 | ---- | M] (REDC)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\rixdptsk.sys -> [2005/07/14 11:28:38 | 00,307,968 | ---- | M] (REDC)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\s24trans.sys -> [2004/08/31 10:53:04 | 00,011,354 | ---- | M] (Intel Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sisagp.sys -> [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sparrow.sys -> [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\sptd.sys -> [2007/08/13 16:26:00 | 00,682,232 | ---- | M] ()
(SRTSP) Symantec Real Time Storage Protection [File_System | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SRTSP.SYS -> [2009/02/27 07:20:26 | 00,307,760 | ---- | M] (Symantec Corporation)
(SRTSPX) Symantec Real Time Storage Protection (PEL) [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NIS\1005000.086\SRTSPX.SYS -> [2009/02/27 07:20:26 | 00,043,696 | ---- | M] (Symantec Corporation)
(ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ss_bus.sys -> [2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI)
(ss_mdfl) SAMSUNG Mobile USB Modem 1.0 Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ss_mdfl.sys -> [2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI)
(ss_mdm) SAMSUNG Mobile USB Modem 1.0 Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\ss_mdm.sys -> [2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI)
(StarOpen) StarOpen [File_System | System | Running] -> %SystemRoot%\System32\drivers\StarOpen.sys -> [2006/07/24 16:05:00 | 00,005,632 | ---- | M] ()
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2005/09/10 01:15:32 | 01,032,472 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc810.sys -> [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\symc8xx.sys -> [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(SymEFA) Symantec Extended File Attributes [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\NIS\1005000.086\SYMEFA.SYS -> [2009/02/27 07:20:26 | 00,310,320 | ---- | M] (Symantec Corporation)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\Drivers\SYMEVENT.SYS -> [2009/03/03 14:56:16 | 00,124,464 | ---- | M] (Symantec Corporation)
(SYMFW) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMFW.SYS -> [2009/02/27 07:20:26 | 00,089,776 | ---- | M] (Symantec Corporation)
(SYMIDS) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMIDS.SYS -> [2009/02/27 07:20:26 | 00,034,736 | ---- | M] (Symantec Corporation)
(SymIM) Symantec Network Security Intermediate Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\SymIM.sys -> [2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation)
(SymIMMP) SymIMMP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SymIM.sys -> [2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation)
(SYMNDIS) Symantec Network Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMNDIS.SYS -> [2009/02/27 07:20:26 | 00,037,296 | ---- | M] (Symantec Corporation)
(SYMTDI) Symantec Network Dispatch Driver [Kernel | System | Running] -> %SystemRoot%\System32\Drivers\NIS\1005000.086\SYMTDI.SYS -> [2009/02/27 07:20:26 | 00,217,392 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_hi.sys -> [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\sym_u3.sys -> [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\SynTP.sys -> [2005/11/29 06:36:56 | 00,191,936 | ---- | M] (Synaptics, Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\DRIVERS\ultra.sys -> [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.)
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\w29n51.sys -> [2004/10/21 22:56:04 | 03,210,496 | ---- | M] (Intel® Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HSF_CNXT.sys -> [2005/07/22 05:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.)
(WinDriver6) WinDriver6 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\windrvr6.sys -> [2003/05/21 18:58:18 | 00,253,672 | ---- | M] (Jungo)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> Reg Error: Invalid data type. ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://news.google.com/news?ned=us ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Omar\Application Data\Mozilla\FireFox\Profiles\drj06ki6.default\prefs.js ->
browser.search.defaultenginename -> "Yoog Search" ->
browser.search.defaulturl -> "http://www15.yoog.com/search.php?q=" ->
browser.search.selectedEngine -> "Yoog Search" ->
browser.startup.homepage -> "http://news.google.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.7" ->
extensions.enabledItems -> {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0 ->
extensions.enabledItems -> {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7 ->
Hosts file not found -> ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\System32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> [2005/09/08 07:20:00 | 00,110,652 | ---- | M] (Sonic Solutions)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [Symantec NCO BHO] -> [2009/02/27 07:20:16 | 00,372,592 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\IPSBHO.DLL [Symantec Intrusion Prevention] -> [2009/02/27 07:20:16 | 00,107,896 | R--- | M] (Symantec Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/14 11:39:06 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006/07/07 12:29:52 | 00,324,416 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/02/18 10:50:14 | 00,657,904 | ---- | M] (Google Inc.)
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [Google Dictionary Compression sdch] -> [2009/02/18 10:49:28 | 00,522,224 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/14 11:39:05 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/14 11:39:06 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [Norton Toolbar] -> [2009/02/27 07:20:16 | 00,372,592 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/02/18 10:49:30 | 00,251,504 | ---- | M] ()
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> %ProgramFiles%\Norton Internet Security\Engine\16.5.0.134\coIEPlg.dll [Norton Toolbar] -> [2009/02/27 07:20:16 | 00,372,592 | R--- | M] (Symantec Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2005/09/01 19:24:08 | 00,684,032 | ---- | M] ()
"DLA" -> %SystemRoot%\System32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> [2005/09/08 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions)
"DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2006/05/03 03:12:00 | 00,098,304 | ---- | M] ()
"HP Component Manager" -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company)
"HP Software Update" -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"HPDJ Taskbar Utility" -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> [2005/07/08 00:55:00 | 00,176,128 | ---- | M] (HP)
"HPHmon05" -> %SystemRoot%\system32\hphmon05.exe [C:\WINDOWS\system32\hphmon05.exe] -> [2005/07/08 00:55:02 | 00,491,520 | ---- | M] (Hewlett-Packard)
"HPHUPD05" -> %ProgramFiles%\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe [C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe] -> [2005/07/08 00:55:02 | 00,049,152 | ---- | M] (Hewlett-Packard)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2005/10/14 22:46:34 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2005/10/14 22:50:30 | 00,114,688 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2005/10/14 22:49:46 | 00,094,208 | ---- | M] (Intel Corporation)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\ifrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/30 16:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/27 18:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"MSKDetectorExe" -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2005/09/10 01:19:34 | 00,393,216 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/14 11:39:05 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2005/11/29 06:56:30 | 00,761,947 | ---- | M] (Synaptics, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools" -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033] -> [2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.)
"MsnMsgr" -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe ["C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/01/26 15:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/09/13 08:10:20 | 00,068,856 | ---- | M] (Google Inc.)
"Uniblue RegistryBooster 2" -> [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated)
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 04:06:00 | 00,024,576 | ---- | M] (BVRP Software)
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\PASPortal.lnk -> %SystemRoot%\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe -> [2006/08/30 10:16:37 | 00,040,960 | R--- | M] (InstallShield Software Corp.)
< Omar Startup Folder > -> C:\Documents and Settings\Omar\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found

[rocks21]

< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"DisableStatusMessages" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [149] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000] -> [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5182 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5181 domain(s) found. ->
48 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [HKLM] -> http://www.kaspersky.com/kos/english...an_unicode.cab [CKAVWebScan Object] ->
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [HKLM] -> http://download.mcafee.com/molbin/sh...1/mcinsctl.cab [Reg Error: Key error.] ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> http://gfx2.hotmail.com/mail/w3/pr01...s/MSNPUpld.cab [MSN Photo Upload Tool] ->
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} [HKLM] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab [OnlineScanner Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_11] ->
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [HKLM] -> https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx [Get_ActiveX Control] ->
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary...t.cab56907.cab [MessengerStatsClient Class] ->
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_06] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> https://fpdownload.macromedia.com/ge...nt/swflash.cab [Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{06953035-5532-47F7-986A-E86B4913951E} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{2A1A7821-11C0-4BFB-8F98-BEC833F73AA4} -> () ->
{92DE04DF-CC2D-42C7-B434-CBB8CF37905A} -> (1394 Net Adapter) ->
{B52EBE49-ACB8-4A03-9E34-BAC42D93E9BA} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\Explorer.exe -> [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2005/10/14 22:45:38 | 00,135,168 | ---- | M] (Intel Corporation)
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> [2004/09/07 18:08:06 | 00,110,592 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe" -> C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe [C:\Documents and Settings\El guest\Desktop\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/05/10 20:32:33 | 00,752,673 | ---- | M] (Blizzard Entertainment)
"C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe" -> C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe [C:\Documents and Settings\Omar\My Documents\Flying_Mount_PC_EG-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe" -> C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe [C:\Documents and Settings\Omar\My Documents\WoW-Warrior-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" -> C:\Program Files\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> [2009/03/05 09:56:55 | 00,307,704 | ---- | M] (Mozilla Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" -> C:\Program Files\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> File not found
"C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.10.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/06/06 23:37:44 | 00,779,015 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/06/20 22:17:30 | 00,754,664 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2006/07/11 11:21:00 | 00,742,899 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:18:54 | 00,771,411 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:05:21 | 00,771,373 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:12:39 | 00,771,353 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe" -> C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> [2007/05/16 09:15:59 | 00,771,362 | ---- | M] (Blizzard Entertainment)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 15:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\AutoRun\command
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\AutoRun\command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat] -> File not found
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\explore\Command
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\explore\Command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat] -> File not found
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\open\Command
\{21bb30fa-a05b-11dc-a0dc-0014229e8b54}\Shell\open\Command\\"" -> H:\jfvkcsy.bat [H:\jfvkcsy.bat] -> File not found
\{265c1748-a16b-11dd-a206-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\AutoRun\command
\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe] -> File not found
\{265c1748-a16b-11dd-a206-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\open\command
\{265c1748-a16b-11dd-a206-0014229e8b54}\Shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe] -> File not found
\{2d3d59fa-234f-11dc-a033-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}\shell\verb1\command
\{2d3d59fa-234f-11dc-a033-0014229e8b54}\shell\verb1\command\\"" -> [desktop.exe] -> File not found
\{3f4aba54-1946-11dd-a151-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\AutoRun\command
\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{3f4aba54-1946-11dd-a151-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\explore\Command
\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\explore\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{3f4aba54-1946-11dd-a151-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\open\Command
\{3f4aba54-1946-11dd-a151-0014229e8b54}\Shell\open\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\AutoRun
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Explore\command
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Explore\command\\"" -> G:\system.exe [G:\system.exe] -> File not found
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Open\command
\{6507c5c1-f2c6-11dd-a284-0014229e8b54}\Shell\Open\command\\"" -> G:\system.exe [G:\system.exe] -> File not found
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\AutoRun\command
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\open\command
\{7f282bbf-9c5f-11dc-a0d5-0014229e8b54}\Shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe] -> File not found
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe] -> File not found
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\open\Command
\{b1a2ef11-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\xlu8a8sy.exe [F:\xlu8a8sy.exe] -> File not found
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\open\Command
\{b1a2ef13-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\oq.cmd [F:\oq.cmd] -> File not found
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat] -> File not found
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\explore\Command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat] -> File not found
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\open\Command
\{b1a2ef1e-1b90-11dd-a155-0014229e8b54}\Shell\open\Command\\"" -> F:\jfvkcsy.bat [F:\jfvkcsy.bat] -> File not found
\{d5204176-eed7-11dc-a123-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell
\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun
\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command
\{d5204176-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{d5204177-eed7-11dc-a123-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command
\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\AutoRun\command\\"" -> H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe [H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{d5204177-eed7-11dc-a123-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\open\command
\{d5204177-eed7-11dc-a123-0014229e8b54}\Shell\open\command\\"" -> H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe [H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe] -> File not found
\{e939ef02-ae88-11dd-a21c-00166f4c9160}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\AutoRun\command
\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\AutoRun\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{e939ef02-ae88-11dd-a21c-00166f4c9160}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\open\command
\{e939ef02-ae88-11dd-a21c-00166f4c9160}\Shell\open\command\\"" -> F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe [F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\run32.exe] -> File not found
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\AutoRun\command
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\AutoRun\command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com] -> File not found
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\explore\Command
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\explore\Command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com] -> File not found
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\open\Command
\{ed792e8c-d2aa-11dc-a0fe-0014229e8b54}\Shell\open\Command\\"" -> F:\ntde1ect.com [F:\ntde1ect.com] -> File not found


[Files/Folders - Created Within 30 Days]
LastGood -> %SystemRoot%\LastGood -> [2009/03/14 10:24:04 | 00,000,000 | ---D | C]
rsit -> %SystemDrive%\rsit -> [2009/03/14 00:27:12 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/13 22:12:11 | 00,781,851 | ---- | C] ()
mbam-rules.exe -> %UserProfile%\Desktop\mbam-rules.exe -> [2009/03/13 22:00:04 | 02,132,416 | ---- | C] (Malwarebytes Corporation )
Malwarebytes -> %AppData%\Malwarebytes -> [2009/03/13 21:55:02 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/13 21:54:59 | 00,000,696 | ---- | C] ()
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/03/13 21:54:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/03/13 21:54:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/03/13 21:54:53 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/03/13 21:54:52 | 00,000,000 | ---D | C]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/13 21:53:51 | 02,876,728 | ---- | C] (Malwarebytes Corporation )
Remove malware.doc -> %UserProfile%\Desktop\Remove malware.doc -> [2009/03/12 16:06:15 | 00,033,280 | ---- | C] ()
pendrive -> %UserProfile%\Desktop\pendrive -> [2009/03/12 00:25:42 | 00,000,000 | ---D | C]
BitTorrent-6.1.2.exe -> %UserProfile%\Desktop\BitTorrent-6.1.2.exe -> [2009/03/11 15:52:47 | 01,754,496 | ---- | C] ()
URSoft -> %AppData%\URSoft -> [2009/03/11 09:45:11 | 00,000,000 | ---D | C]
1-Click Cleaning by Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,001,810 | ---- | C] ()
Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,000,798 | ---- | C] ()
Your Uninstaller 2008 -> %ProgramFiles%\Your Uninstaller 2008 -> [2009/03/11 09:44:59 | 00,000,000 | ---D | C]
Norton Support -> %ProgramFiles%\Norton Support -> [2009/03/10 23:19:27 | 00,000,000 | R--D | C]
Sacar malware -> %UserProfile%\My Documents\Sacar malware -> [2009/03/10 19:38:09 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/10 18:55:29 | 10,647,63392 | -HS- | C] ()
_OTScanIt -> %SystemDrive%\_OTScanIt -> [2009/03/09 18:48:43 | 00,000,000 | ---D | C]
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/03/09 18:47:42 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/09 18:45:32 | 00,661,370 | ---- | C] ()
malware.rtf -> %UserProfile%\Desktop\malware.rtf -> [2009/03/07 20:27:51 | 00,000,828 | ---- | C] ()
spybotsd162.exe -> %UserProfile%\Desktop\spybotsd162.exe -> [2009/03/07 15:54:15 | 16,409,960 | ---- | C] (Safer Networking Limited )
OJOsoft Corporation -> %UserProfile%\My Documents\OJOsoft Corporation -> [2009/03/07 13:29:09 | 00,000,000 | ---D | C]
Common Share -> %CommonProgramFiles%\Common Share -> [2009/03/07 13:28:50 | 00,000,000 | ---D | C]
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2009/03/05 15:46:44 | 00,001,374 | ---- | C] ()
DivX -> %AppData%\DivX -> [2009/03/04 21:14:20 | 00,000,000 | ---D | C]
DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [2009/03/04 19:40:31 | 00,000,795 | ---- | C] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2009/03/04 19:39:50 | 00,000,806 | ---- | C] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2009/03/04 19:38:41 | 00,001,476 | ---- | C] ()
SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> [2009/03/04 15:32:20 | 00,036,400 | R--- | C] (Symantec Corporation)
pendrive backup -> %UserProfile%\My Documents\pendrive backup -> [2009/03/04 10:46:02 | 00,000,000 | ---D | C]
irpecufxanhh.dll -> %SystemRoot%\System32\irpecufxanhh.dll -> [2009/03/04 09:16:58 | 00,607,744 | ---- | C] ()
Procedimiento_y_resultados_propuesta[1].doc -> %UserProfile%\Desktop\Procedimiento_y_resultados_propuesta[1].doc -> [2009/03/03 21:23:11 | 00,082,944 | ---- | C] ()
Bonjour -> %ProgramFiles%\Bonjour -> [2009/03/02 09:51:47 | 00,000,000 | ---D | C]
nsk9E.dll -> %SystemRoot%\System32\nsk9E.dll -> [2009/02/27 09:25:58 | 00,644,608 | ---- | C] ()
ACD Systems -> %AppData%\ACD Systems -> [2009/02/24 22:01:49 | 00,000,000 | ---D | C]
Canvas 11.lnk -> %AllUsersProfile%\Desktop\Canvas 11.lnk -> [2009/02/24 22:01:07 | 00,002,355 | ---- | C] ()
ACD Systems -> %AllUsersProfile%\Application Data\ACD Systems -> [2009/02/24 22:01:07 | 00,000,000 | ---D | C]
ACD Systems -> %ProgramFiles%\ACD Systems -> [2009/02/24 21:59:03 | 00,000,000 | ---D | C]
ACD Systems -> %CommonProgramFiles%\ACD Systems -> [2009/02/24 21:59:03 | 00,000,000 | ---D | C]
geophysics.xls -> %UserProfile%\Desktop\geophysics.xls -> [2009/02/24 09:06:40 | 00,020,480 | ---- | C] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/22 21:17:22 | 00,001,836 | ---- | C] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/02/22 21:14:35 | 00,000,878 | ---- | C] ()
Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [2009/02/22 21:09:13 | 00,000,000 | ---D | C]
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/22 21:09:09 | 00,000,868 | ---- | C] ()
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/22 21:06:32 | 01,046,648 | ---- | C] ()
La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> %UserProfile%\Desktop\La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> [2009/02/16 20:53:12 | 00,536,286 | ---- | C] ()
Statigrafia -> %UserProfile%\My Documents\Statigrafia -> [2009/02/14 12:26:31 | 00,000,000 | ---D | C]
AceYourInterview_WEB.pdf -> %UserProfile%\My Documents\AceYourInterview_WEB.pdf -> [2009/02/14 11:30:14 | 04,189,460 | ---- | C] ()
Public Speaking -> %UserProfile%\My Documents\Public Speaking -> [2009/02/14 09:54:55 | 00,000,000 | ---D | C]
Seminario 2 -> %UserProfile%\My Documents\Seminario 2 -> [2009/02/13 20:47:12 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
11 C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp ->
11 C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Omar\Local Settings\Temp\*.tmp ->
1 C:\Documents and Settings\Omar\Local Settings\Temp\is-7KA5U.tmp\_isetup\*.tmp files -> C:\Documents and Settings\Omar\Local Settings\Temp\is-7KA5U.tmp\_isetup\*.tmp ->
2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/03/14 13:34:27 | 00,004,232 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/03/14 13:34:26 | 00,005,515 | ---- | M] ()
GoogleUpdateTaskMachine.job -> %SystemRoot%\tasks\GoogleUpdateTaskMachine.job -> [2009/03/14 13:16:15 | 00,000,878 | ---- | M] ()
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/03/14 11:58:16 | 00,000,868 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/03/14 10:23:08 | 00,002,206 | ---- | M] ()
PASPortal.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\PASPortal.lnk -> [2009/03/14 10:22:00 | 00,002,245 | ---- | M] ()
Perflib_Perfdata_f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_f0.dat -> [2009/03/14 10:21:28 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_514.dat -> %SystemRoot%\Temp\Perflib_Perfdata_514.dat -> [2009/03/14 10:20:54 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/03/14 10:20:51 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/03/14 10:20:34 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/03/14 10:20:24 | 10,647,63392 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/03/14 00:48:45 | 08,388,608 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/03/14 00:48:45 | 00,000,278 | -HS- | M] ()
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2009/03/13 22:41:03 | 00,000,576 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/03/13 22:12:17 | 00,781,851 | ---- | M] ()
Perflib_Perfdata_d4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_d4.dat -> [2009/03/13 22:05:35 | 00,016,384 | ---- | M] ()
mbam-rules.exe -> %UserProfile%\Desktop\mbam-rules.exe -> [2009/03/13 22:00:07 | 02,132,416 | ---- | M] (Malwarebytes Corporation )
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/03/13 21:54:59 | 00,000,696 | ---- | M] ()
_shfoldr.dll -> %UserProfile%\Local Settings\Temp\is-7KA5U.tmp\_isetup\_shfoldr.dll -> [2009/03/13 21:54:29 | 00,023,312 | ---- | M] (Microsoft Corporation)
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/03/13 21:54:13 | 02,876,728 | ---- | M] (Malwarebytes Corporation )
Perflib_Perfdata_170.dat -> %SystemRoot%\Temp\Perflib_Perfdata_170.dat -> [2009/03/13 09:53:37 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_664.dat -> %SystemRoot%\Temp\Perflib_Perfdata_664.dat -> [2009/03/13 05:36:33 | 00,016,384 | ---- | M] ()
Remove malware.doc -> %UserProfile%\Desktop\Remove malware.doc -> [2009/03/12 16:06:15 | 00,033,280 | ---- | M] ()
Cat.DB -> %SystemRoot%\System32\drivers\NIS\1005000.086\Cat.DB -> [2009/03/12 08:48:00 | 00,638,786 | ---- | M] ()
Perflib_Perfdata_4a0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_4a0.dat -> [2009/03/12 08:46:07 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_128.dat -> %SystemRoot%\Temp\Perflib_Perfdata_128.dat -> [2009/03/11 18:52:32 | 00,016,384 | ---- | M] ()
BitTorrent-6.1.2.exe -> %UserProfile%\Desktop\BitTorrent-6.1.2.exe -> [2009/03/11 15:54:39 | 01,754,496 | ---- | M] ()
swt-awt-win32-3346.dll -> %UserProfile%\Local Settings\Temp\swt-awt-win32-3346.dll -> [2009/03/11 15:46:57 | 00,032,768 | ---- | M] (Eclipse Foundation)
swt-win32-3346.dll -> %UserProfile%\Local Settings\Temp\swt-win32-3346.dll -> [2009/03/11 15:46:56 | 00,307,200 | ---- | M] (Eclipse Foundation)
1-Click Cleaning by Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\1-Click Cleaning by Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,001,810 | ---- | M] ()
Your Uninstaller! 2008.lnk -> %UserProfile%\Desktop\Your Uninstaller! 2008.lnk -> [2009/03/11 09:45:07 | 00,000,798 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/03/11 09:28:32 | 00,178,648 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/03/11 00:02:15 | 00,116,736 | ---- | M] ()
Perflib_Perfdata_258.dat -> %SystemRoot%\Temp\Perflib_Perfdata_258.dat -> [2009/03/10 18:56:14 | 00,016,384 | ---- | M] ()
portadas.doc -> %UserProfile%\Desktop\portadas.doc -> [2009/03/10 09:35:21 | 00,025,088 | ---- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/03/09 18:45:38 | 00,661,370 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/03/09 09:42:02 | 00,000,284 | ---- | M] ()
malware.rtf -> %UserProfile%\Desktop\malware.rtf -> [2009/03/07 20:27:51 | 00,000,828 | ---- | M] ()
Uniblue SpyEraser Nag.job -> %SystemRoot%\tasks\Uniblue SpyEraser Nag.job -> [2009/03/07 18:54:00 | 00,000,262 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/03/07 16:11:06 | 00,000,933 | ---- | M] ()
spybotsd162.exe -> %UserProfile%\Desktop\spybotsd162.exe -> [2009/03/07 15:58:21 | 16,409,960 | ---- | M] (Safer Networking Limited )
Canvas 11.lnk -> %AllUsersProfile%\Desktop\Canvas 11.lnk -> [2009/03/07 11:58:25 | 00,002,355 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/03/05 22:03:16 | 02,111,386 | -H-- | M] ()
Buy DivX for Windows.lnk -> %AllUsersProfile%\Desktop\Buy DivX for Windows.lnk -> [2009/03/05 15:46:44 | 00,001,374 | ---- | M] ()
DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [2009/03/04 19:40:32 | 00,000,795 | ---- | M] ()
DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [2009/03/04 19:39:50 | 00,000,806 | ---- | M] ()
DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [2009/03/04 19:38:41 | 00,001,476 | ---- | M] ()
Norton Internet Security.lnk -> %AllUsersProfile%\Desktop\Norton Internet Security.lnk -> [2009/03/04 15:30:48 | 00,001,984 | ---- | M] ()
irpecufxanhh.dll -> %SystemRoot%\System32\irpecufxanhh.dll -> [2009/03/04 09:16:58 | 00,607,744 | ---- | M] ()
Procedimiento_y_resultados_propuesta[1].doc -> %UserProfile%\Desktop\Procedimiento_y_resultados_propuesta[1].doc -> [2009/03/03 21:53:31 | 00,082,944 | ---- | M] ()
SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> [2009/03/03 14:56:16 | 00,124,464 | ---- | M] (Symantec Corporation)
S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> [2009/03/03 14:56:16 | 00,060,808 | ---- | M] (Symantec Corporation)
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [2009/03/03 14:56:16 | 00,007,386 | ---- | M] ()
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [2009/03/03 14:56:16 | 00,000,805 | ---- | M] ()
cchpx86.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\cchpx86.sys -> [2009/03/03 14:55:16 | 00,482,352 | ---- | M] (Symantec Corporation)
isolate.ini -> %SystemRoot%\System32\drivers\NIS\1005000.086\isolate.ini -> [2009/03/03 14:55:09 | 00,000,172 | ---- | M] ()
nsk9E.dll -> %SystemRoot%\System32\nsk9E.dll -> [2009/02/27 09:25:58 | 00,644,608 | ---- | M] ()
SymEFA.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymEFA.sys -> [2009/02/27 07:20:26 | 00,310,320 | ---- | M] (Symantec Corporation)
srtsp.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtsp.sys -> [2009/02/27 07:20:26 | 00,307,760 | ---- | M] (Symantec Corporation)
BHDrvx86.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\BHDrvx86.sys -> [2009/02/27 07:20:26 | 00,258,608 | ---- | M] (Symantec Corporation)
symtdi.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symtdi.sys -> [2009/02/27 07:20:26 | 00,217,392 | ---- | M] (Symantec Corporation)
symfw.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symfw.sys -> [2009/02/27 07:20:26 | 00,089,776 | ---- | M] (Symantec Corporation)
srtspx.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtspx.sys -> [2009/02/27 07:20:26 | 00,043,696 | ---- | M] (Symantec Corporation)
symndisv.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symndisv.sys -> [2009/02/27 07:20:26 | 00,039,984 | ---- | M] (Symantec Corporation)
symndis.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symndis.sys -> [2009/02/27 07:20:26 | 00,037,296 | ---- | M] (Symantec Corporation)
symids.sys -> %SystemRoot%\System32\drivers\NIS\1005000.086\symids.sys -> [2009/02/27 07:20:26 | 00,034,736 | ---- | M] (Symantec Corporation)
SymEFA.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymEFA.inf -> [2009/02/27 07:20:23 | 00,003,373 | ---- | M] ()
ccHPx86.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\ccHPx86.inf -> [2009/02/27 07:20:23 | 00,001,753 | ---- | M] ()
SymNet.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymNet.inf -> [2009/02/27 07:20:23 | 00,001,528 | ---- | M] ()
srtspx.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtspx.inf -> [2009/02/27 07:20:23 | 00,001,389 | ---- | M] ()
srtsp.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtsp.inf -> [2009/02/27 07:20:23 | 00,001,383 | ---- | M] ()
BHDrvx86.inf -> %SystemRoot%\System32\drivers\NIS\1005000.086\BHDrvx86.inf -> [2009/02/27 07:20:23 | 00,000,640 | ---- | M] ()
SymNet.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymNet.cat -> [2009/02/27 07:20:19 | 00,009,423 | ---- | M] ()
SymEFA.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\SymEFA.cat -> [2009/02/27 07:20:19 | 00,007,410 | ---- | M] ()
srtspx.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtspx.cat -> [2009/02/27 07:20:19 | 00,007,372 | ---- | M] ()
BHDrvx86.CAT -> %SystemRoot%\System32\drivers\NIS\1005000.086\BHDrvx86.CAT -> [2009/02/27 07:20:19 | 00,007,364 | ---- | M] ()
srtsp.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\srtsp.cat -> [2009/02/27 07:20:19 | 00,007,355 | ---- | M] ()
ccHPx86.cat -> %SystemRoot%\System32\drivers\NIS\1005000.086\ccHPx86.cat -> [2009/02/27 07:20:19 | 00,007,347 | ---- | M] ()
SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> [2009/02/27 07:20:18 | 00,036,400 | R--- | M] (Symantec Corporation)
geophysics.xls -> %UserProfile%\Desktop\geophysics.xls -> [2009/02/24 09:06:41 | 00,020,480 | ---- | M] ()
Google Earth.lnk -> %AllUsersProfile%\Desktop\Google Earth.lnk -> [2009/02/22 21:17:22 | 00,001,836 | ---- | M] ()
Google Updater.exe -> %UserProfile%\Desktop\Google Updater.exe -> [2009/02/22 21:08:14 | 01,046,648 | ---- | M] ()
La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> %UserProfile%\Desktop\La-Muza-ft-A-Jimenez-Mi-Bandera.mp3 -> [2009/02/16 20:54:52 | 00,536,286 | ---- | M] ()
AceYourInterview_WEB.pdf -> %UserProfile%\My Documents\AceYourInterview_WEB.pdf -> [2009/02/14 11:30:14 | 04,189,460 | ---- | M] ()
iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2009/02/12 13:48:18 | 00,002,137 | ---- | M] ()
A~NSISu_.exe -> %UserProfile%\Local Settings\Temp\A~NSISu_.exe -> [2008/09/27 16:14:11 | 00,124,421 | ---- | M] (Lime Wire LLC)
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2006/03/26 22:29:17 | 00,001,372 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/03/25 11:51:46 | 00,016,384 | ---- | M] ()
wklntsk.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk.dat -> [2006/03/25 11:51:45 | 00,515,952 | ---- | M] ()
wklntnts.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntnts.dat -> [2006/03/25 11:51:45 | 00,515,952 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 153 bytes -> %AllUsersProfile%\Application Data\TEMP:B3D74A13
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,35,32,a0,6e,fa,df,9c,be,2a,8e,61,20,2a,e4,ed,58,ca,ae,bb,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,78,68,58,d6,b9,c7,97,15,70,b2,68,5f,bc,dc,d7,cc,5e,..
"khjeh"=hex:f2,1e,c6,64,4a,b2,0e,82,a2,7a,d9,4e,b1,6f,37,46,6e,75,40,60,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,44,3b,b2,fe,4c,fd,57,25,80,9b,a3,0e,de,31,28,a5,87,ae,b3,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,35,32,a0,6e,fa,df,9c,be,2a,8e,61,20,2a,e4,ed,58,ca,ae,bb,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,78,68,58,d6,b9,c7,97,15,70,b2,68,5f,bc,dc,d7,cc,5e,..
"khjeh"=hex:f2,1e,c6,64,4a,b2,0e,82,a2,7a,d9,4e,b1,6f,37,46,6e,75,40,60,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,44,3b,b2,fe,4c,fd,57,25,80,9b,a3,0e,de,31,28,a5,87,ae,b3,28,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:7b,35,32,a0,6e,fa,df,9c,be,2a,8e,61,20,2a,e4,ed,58,ca,ae,bb,e0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,78,68,58,d6,b9,c7,97,15,70,b2,68,5f,bc,dc,d7,cc,5e,..
"khjeh"=hex:f2,1e,c6,64,4a,b2,0e,82,a2,7a,d9,4e,b1,6f,37,46,6e,75,40,60,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:61,44,3b,b2,fe,4c,fd,57,25,80,9b,a3,0e,de,31,28,a5,87,ae,b3,28,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}]
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,6e,68,62,6f,65,67,00,..
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,6a,6a,66,6a,61,6d,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\493344AB.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\80067A16.TMP 0 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 153 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 106 bytes
C:\Documents and Settings\El guest\Local Settings\Application Data\Microsoft\Messenger\calumi4@hotmail.com\SharingMetadata\ly_sanchez@hotmail.com\DFSR\Staging\CS{B738349E-AA87-59CA-C702-FBAEC86CEE59}\01\10-{B738349E-AA87-59CA-C702-FBAEC86CEE59}-v1-{DF7FA59E-86BD-437E-96DD-B0BC63C051B6}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Omar\Favorites\dell charger.url:favicon 1406 bytes
C:\Documents and Settings\Omar\Favorites\u.talk.back.url:favicon 894 bytes
C:\Documents and Settings\Omar\Favorites\Weekly World News**The World’s Only Reliable News!.url:favicon 1342 bytes
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\megimpy@hotmail.com\SharingMetadata\defenza_zero@hotmail.com\DFSR\Staging\CS{A95A46DE-DA18-D0D6-65FB-7BBA3B811EA7}\01\10-{A95A46DE-DA18-D0D6-65FB-7BBA3B811EA7}-v1-{81B3884A-C41D-4DC2-9874-CB2626AE665B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\ririzarryo@hotmail.com\SharingMetadata\orlandorivera_27@hotmail.com\DFSR\Staging\CS{198E08AC-E959-C993-4FFE-533C09D8E622}\01\10-{198E08AC-E959-C993-4FFE-533C09D8E622}-v1-{9D168419-FF76-429D-8958-E067267CAA04}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\ririzarryo@hotmail.com\SharingMetadata\orlandorivera_27@hotmail.com\DFSR\Staging\CS{198E08AC-E959-C993-4FFE-533C09D8E622}\11\14-{9D168419-FF76-429D-8958-E067267CAA04}-v11-{9D168419-FF76-429D-8958-E067267CAA04}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 4710 bytes hidden from API
C:\Documents and Settings\Omar\Local Settings\Application Data\Microsoft\Messenger\ririzarryo@hotmail.com\SharingMetadata\orlandorivera_27@hotmail.com\DFSR\Staging\CS{198E08AC-E959-C993-4FFE-533C09D8E622}\11\14-{9D168419-FF76-429D-8958-E067267CAA04}-v11-{9D168419-FF76-429D-8958-E067267CAA04}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 544 bytes hidden from API
scan completed successfully
hidden files: 233

< End of report >
[/code]