View Full Version : can't get rid of dnschanger no matter what I do
oldskooldw
2008-11-26, 05:34
because of dnschanger I can't update windows using windows updater and I am at a loss as how to remove it.....
here is my HJT log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:30 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [birdfree] C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1\about peak.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 19483 bytes
please help
Hi
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
oldskooldw
2008-11-27, 22:34
I'll have to put each log in a separate reply, here is the first log...
Logfile of random's system information tool 1.04 (written by random/random)
Run by Habitat Productions at 2008-11-27 15:28:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 453 GB (48%) free of 949 GB
Total RAM: 2045 MB (16% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:48 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Habitat Productions\My Documents\Comics\New Folder\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Habitat Productions.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [birdfree] C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1\about peak.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 19569 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\82E372E29D5CE662.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\SpyHunter Scanner.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-18 308856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}]
MorpheusToolbar BHO - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL [2007-05-10 237568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-08-06 111912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-01 5759816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-25 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-25 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - Morpheus Toolbar - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL [2007-05-10 237568]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-01 5759816]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-03-02 18944]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2006-08-03 137216]
"DMXLauncher"=C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-10-14 122880]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-01-26 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-01-26 40960]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2006-06-20 286720]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [2006-06-27 299008]
"DLCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll []
"ante wait camp memo"=C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe []
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-07-18 185896]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"ShaPlus Bandwidth Meter"=C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter /s []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2008-10-28 681256]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-25 136600]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"=C:\Program Files\Microsoft Location Finder\LocationFinder.exe [2006-11-14 121640]
"birdfree"=C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1\about peak.exe []
"SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2007-02-16 1724416]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"bandmon"=C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe [2008-06-01 1529856]
"Aim6"= []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Documents and Settings\Habitat Productions\Start Menu\Programs\Accessories\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\utorrent.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\emulev0.47a-MorphXTv8.9-bin\emule\emule.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\emulev0.47a-MorphXTv8.9-bin\emule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite"
"C:\Program Files\K-Lite\kazaa.core"="C:\Program Files\K-Lite\kazaa.core:*:Enabled:Kazaa"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Documents and Settings\Habitat Productions\Local Settings\Temp\ElectronicArts_Patcher_000.exe"="C:\Documents and Settings\Habitat Productions\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Morpheus Ultra\Morpheus.exe"="C:\Program Files\Morpheus Ultra\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\BearFlix\bearflix.exe"="C:\Program Files\BearFlix\bearflix.exe:*:Enabled:BearFlix"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Documents and Settings\Habitat Productions\My Documents\Comics\wowclient-downloader.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Comics\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Habitat Productions\My Documents\Comics\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Comics\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Sega\Universe At War Earth Assault (DEMO)\UAWEA.exe"="C:\Program Files\Sega\Universe At War Earth Assault (DEMO)\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DCPlusPlus"
"C:\Program Files\MusicBrainz Picard\picard.exe"="C:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:picard"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\ONWIND\ZU-ONLINE\BT_Update.exe"="C:\Program Files\ONWIND\ZU-ONLINE\BT_Update.exe:*:Enabled:BT_Update"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"
"C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\Chocolate Ball 2007\New 2008\CabalTemp\ESTSetupLoader.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\Chocolate Ball 2007\New 2008\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled:PMSManager"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Dreamlords\dreamlords.exe"="C:\Program Files\Dreamlords\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe"="C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Enabled:PandoRest Application Name"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:CurseClient"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======File associations======
.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*
======List of files/folders created in the last 1 months======
2008-11-27 15:26:15 ----D---- C:\rsit
2008-11-26 14:38:11 ----D---- C:\WINDOWS\system32\zh_temp
2008-11-26 11:57:18 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\java.exe
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-25 22:13:23 ----D---- C:\Program Files\AskBarDis
2008-11-25 22:13:14 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\Foxit
2008-11-25 22:13:13 ----D---- C:\Program Files\Foxit Software
2008-11-25 21:56:09 ----D---- C:\Program Files\Trend Micro
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-25 18:21:27 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-11-25 18:19:43 ----D---- C:\Program Files\McAfee.com
2008-11-25 18:19:39 ----D---- C:\Program Files\Common Files\McAfee
2008-11-25 18:19:33 ----D---- C:\Program Files\McAfee
2008-11-25 17:38:27 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\Sunbelt
2008-11-25 17:38:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-11-25 17:38:11 ----D---- C:\Program Files\Sunbelt Software
2008-11-24 17:07:18 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-11-24 17:07:17 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-24 17:07:17 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-24 17:07:17 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-24 11:28:55 ----D---- C:\Program Files\SiteAdvisor
2008-11-24 11:28:54 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\SiteAdvisor
2008-11-23 13:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-11-23 12:59:46 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-11-23 12:59:42 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-23 12:09:09 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-11-11 18:29:25 ----D---- C:\Program Files\World of Warcraft
2008-11-08 12:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-08 12:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-08 12:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-08 12:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-08 12:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-08 12:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-08 12:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-08 12:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-08 12:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2008-11-08 12:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-08 12:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-08 12:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-08 12:38:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-08 12:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-08 12:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-08 10:13:44 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-28 16:28:12 ----A---- C:\WINDOWS\system32\sbbd.exe
======List of files/folders modified in the last 1 months======
2008-11-27 15:25:26 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 15:00:00 ----A---- C:\Documents and Settings\Habitat Productions\Application Data\alarms.ini
2008-11-27 14:43:42 ----A---- C:\Documents and Settings\Habitat Productions\Application Data\AtomicAlarmClock.ini
2008-11-27 12:29:07 ----D---- C:\WINDOWS\Temp
2008-11-27 12:02:01 ----D---- C:\Program Files\DC++
2008-11-27 10:53:35 ----D---- C:\WINDOWS\Prefetch
2008-11-27 10:40:00 ----D---- C:\WINDOWS
2008-11-27 10:39:50 ----D---- C:\Program Files\dl_cats
2008-11-26 19:16:21 ----D---- C:\WINDOWS\system32
2008-11-26 19:16:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 19:06:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 19:06:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 14:24:44 ----SHD---- C:\System Volume Information
2008-11-26 14:24:44 ----D---- C:\WINDOWS\system32\Restore
2008-11-26 12:24:59 ----RD---- C:\Program Files
2008-11-26 12:11:03 ----RSH---- C:\boot.ini
2008-11-26 12:11:03 ----A---- C:\WINDOWS\win.ini
2008-11-26 12:11:02 ----A---- C:\WINDOWS\system.ini
2008-11-25 22:21:27 ----SHD---- C:\WINDOWS\Installer
2008-11-25 22:21:26 ----HD---- C:\Config.Msi
2008-11-25 22:21:03 ----D---- C:\Program Files\Java
2008-11-25 22:12:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-25 22:12:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-25 19:28:16 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-25 19:23:12 ----A---- C:\rapport.txt
2008-11-25 19:21:09 ----D---- C:\Program Files\Google
2008-11-25 19:21:06 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-25 19:01:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-25 19:01:06 ----HD---- C:\WINDOWS\inf
2008-11-25 18:27:21 ----D---- C:\Program Files\Common Files
2008-11-25 18:22:36 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-25 18:21:04 ----D---- C:\WINDOWS\system32\drivers
2008-11-25 18:20:02 ----SD---- C:\WINDOWS\Tasks
2008-11-25 17:34:56 ----D---- C:\Program Files\LimeWire
2008-11-24 12:42:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 19:44:39 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\uTorrent
2008-11-23 17:32:06 ----D---- C:\Program Files\Trillian
2008-11-23 12:28:38 ----D---- C:\WINDOWS\system32\dllcache
2008-11-22 20:29:02 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\LimeWire
2008-11-22 20:25:43 ----D---- C:\Program Files\Folder Lock
2008-11-16 18:07:03 ----D---- C:\WINDOWS\Help
2008-11-11 21:05:03 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\GetRightToGo
2008-11-11 18:30:54 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-08 12:59:15 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-08 12:48:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-08 12:48:11 ----D---- C:\Program Files\Messenger
2008-11-08 12:48:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-08 12:42:34 ----RSD---- C:\WINDOWS\assembly
2008-11-08 12:41:41 ----RSD---- C:\WINDOWS\Fonts
2008-11-08 12:41:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-08 12:38:42 ----D---- C:\WINDOWS\WinSxS
2008-11-08 10:13:44 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2008-09-12 13360]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2008-09-12 69168]
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-02-23 11264]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-04 143872]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-11-08 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-11-08 439680]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-11-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-11-08 143360]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-11-08 77824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 1096192]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-11-08 114688]
R3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-12 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ai0gksy8;ai0gksy8; C:\WINDOWS\system32\drivers\ai0gksy8.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 CW100;CW100 Device; C:\WINDOWS\system32\DRIVERS\CW100.sys [2002-05-24 24092]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WideUSB;WideUSB Generic USB Bulk driver; C:\WINDOWS\System32\Drivers\WideUSB.sys [2005-11-18 18720]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-09-25 574808]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 dlcq_device;dlcq_device; C:\WINDOWS\system32\dlcqcoms.exe [2006-07-13 528384]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-25 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-12-11 358224]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 OpenCASE Media Agent;OpenCASE Media Agent; C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6172\SAService.exe [2008-11-24 341280]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0044291227655211mcinstcleanup;McAfee Application Installer Cleanup (0044291227655211); C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 DNADownloader;DNADownloader; C:\Program Files\GameSpot\DownloadManager_Win32.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
S2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-27 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
-----------------EOF-----------------
oldskooldw
2008-11-27, 22:36
Here is the other log...
info.txt logfile of random's system information tool 1.04 2008-11-27 15:27:36
======Uninstall list======
-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15E9BB4B-D88B-47DD-BB38-2DB5B8CD2CEB}\Setup.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbsoluteShield File Shredder-->"C:\WINDOWS\AbsoluteShield File Shredder\uninstall.exe" "/U:C:\Program Files\AbsoluteShield File Shredder\Uninstall\uninstall.xml"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Add/Remove Pro-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ADRMPRO2.INF, DefaultUninstall.ntx86
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Allok Video Joiner 3.5.0423-->"C:\Program Files\Allok Video Joiner\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atomic Alarm Clock 4.35-->"C:\Program Files\Atomic Alarm Clock\unins000.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Bandwidth Monitor-->"C:\Program Files\Rokario\Bandwidth Monitor\unins000.exe"
BIAS SoundSoap PE 2.1-->MsiExec.exe /I{42442CA9-90E6-4011-BB55-7C263F6D5EC1}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Business Complete Care Services Agreement-->MsiExec.exe /X{64658686-0CD4-4CF6-983D-0A6BE32007DB}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Click-N-Type-->MsiExec.exe /X{7BA0B036-5AA6-43FF-A7EF-B0BC16411A90}
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Company of Heroes Single Player Demo-->MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Curse Client-->C:\Program Files\Curse\uninstall.exe
CWPv3-->C:\Program Files\Activision\Bridge Commander\Uninstal.exe
DC++ 0.707-->"C:\Program Files\DC++\uninstall.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 966-->C:\Program Files\Dell Photo AIO Printer 966\Install\x86\Uninst.exe
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DISC TITLE PRINTER for CW-100-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C8CC21-6384-47E4-BEAB-2550066ED65B}\Setup.exe" -uninst anything
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD X Copy Platinum 5.0.0-->"C:\Program Files\DVDXCopyInternational\Platinum\uninstall.exe"
DVDFab Platinum 3.0.3.3 Beta Ghosthunter Release-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~2\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Element WoW Launcher v1.2-->MsiExec.exe /X{0D218D32-B021-49F0-A743-288F84963EA2}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0622-->"C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Folder Lock-->C:\Program Files\Folder Lock\Uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iPod Reset Utility-->MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Pro 9.01 - (9.0.1.1)-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Magelo Sync (uninstall only)-->"C:\Program Files\Magelo\Magelo Sync\UnInstall.exe"
MagicDisc 2.6.93-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MediaMonkey 2.5-->"C:\Program Files\MediaMonkey\unins000.exe"
Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
MemoriesOnTV 4.0.4-->"C:\Program Files\MemoriesOnTV4\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Morpheus Toolbar-->rundll32 C:\PROGRA~1\MORPHE~2\bar\1.bin\MorphBar.dll,O
MotionArtist 4-->C:\WINDOWS\unvise32.exe C:\Program Files\e frontier\MotionArtist 4\uninstal.log
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
musicshake-->MsiExec.exe /I{1329C4EB-88EC-4D76-82A2-945EAF281D81}
NBC Direct Beta-->MsiExec.exe /I{7A647B7A-9FE7-44A2-9041-C04528D44EB9}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenCASE Media Agent-->MsiExec.exe /I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PenScanner Twain Driver-->C:\PROGRA~1\PenTwain\UNWISE.EXE C:\PROGRA~1\PenTwain\INSTALL.LOG
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
QuickVerse 2007-->C:\PROGRA~1\QUICKV~1\QVUninst.exe
Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Eye Remover 2.0-->"C:\Program Files\Red Eye Remover\unins000.exe"
Red Eye Remover Pro 1.2-->"C:\Program Files\Red Eye Remover Pro\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio Disc Gallery-->MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio MediaShare-->MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sam and Max - Season Two - Sam and Max Episode 201 - Ice Station Santa-->C:\Program Files\Telltale Games\Sam and Max - Season Two\Uninstall Episode 201 - Ice Station Santa.exe
Sam and Max - Season Two - Sam and Max Episode 202 - Moai Better Blues-->C:\Program Files\Telltale Games\Sam and Max - Season Two\Uninstall Episode 202 - Moai Better Blues.exe
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~2\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Advanced Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
Sounds Best On Sound Blaster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15E9BB4B-D88B-47DD-BB38-2DB5B8CD2CEB}\Setup.EXE" -l0x9 /remove
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPOREsetup.exe" -runfromtemp -l0x0009 -removeonly
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TiVoToGo Playback Filter-->MsiExec.exe /I{2B7A795D-3250-4331-A33D-9F6DD6A3F659}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Ulead DVD MovieFactory 6-->C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Ulead MediaStudio Pro 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6E71574-2126-4E95-816E-32B2411C94BA}\setup.exe" -l0x9
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
ULTRA 2 Program Files-->MsiExec.exe /I{6CC9B4FB-161D-4330-97C3-9D48CA5FD106}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
UseNeXT-->"C:\Program Files\UseNeXT\unins001.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoCharge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{613EA65C-E570-4BE0-B26F-1EDF2536B3EA}\Setup.exe" -u
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VideoReDo TVSuite Version 3.1.5.565-->"C:\Program Files\VideoReDoTVSuite\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Web Photo Album 1.1-->"C:\Program Files\Web Photo Album\unins000.exe"
WinAVI Video Converter 9.0-->"C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Local Add-in for Microsoft Office Outlook-->MsiExec.exe /I{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Hosts File Missing
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Azureus Vuze
Morpheus Toolbar
UseNeXT
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete these folders afterwards:
C:\Program Files\Azureus
C:\Program Files\MorpheusBar
C:\Program Files\UseNeXT
C:\Program Files\LimeWire
C:\Program Files\iMesh Applications
C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\emulev0.47a-MorphXTv8.9-bin
C:\Program Files\Kazaa Lite Resurrection
C:\Program Files\K-Lite
C:\Program Files\eMule
C:\Program Files\Morpheus Ultra
C:\Program Files\Morpheus
C:\Program Files\BearShare Applications
C:\Program Files\Azureus
C:\Program Files\DC++
C:\Program Files\uTorrent
C:\Documents and Settings\Habitat Productions\Application Data\uTorrent
C:\Documents and Settings\Habitat Productions\Application Data\LimeWire
and files:
C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\utorrent.exe
Empty Recycle Bin.
Uninstall also following old Java versions:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
After that:
Download Lop S&D (http://eric.71.mespages.googlepages.com/LopSD.exe) by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
You will need to disable following programs:
(list here)
Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
oldskooldw
2008-11-28, 00:23
here it is...
and my Java is up to date...
and yes, I am a bit of a pirate but this virus/malware is reason enough to curb that...
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 1.1.3
USER : Habitat Productions ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:926 Go (Free:450 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:1917 Mo (Free:1 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
L:\ (USB)
M:\ (USB)
P:\ (USB) - FAT32 - Total:28507 Mo (Free:18 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Thu 11/27/2008|17:18 )
--------------------\\ Listing folders in APPLIC~1
[10/22/2006|04:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[10/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[11/25/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/06/2007|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 YPack Trial
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/21/2006|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/21/2006|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/08/2007|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/09/2006|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/07/2007|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[10/14/2008|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard
[01/26/2007|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[06/21/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[08/10/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[10/22/2006|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[01/26/2007|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DellFaxCtr
[12/27/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[10/01/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ExtendMedia
[08/11/2007|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[06/14/2008|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GoBit Games
[12/09/2006|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[05/16/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[10/22/2006|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[10/04/2008|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[10/06/2007|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/22/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/25/2008|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/09/2007|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[09/06/2007|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Media Center Programs
[01/26/2008|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/05/2007|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[11/25/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[05/12/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/01/2007|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[10/09/2007|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> part dead amok eggs
[10/12/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCSettings
[04/17/2008|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[12/12/2006|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle Studio
[06/25/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[01/29/2007|05:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QubeSoft
[02/17/2007|05:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[10/09/2007|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5
[08/05/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[05/31/2008|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/11/2004|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[01/20/2007|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[11/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[05/31/2008|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[05/29/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/12/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/25/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sunbelt
[07/29/2007|07:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[10/12/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/31/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[08/16/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/10/2006|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/09/2008|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[08/10/2007|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> wma five ante wait
[08/16/2008|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[08/09/2007|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YoGen
[10/22/2006|04:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/11/2004|05:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/25/2008|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[09/19/2007|02:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> .gaim
[08/08/2008|10:06] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> acccore
[01/05/2008|10:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Adobe
[12/13/2006|11:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> AdobeUM
[03/25/2008|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Apple Computer
[01/26/2008|03:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ArcSoft
[10/12/2008|09:18] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Azureus
[09/11/2008|06:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BearShare
[12/13/2007|02:01] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BNI Software
[08/29/2008|05:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BWMeterPro
[04/23/2007|10:37] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[02/27/2007|02:49] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars Demo
[08/23/2008|12:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel
[12/10/2006|01:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel Photo Album
[12/30/2006|05:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Creative
[01/27/2007|09:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DellFaxCtr
[06/21/2008|04:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Dreamlords
[07/16/2008|01:44] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DVD Flick
[11/01/2007|03:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> dvdcss
[05/28/2008|08:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> e frontier
[10/06/2007|09:20] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Exit Poke
[09/26/2007|07:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Folder Guard
[11/25/2008|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Foxit
[03/12/2008|08:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GarageGames
[11/11/2008|09:05] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GetRightToGo
[02/13/2007|12:40] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Help
[08/11/2004|05:20] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Identities
[02/13/2007|02:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ImgBurn
[12/10/2006|05:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> IMVU
[12/12/2006|06:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InstallShield
[06/01/2008|10:51] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InterVideo
[04/03/2007|06:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Kazaa Lite
[12/09/2006|05:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lavasoft
[12/12/2006|01:12] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Leadertech
[11/22/2008|08:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> LimeWire
[09/24/2007|07:04] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lionhead Studios
[05/28/2008|08:03] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lost Marble
[12/22/2006|02:47] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> LucasArts
[01/29/2007|06:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Macromedia
[08/22/2008|11:32] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Malwarebytes
[02/19/2007|12:17] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Media Player Classic
[10/14/2008|10:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Microsoft
[10/04/2008|07:48] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Move Networks
[06/17/2008|05:18] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Mozilla
[01/13/2007|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NCH Swift Sound
[05/01/2007|04:14] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Netscape
[08/20/2007|01:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NewsLeecher
[05/01/2007|04:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Photodex
[04/20/2008|09:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> proDAD
[11/04/2007|08:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Publish Providers
[09/03/2007|03:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> QuickVerse11
[08/24/2007|11:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Real
[12/14/2006|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|07:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G5
[08/30/2008|10:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Rokario
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Roxio
[08/07/2007|05:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ScanSoft
[04/16/2007|04:00] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SecuROM
[11/24/2008|06:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SiteAdvisor
[07/01/2008|03:30] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Skype
[07/01/2008|03:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> skypePM
[04/19/2008|02:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Snapfish
[02/13/2007|06:26] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sonic
[11/04/2007|08:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sony
[09/12/2008|02:33] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SPORE
[12/20/2006|11:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sun
[11/25/2008|05:38] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sunbelt
[02/23/2008|03:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SystemRequirementsLab
[12/09/2006|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Talkback
[02/23/2008|02:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Turbine
[07/29/2008|05:15] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> U3
[08/14/2007|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ulead Systems
[12/29/2007|04:26] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> UseNeXT
[11/23/2008|07:44] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> uTorrent
[01/27/2008|03:57] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ventrilo
[09/17/2008|12:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> VideoReDo-TVSuite
[09/18/2007|12:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Viewpoint
[12/10/2006|08:59] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> vlc
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Vso
[09/19/2008|11:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> yahoo!
[06/01/2008|05:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX
[07/30/2007|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/31/2008|09:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[11/25/2008|01:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore
[11/24/2008|11:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SiteAdvisor
[11/25/2008|05:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/24/2008 12:00 PM][--a------] C:\WINDOWS\tasks\SpyHunter Scanner.job
[11/27/2008 05:00 PM][--ah-----] C:\WINDOWS\tasks\82E372E29D5CE662.job
[11/25/2008 12:07 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/26/2008 07:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( 82E372E29D5CE662.job )=( c:\docume~1\habita~1\applic~1\exitpo~1\softrealspam.exe )
--------------------\\ Listing Folders in C:\Program Files
[03/21/2008|01:42] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[12/14/2007|03:41] C:\Program Files\<DIR> ABInvoice
[11/21/2007|10:25] C:\Program Files\<DIR> Absolute Video Converter
[12/01/2007|08:39] C:\Program Files\<DIR> Absolute Video Splitter Joiner
[10/13/2007|10:02] C:\Program Files\<DIR> AbsoluteShield File Shredder
[01/05/2008|11:43] C:\Program Files\<DIR> Acclaim
[09/01/2007|04:32] C:\Program Files\<DIR> Activision
[01/31/2007|09:03] C:\Program Files\<DIR> Add Remove Pro
[02/24/2008|05:19] C:\Program Files\<DIR> Adobe
[08/08/2008|10:04] C:\Program Files\<DIR> AIM Search
[08/16/2008|11:44] C:\Program Files\<DIR> AIM6
[08/14/2008|11:54] C:\Program Files\<DIR> Alex Feinman
[06/18/2008|06:58] C:\Program Files\<DIR> Allok Video Joiner
[06/04/2008|04:20] C:\Program Files\<DIR> Anim-FX
[08/08/2008|10:04] C:\Program Files\<DIR> AOL
[08/06/2008|10:32] C:\Program Files\<DIR> Apple Software Update
[09/22/2007|07:48] C:\Program Files\<DIR> Arial CD Ripper
[11/25/2008|10:13] C:\Program Files\<DIR> AskBarDis
[10/12/2008|12:10] C:\Program Files\<DIR> Atomic Alarm Clock
[05/21/2007|04:32] C:\Program Files\<DIR> AV Vcs 4.0 DIAMOND
[09/04/2007|04:14] C:\Program Files\<DIR> BAE
[10/04/2007|06:12] C:\Program Files\<DIR> BC-Mod Installer .NET
[04/22/2008|12:47] C:\Program Files\<DIR> BIAS
[10/04/2007|06:12] C:\Program Files\<DIR> BitComet
[06/15/2008|05:33] C:\Program Files\<DIR> BlackIsle
[09/10/2008|07:15] C:\Program Files\<DIR> Bonjour
[10/22/2006|04:26] C:\Program Files\<DIR> Broadcom
[03/04/2007|04:17] C:\Program Files\<DIR> CASIO
[08/17/2007|10:45] C:\Program Files\<DIR> CDisplay
[03/23/2008|04:26] C:\Program Files\<DIR> City of Heroes
[01/16/2008|10:01] C:\Program Files\<DIR> Click-N-Type
[02/03/2008|06:34] C:\Program Files\<DIR> Codebox
[09/13/2008|02:19] C:\Program Files\<DIR> Codec Pack - All In 1
[01/20/2008|03:50] C:\Program Files\<DIR> Codemasters
[07/29/2007|07:11] C:\Program Files\<DIR> Comcast
[11/25/2008|06:27] C:\Program Files\<DIR> Common Files
[08/11/2004|05:12] C:\Program Files\<DIR> ComPlus Applications
[12/05/2007|05:54] C:\Program Files\<DIR> Cool CD Ripper
[08/23/2008|12:52] C:\Program Files\<DIR> Corel
[10/22/2006|04:30] C:\Program Files\<DIR> Corel Corporation
[04/28/2007|05:52] C:\Program Files\<DIR> Creative
[10/03/2008|12:29] C:\Program Files\<DIR> Curse
[12/12/2006|01:17] C:\Program Files\<DIR> DAEMON Tools
[01/26/2007|05:06] C:\Program Files\<DIR> Dell
[01/26/2007|05:05] C:\Program Files\<DIR> Dell PC Fax
[01/26/2007|05:11] C:\Program Files\<DIR> Dell Photo AIO Printer 966
[11/16/2007|01:42] C:\Program Files\<DIR> DIFX
[09/13/2008|01:25] C:\Program Files\<DIR> DirectVobSub
[03/13/2008|02:42] C:\Program Files\<DIR> Disney
[09/13/2008|01:24] C:\Program Files\<DIR> DivX
[11/27/2008|10:39] C:\Program Files\<DIR> dl_cats
[06/15/2008|05:30] C:\Program Files\<DIR> DOSBox-0.72
[12/28/2006|05:56] C:\Program Files\<DIR> DVD Decrypter
[02/13/2007|01:31] C:\Program Files\<DIR> DVD Flick
[01/14/2007|07:27] C:\Program Files\<DIR> DVD Shrink
[03/13/2007|02:41] C:\Program Files\<DIR> DVDFab Platinum 3
[02/12/2007|08:58] C:\Program Files\<DIR> DVDlabPro2
[12/24/2006|02:50] C:\Program Files\<DIR> DVDXCopyInternational
[05/28/2008|08:35] C:\Program Files\<DIR> e frontier
[06/17/2008|05:55] C:\Program Files\<DIR> Electronic Arts
[10/12/2008|02:54] C:\Program Files\<DIR> Enigma Software Group
[10/04/2007|09:44] C:\Program Files\<DIR> Exit Poke
[08/28/2007|09:32] C:\Program Files\<DIR> File And MP3 Tag Renamer
[11/24/2008|05:07] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[07/18/2008|06:03] C:\Program Files\<DIR> FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[07/29/2007|03:56] C:\Program Files\<DIR> FocusSoft
[11/22/2008|08:25] C:\Program Files\<DIR> Folder Lock
[11/25/2008|10:13] C:\Program Files\<DIR> Foxit Software
[09/22/2007|04:06] C:\Program Files\<DIR> FreeRIP3
[02/18/2008|11:27] C:\Program Files\<DIR> Funcom
[09/06/2007|04:09] C:\Program Files\<DIR> Games
[09/24/2007|11:57] C:\Program Files\<DIR> GameSpot
[09/16/2007|05:18] C:\Program Files\<DIR> GameSpy Arcade
[07/19/2008|05:40] C:\Program Files\<DIR> GetFLV
[11/25/2008|07:21] C:\Program Files\<DIR> Google
[05/16/2008|03:07] C:\Program Files\<DIR> Hewlett-Packard
[06/23/2008|10:52] C:\Program Files\<DIR> HP
[05/27/2008|06:18] C:\Program Files\<DIR> ImTOO
[09/10/2008|09:02] C:\Program Files\<DIR> InstallShield Installation Information
[05/30/2008|09:23] C:\Program Files\<DIR> InterActual
[08/22/2008|09:48] C:\Program Files\<DIR> Internet Explorer
[05/31/2008|08:37] C:\Program Files\<DIR> InterVideo
[05/31/2008|08:39] C:\Program Files\<DIR> InterVideo Information Service
[10/07/2008|11:13] C:\Program Files\<DIR> iPod
[06/04/2007|06:23] C:\Program Files\<DIR> Irrational Games
[10/07/2008|11:13] C:\Program Files\<DIR> iTunes
[12/27/2006|11:23] C:\Program Files\<DIR> Jasc Software Inc
[11/25/2008|10:21] C:\Program Files\<DIR> Java
[08/23/2008|05:39] C:\Program Files\<DIR> JRTwine Software
[10/06/2007|09:15] C:\Program Files\<DIR> Lavasoft
[12/09/2006|08:31] C:\Program Files\<DIR> Lionhead Studios Ltd
[12/22/2006|02:43] C:\Program Files\<DIR> LucasArts
[02/03/2008|10:20] C:\Program Files\<DIR> LucasFan Games
[06/20/2008|04:59] C:\Program Files\<DIR> Magelo
[05/28/2008|04:31] C:\Program Files\<DIR> MagicDisc
[11/24/2008|12:42] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/25/2008|06:36] C:\Program Files\<DIR> McAfee
[11/25/2008|06:19] C:\Program Files\<DIR> McAfee.com
[02/17/2007|05:28] C:\Program Files\<DIR> Media Player Classic
[09/23/2007|06:30] C:\Program Files\<DIR> MediaMonkey
[05/25/2008|09:12] C:\Program Files\<DIR> Memorex exPressit Label Design Studio
[06/04/2008|03:06] C:\Program Files\<DIR> MemoriesOnTV4
[11/08/2008|12:48] C:\Program Files\<DIR> Messenger
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft ActiveSync
[08/11/2004|05:15] C:\Program Files\<DIR> microsoft frontpage
[10/06/2007|07:40] C:\Program Files\<DIR> Microsoft Games
[01/01/2007|04:54] C:\Program Files\<DIR> Microsoft Location Finder
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft Office
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[11/08/2008|12:59] C:\Program Files\<DIR> Microsoft Silverlight
[12/12/2006|05:50] C:\Program Files\<DIR> Microsoft SQL Server
[12/12/2006|06:05] C:\Program Files\<DIR> Microsoft.NET
[11/24/2008|05:07] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[10/12/2008|12:10] C:\Program Files\<DIR> MorpheusBar
[08/11/2004|05:12] C:\Program Files\<DIR> Movie Maker
[11/27/2008|03:25] C:\Program Files\<DIR> Mozilla Firefox
[08/09/2008|09:45] C:\Program Files\<DIR> MSN
[08/11/2004|05:11] C:\Program Files\<DIR> MSN Gaming Zone
[12/09/2006|05:14] C:\Program Files\<DIR> MSXML 4.0
[11/03/2007|08:38] C:\Program Files\<DIR> MSXML 6.0
[12/25/2006|08:00] C:\Program Files\<DIR> MUSICMATCH
[08/19/2007|08:50] C:\Program Files\<DIR> MyVideoConverter
[10/01/2008|12:15] C:\Program Files\<DIR> NBC Direct Beta
[12/05/2007|05:50] C:\Program Files\<DIR> NCH Software
[12/05/2007|06:00] C:\Program Files\<DIR> NCH Swift Sound
[10/13/2007|04:39] C:\Program Files\<DIR> NCSOFT
[08/11/2004|05:12] C:\Program Files\<DIR> NetMeeting
[08/11/2004|05:11] C:\Program Files\<DIR> Online Services
[01/05/2008|05:43] C:\Program Files\<DIR> ONWIND
[02/23/2008|08:36] C:\Program Files\<DIR> OpenAL
[10/01/2008|12:13] C:\Program Files\<DIR> OpenCase
[12/11/2007|11:40] C:\Program Files\<DIR> Orb Networks
[06/15/2007|09:42] C:\Program Files\<DIR> Outlook Express
[01/20/2007|04:05] C:\Program Files\<DIR> PenTwain
[03/13/2008|03:45] C:\Program Files\<DIR> Photodex
[05/01/2007|04:14] C:\Program Files\<DIR> Photodex Presenter
[04/20/2008|09:40] C:\Program Files\<DIR> Pinnacle
[04/20/2008|09:41] C:\Program Files\<DIR> proDAD
[09/10/2008|07:14] C:\Program Files\<DIR> QuickTime
[09/03/2007|03:11] C:\Program Files\<DIR> QuickVerse 2007
[07/30/2007|11:07] C:\Program Files\<DIR> Real
[02/17/2007|05:28] C:\Program Files\<DIR> Real Alternative
[05/04/2008|03:33] C:\Program Files\<DIR> Red Eye Remover
[08/23/2008|02:43] C:\Program Files\<DIR> Red Eye Remover Pro
[07/19/2008|03:58] C:\Program Files\<DIR> Replay Converter
[07/19/2008|04:04] C:\Program Files\<DIR> Replay Media Catcher
[10/09/2007|04:27] C:\Program Files\<DIR> River Past
[08/30/2008|10:08] C:\Program Files\<DIR> Rokario
[05/29/2008|06:29] C:\Program Files\<DIR> Roxio
[07/09/2008|10:34] C:\Program Files\<DIR> Safari
[01/20/2007|04:08] C:\Program Files\<DIR> ScanSoft
[11/24/2008|05:07] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[10/11/2007|11:01] C:\Program Files\<DIR> Serious Magic
[04/03/2007|06:20] C:\Program Files\<DIR> Shareaza
[08/05/2007|03:04] C:\Program Files\<DIR> Siber Systems
[11/01/2007|06:22] C:\Program Files\<DIR> SilentMusicBand
[11/24/2008|11:29] C:\Program Files\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\Program Files\<DIR> Skype
[12/12/2006|05:47] C:\Program Files\<DIR> SmartSound Software
[02/13/2007|06:25] C:\Program Files\<DIR> Sonic
[09/30/2008|06:34] C:\Program Files\<DIR> Sony
[10/11/2008|01:23] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/12/2008|12:20] C:\Program Files\<DIR> SpyNoMore
[06/04/2007|03:11] C:\Program Files\<DIR> Summitsoft
[07/09/2008|09:54] C:\Program Files\<DIR> Sun
[11/25/2008|05:38] C:\Program Files\<DIR> Sunbelt Software
[02/13/2007|12:15] C:\Program Files\<DIR> Super DVD Creator 9.25.0
[02/24/2008|05:31] C:\Program Files\<DIR> Sword of The New World
[02/23/2008|03:45] C:\Program Files\<DIR> SystemRequirementsLab
[11/24/2008|05:07] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[12/16/2007|04:29] C:\Program Files\<DIR> Telltale Games
[11/18/2007|12:38] C:\Program Files\<DIR> THQ
[09/13/2008|03:20] C:\Program Files\<DIR> Tivo Decoder
[09/13/2008|03:22] C:\Program Files\<DIR> TiVoToGo Filter
[11/19/2007|02:48] C:\Program Files\<DIR> Total Video Converter
[11/25/2008|09:56] C:\Program Files\<DIR> Trend Micro
[11/23/2008|05:32] C:\Program Files\<DIR> Trillian
[02/23/2008|02:24] C:\Program Files\<DIR> Turbine
[06/04/2008|03:56] C:\Program Files\<DIR> Ulead Systems
[11/22/2007|10:45] C:\Program Files\<DIR> Ultimate Nullifier
[08/11/2004|05:20] C:\Program Files\<DIR> Uninstall Information
[01/27/2008|03:51] C:\Program Files\<DIR> Ventrilo
[01/05/2008|03:59] C:\Program Files\<DIR> VestGame
[06/18/2008|08:09] C:\Program Files\<DIR> VideoCharge Software
[12/10/2006|08:48] C:\Program Files\<DIR> VideoLAN
[09/13/2008|04:51] C:\Program Files\<DIR> VideoReDoTVSuite
[08/08/2008|10:04] C:\Program Files\<DIR> Viewpoint
[02/10/2007|03:52] C:\Program Files\<DIR> Virtools
[03/15/2008|08:37] C:\Program Files\<DIR> Warcraft III
[08/23/2008|02:43] C:\Program Files\<DIR> Web Photo Album
[04/23/2008|07:54] C:\Program Files\<DIR> Winamp
[12/13/2007|11:54] C:\Program Files\<DIR> WinAVI Video Converter 9.0
[08/09/2008|09:36] C:\Program Files\<DIR> Windows Live
[01/01/2007|04:51] C:\Program Files\<DIR> Windows Live Local for Outlook
[12/16/2006|08:26] C:\Program Files\<DIR> Windows Media Components
[12/10/2006|07:22] C:\Program Files\<DIR> Windows Media Connect 2
[03/05/2008|04:22] C:\Program Files\<DIR> Windows Media Player
[08/11/2004|05:11] C:\Program Files\<DIR> Windows NT
[08/11/2004|05:13] C:\Program Files\<DIR> WindowsUpdate
[12/10/2006|12:40] C:\Program Files\<DIR> WinRAR
[11/13/2008|04:42] C:\Program Files\<DIR> World of Warcraft
[08/11/2004|05:15] C:\Program Files\<DIR> xerox
[08/17/2008|12:58] C:\Program Files\<DIR> Yahoo!
[12/16/2007|01:57] C:\Program Files\<DIR> Zlurp!
[09/13/2008|04:21] C:\Program Files\<DIR> Zoom Player
[09/22/2007|07:06] C:\Program Files\<DIR> Zortam Mp3 Media Studio
--------------------\\ Listing Folders in C:\Program Files\Common Files
[11/25/2008|10:12] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2008|11:43] C:\Program Files\Common Files\<DIR> AOL
[09/10/2008|07:14] C:\Program Files\Common Files\<DIR> Apple
[11/11/2008|06:30] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[08/23/2008|12:53] C:\Program Files\Common Files\<DIR> Corel
[12/12/2006|06:06] C:\Program Files\Common Files\<DIR> DESIGNER
[10/11/2008|03:04] C:\Program Files\Common Files\<DIR> Download Manager
[10/04/2007|06:12] C:\Program Files\Common Files\<DIR> GTK
[05/16/2008|03:06] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[05/16/2008|03:08] C:\Program Files\Common Files\<DIR> HP
[03/23/2008|12:12] C:\Program Files\Common Files\<DIR> INCA Shared
[01/20/2007|03:42] C:\Program Files\Common Files\<DIR> InstallShield
[10/22/2006|04:36] C:\Program Files\Common Files\<DIR> InstallShieldx
[05/31/2008|08:38] C:\Program Files\Common Files\<DIR> InterVideo
[08/10/2008|06:13] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[10/22/2006|04:21] C:\Program Files\Common Files\<DIR> Java
[05/31/2008|07:51] C:\Program Files\Common Files\<DIR> LightScribe
[08/27/2007|04:26] C:\Program Files\Common Files\<DIR> Macrovision Shared
[02/13/2007|12:38] C:\Program Files\Common Files\<DIR> MAGIX Shared
[11/25/2008|06:20] C:\Program Files\Common Files\<DIR> McAfee
[11/08/2008|12:41] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> MSSoap
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> Real
[09/22/2007|07:56] C:\Program Files\Common Files\<DIR> River Past
[05/29/2008|06:27] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/20/2007|04:08] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> Services
[04/02/2008|02:43] C:\Program Files\Common Files\<DIR> Skype
[05/29/2008|06:29] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/14/2007|10:07] C:\Program Files\Common Files\<DIR> SONY Digital Images
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[07/29/2007|07:11] C:\Program Files\Common Files\<DIR> supportsoft
[05/25/2008|09:10] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/15/2007|09:42] C:\Program Files\Common Files\<DIR> System
[10/14/2008|09:59] C:\Program Files\Common Files\<DIR> TiVo Shared
[02/09/2007|05:04] C:\Program Files\Common Files\<DIR> Totem Shared
[05/31/2008|08:39] C:\Program Files\Common Files\<DIR> Ulead
[04/09/2008|07:40] C:\Program Files\Common Files\<DIR> Ulead Systems
[08/09/2008|09:34] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[09/13/2008|11:22] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> xing shared
--------------------\\ Process
( 77 Processes )
... OK !
--------------------\\ Searching with S_Lop
C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\HABITA~1\APPLIC~1\exitpo~1
C:\Program Files\exitpo~1
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsc320.tmp
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsl1512.tmp
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsl1BE.tmp
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsu3776.tmp
C:\WINDOWS\Tasks\82E372E29D5CE662.job
--------------------\\ Searching within the Registry
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gplwarnford]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\HABITA~1\\APPLIC~1\\EXITPO~1\\about peak.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"birdfree"="C:\\DOCUME~1\\HABITA~1\\APPLIC~1\\EXITPO~1\\about peak.exe"
"birdfree"="C:\\DOCUME~1\\HABITA~1\\APPLIC~1\\EXITPO~1\\about peak.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 17:19:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Searching for other infections
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
==> WAREOUT <==
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 2 for crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\AutoRunPro1\Crack
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip\AltoMP3 Gold.exe
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip\war3.exe
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip\worldedit.exe
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 2 for crack.zip\SamMax201.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Corel Paint Shop Pro Photo X2\Crack
C:\DOCUME~1\HABITA~1\My Documents\Comics\Corel Paint Shop Pro Photo X2\Crack\Corel Paint Shop Pro Photo.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\ImTOO CD Ripper v1.0.33.922 keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen\ADBEPHSPCS3.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen\ssg.nfo
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1\MemoriesOnTV Clipshow Package Vol.1\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1.1\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Memories_On_TV_Pro_v4.0.3\keygen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Memories_On_TV_Pro_v4.0.3\keygen\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Memories_On_TV_Pro_v4.0.3\keygen\Leer.txt
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack\Readme.txt
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack
[F:868][D:1284]-> C:\DOCUME~1\HABITA~1\LOCALS~1\Temp
[F:128][D:0]-> C:\DOCUME~1\HABITA~1\Cookies
[F:1587][D:8]-> C:\DOCUME~1\HABITA~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Thu 11/27/2008|17:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 11/27/2008|17:19 - Option : [1]
--------------------\\ Scan completed at 17:19:34
Hi
and yes, I am a bit of a pirate but this virus/malware is reason enough to curb that...
I really hope you stop pirating cos if you don't it won't take long to get infected again and that time you may not be helped.
Delete following folders:
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
C:\DOCUME~1\HABITA~1\APPLIC~1\Azureus
C:\DOCUME~1\HABITA~1\APPLIC~1\BearShare
C:\DOCUME~1\HABITA~1\APPLIC~1\Kazaa Lite
C:\DOCUME~1\HABITA~1\APPLIC~1\LimeWire
C:\DOCUME~1\HABITA~1\APPLIC~1\UseNeXT
C:\DOCUME~1\HABITA~1\APPLIC~1\uTorrent
C:\Program Files\MorpheusBar
C:\Program Files\Shareaza
C:\DOCUME~1\HABITA~1\Local Settings\Temp\AutoRunPro1
C:\DOCUME~1\HABITA~1\My Documents\Comics\Corel Paint Shop Pro Photo X2
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1.1
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][http://www.DivxTotaL.com]\Memories_O..._v4.0.3
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][http://www.DivxTotaL.com]\Memories_O...gen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][http://www.DivxTotaL.com]\Memories_O...eygen
and files:
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 2 for crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip\AltoMP3 Gold.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\ImTOO CD Ripper v1.0.33.922 keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\keygen.exe
~ in folder name means that folder name is longer than 6 characters. For example DOCUME~1 is Documents And Settings.
Uninstall CiD Help thru add/remove programs.
Option 3: (Fix without Hosts file restore)
Double click LopSD.exe to start the program.
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 3 to choose Option 3 (Fix - Hosts), then press Enter
Don't close the window during suppression!
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
You seem to have Malwarebytes' Anti-Malware installed. Make sure it's up-to-date and then run full scan with it. Post back its report & a fresh hjt log. If you're using a router login to it and check DNS IP addresses there.
oldskooldw
2008-11-28, 19:15
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 1.1.3
USER : Habitat Productions ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:926 Go (Free:450 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:1917 Mo (Free:1 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
L:\ (USB)
M:\ (USB)
P:\ (USB) - FAT32 - Total:28507 Mo (Free:18 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( Fri 11/28/2008|11:59 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing folders in APPLIC~1
[10/22/2006|04:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[10/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[11/25/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/06/2007|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 YPack Trial
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/21/2006|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/21/2006|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/08/2007|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/09/2006|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/14/2008|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard
[01/26/2007|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[06/21/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[08/10/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[10/22/2006|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[01/26/2007|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DellFaxCtr
[12/27/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[10/01/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ExtendMedia
[08/11/2007|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[06/14/2008|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GoBit Games
[12/09/2006|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[05/16/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[10/22/2006|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[10/04/2008|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[10/06/2007|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/22/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/25/2008|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/09/2007|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[09/06/2007|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Media Center Programs
[01/26/2008|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/05/2007|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[11/25/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[05/12/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/01/2007|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[10/12/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCSettings
[04/17/2008|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[12/12/2006|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle Studio
[06/25/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[01/29/2007|05:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QubeSoft
[02/17/2007|05:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[10/09/2007|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5
[08/05/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[05/31/2008|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/11/2004|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[01/20/2007|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[11/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[05/31/2008|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[05/29/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/12/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/25/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sunbelt
[07/29/2007|07:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[10/12/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/31/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[12/10/2006|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/09/2008|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[08/10/2007|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> wma five ante wait
[08/16/2008|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[08/09/2007|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YoGen
[10/22/2006|04:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/11/2004|05:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/25/2008|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun
[09/19/2007|02:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> .gaim
[08/08/2008|10:06] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> acccore
[01/05/2008|10:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Adobe
[12/13/2006|11:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> AdobeUM
[03/25/2008|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Apple Computer
[01/26/2008|03:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ArcSoft
[12/13/2007|02:01] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BNI Software
[08/29/2008|05:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BWMeterPro
[04/23/2007|10:37] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[02/27/2007|02:49] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars Demo
[08/23/2008|12:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel
[12/10/2006|01:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel Photo Album
[12/30/2006|05:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Creative
[01/27/2007|09:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DellFaxCtr
[06/21/2008|04:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Dreamlords
[07/16/2008|01:44] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DVD Flick
[11/01/2007|03:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> dvdcss
[05/28/2008|08:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> e frontier
[09/26/2007|07:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Folder Guard
[11/25/2008|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Foxit
[03/12/2008|08:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GarageGames
[11/11/2008|09:05] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GetRightToGo
[02/13/2007|12:40] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Help
[08/11/2004|05:20] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Identities
[02/13/2007|02:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ImgBurn
[12/10/2006|05:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> IMVU
[12/12/2006|06:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InstallShield
[06/01/2008|10:51] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InterVideo
[12/09/2006|05:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lavasoft
[12/12/2006|01:12] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Leadertech
[09/24/2007|07:04] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lionhead Studios
[05/28/2008|08:03] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lost Marble
[12/22/2006|02:47] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> LucasArts
[01/29/2007|06:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Macromedia
[08/22/2008|11:32] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Malwarebytes
[02/19/2007|12:17] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Media Player Classic
[10/14/2008|10:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Microsoft
[10/04/2008|07:48] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Move Networks
[06/17/2008|05:18] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Mozilla
[01/13/2007|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NCH Swift Sound
[05/01/2007|04:14] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Netscape
[08/20/2007|01:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NewsLeecher
[05/01/2007|04:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Photodex
[04/20/2008|09:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> proDAD
[11/04/2007|08:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Publish Providers
[09/03/2007|03:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> QuickVerse11
[08/24/2007|11:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Real
[12/14/2006|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|07:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G5
[08/30/2008|10:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Rokario
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Roxio
[08/07/2007|05:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ScanSoft
[04/16/2007|04:00] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SecuROM
[11/24/2008|06:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SiteAdvisor
[07/01/2008|03:30] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Skype
[07/01/2008|03:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> skypePM
[04/19/2008|02:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Snapfish
[02/13/2007|06:26] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sonic
[11/04/2007|08:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sony
[09/12/2008|02:33] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SPORE
[12/20/2006|11:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sun
[11/25/2008|05:38] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sunbelt
[02/23/2008|03:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SystemRequirementsLab
[12/09/2006|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Talkback
[02/23/2008|02:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Turbine
[07/29/2008|05:15] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> U3
[08/14/2007|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ulead Systems
[01/27/2008|03:57] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ventrilo
[09/17/2008|12:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> VideoReDo-TVSuite
[12/10/2006|08:59] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> vlc
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Vso
[09/19/2008|11:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> yahoo!
[06/01/2008|05:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX
[07/30/2007|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/31/2008|09:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[11/25/2008|01:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore
[11/24/2008|11:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SiteAdvisor
[11/25/2008|05:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/24/2008 12:00 PM][--a------] C:\WINDOWS\tasks\SpyHunter Scanner.job
[11/25/2008 12:07 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/26/2008 07:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[03/21/2008|01:42] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[12/14/2007|03:41] C:\Program Files\<DIR> ABInvoice
[11/21/2007|10:25] C:\Program Files\<DIR> Absolute Video Converter
[12/01/2007|08:39] C:\Program Files\<DIR> Absolute Video Splitter Joiner
[10/13/2007|10:02] C:\Program Files\<DIR> AbsoluteShield File Shredder
[01/05/2008|11:43] C:\Program Files\<DIR> Acclaim
[09/01/2007|04:32] C:\Program Files\<DIR> Activision
[01/31/2007|09:03] C:\Program Files\<DIR> Add Remove Pro
[02/24/2008|05:19] C:\Program Files\<DIR> Adobe
[08/08/2008|10:04] C:\Program Files\<DIR> AIM Search
[08/16/2008|11:44] C:\Program Files\<DIR> AIM6
[08/14/2008|11:54] C:\Program Files\<DIR> Alex Feinman
[06/18/2008|06:58] C:\Program Files\<DIR> Allok Video Joiner
[06/04/2008|04:20] C:\Program Files\<DIR> Anim-FX
[08/08/2008|10:04] C:\Program Files\<DIR> AOL
[08/06/2008|10:32] C:\Program Files\<DIR> Apple Software Update
[09/22/2007|07:48] C:\Program Files\<DIR> Arial CD Ripper
[11/25/2008|10:13] C:\Program Files\<DIR> AskBarDis
[10/12/2008|12:10] C:\Program Files\<DIR> Atomic Alarm Clock
[05/21/2007|04:32] C:\Program Files\<DIR> AV Vcs 4.0 DIAMOND
[09/04/2007|04:14] C:\Program Files\<DIR> BAE
[10/04/2007|06:12] C:\Program Files\<DIR> BC-Mod Installer .NET
[04/22/2008|12:47] C:\Program Files\<DIR> BIAS
[10/04/2007|06:12] C:\Program Files\<DIR> BitComet
[06/15/2008|05:33] C:\Program Files\<DIR> BlackIsle
[09/10/2008|07:15] C:\Program Files\<DIR> Bonjour
[10/22/2006|04:26] C:\Program Files\<DIR> Broadcom
[03/04/2007|04:17] C:\Program Files\<DIR> CASIO
[08/17/2007|10:45] C:\Program Files\<DIR> CDisplay
[03/23/2008|04:26] C:\Program Files\<DIR> City of Heroes
[01/16/2008|10:01] C:\Program Files\<DIR> Click-N-Type
[02/03/2008|06:34] C:\Program Files\<DIR> Codebox
[09/13/2008|02:19] C:\Program Files\<DIR> Codec Pack - All In 1
[01/20/2008|03:50] C:\Program Files\<DIR> Codemasters
[07/29/2007|07:11] C:\Program Files\<DIR> Comcast
[11/25/2008|06:27] C:\Program Files\<DIR> Common Files
[08/11/2004|05:12] C:\Program Files\<DIR> ComPlus Applications
[12/05/2007|05:54] C:\Program Files\<DIR> Cool CD Ripper
[08/23/2008|12:52] C:\Program Files\<DIR> Corel
[10/22/2006|04:30] C:\Program Files\<DIR> Corel Corporation
[04/28/2007|05:52] C:\Program Files\<DIR> Creative
[10/03/2008|12:29] C:\Program Files\<DIR> Curse
[12/12/2006|01:17] C:\Program Files\<DIR> DAEMON Tools
[01/26/2007|05:06] C:\Program Files\<DIR> Dell
[01/26/2007|05:05] C:\Program Files\<DIR> Dell PC Fax
[01/26/2007|05:11] C:\Program Files\<DIR> Dell Photo AIO Printer 966
[11/16/2007|01:42] C:\Program Files\<DIR> DIFX
[09/13/2008|01:25] C:\Program Files\<DIR> DirectVobSub
[03/13/2008|02:42] C:\Program Files\<DIR> Disney
[09/13/2008|01:24] C:\Program Files\<DIR> DivX
[11/28/2008|11:02] C:\Program Files\<DIR> dl_cats
[06/15/2008|05:30] C:\Program Files\<DIR> DOSBox-0.72
[12/28/2006|05:56] C:\Program Files\<DIR> DVD Decrypter
[02/13/2007|01:31] C:\Program Files\<DIR> DVD Flick
[01/14/2007|07:27] C:\Program Files\<DIR> DVD Shrink
[03/13/2007|02:41] C:\Program Files\<DIR> DVDFab Platinum 3
[02/12/2007|08:58] C:\Program Files\<DIR> DVDlabPro2
[12/24/2006|02:50] C:\Program Files\<DIR> DVDXCopyInternational
[05/28/2008|08:35] C:\Program Files\<DIR> e frontier
[06/17/2008|05:55] C:\Program Files\<DIR> Electronic Arts
[10/12/2008|02:54] C:\Program Files\<DIR> Enigma Software Group
[08/28/2007|09:32] C:\Program Files\<DIR> File And MP3 Tag Renamer
[11/24/2008|05:07] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[07/18/2008|06:03] C:\Program Files\<DIR> FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[07/29/2007|03:56] C:\Program Files\<DIR> FocusSoft
[11/22/2008|08:25] C:\Program Files\<DIR> Folder Lock
[11/25/2008|10:13] C:\Program Files\<DIR> Foxit Software
[09/22/2007|04:06] C:\Program Files\<DIR> FreeRIP3
[02/18/2008|11:27] C:\Program Files\<DIR> Funcom
[09/06/2007|04:09] C:\Program Files\<DIR> Games
[09/24/2007|11:57] C:\Program Files\<DIR> GameSpot
[09/16/2007|05:18] C:\Program Files\<DIR> GameSpy Arcade
[07/19/2008|05:40] C:\Program Files\<DIR> GetFLV
[11/25/2008|07:21] C:\Program Files\<DIR> Google
[05/16/2008|03:07] C:\Program Files\<DIR> Hewlett-Packard
[06/23/2008|10:52] C:\Program Files\<DIR> HP
[05/27/2008|06:18] C:\Program Files\<DIR> ImTOO
[09/10/2008|09:02] C:\Program Files\<DIR> InstallShield Installation Information
[05/30/2008|09:23] C:\Program Files\<DIR> InterActual
[08/22/2008|09:48] C:\Program Files\<DIR> Internet Explorer
[05/31/2008|08:37] C:\Program Files\<DIR> InterVideo
[05/31/2008|08:39] C:\Program Files\<DIR> InterVideo Information Service
[10/07/2008|11:13] C:\Program Files\<DIR> iPod
[06/04/2007|06:23] C:\Program Files\<DIR> Irrational Games
[10/07/2008|11:13] C:\Program Files\<DIR> iTunes
[12/27/2006|11:23] C:\Program Files\<DIR> Jasc Software Inc
[11/25/2008|10:21] C:\Program Files\<DIR> Java
[08/23/2008|05:39] C:\Program Files\<DIR> JRTwine Software
[10/06/2007|09:15] C:\Program Files\<DIR> Lavasoft
[12/09/2006|08:31] C:\Program Files\<DIR> Lionhead Studios Ltd
[12/22/2006|02:43] C:\Program Files\<DIR> LucasArts
[02/03/2008|10:20] C:\Program Files\<DIR> LucasFan Games
[06/20/2008|04:59] C:\Program Files\<DIR> Magelo
[05/28/2008|04:31] C:\Program Files\<DIR> MagicDisc
[11/24/2008|12:42] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/25/2008|06:36] C:\Program Files\<DIR> McAfee
[11/25/2008|06:19] C:\Program Files\<DIR> McAfee.com
[02/17/2007|05:28] C:\Program Files\<DIR> Media Player Classic
[09/23/2007|06:30] C:\Program Files\<DIR> MediaMonkey
[05/25/2008|09:12] C:\Program Files\<DIR> Memorex exPressit Label Design Studio
[06/04/2008|03:06] C:\Program Files\<DIR> MemoriesOnTV4
[11/08/2008|12:48] C:\Program Files\<DIR> Messenger
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft ActiveSync
[08/11/2004|05:15] C:\Program Files\<DIR> microsoft frontpage
[10/06/2007|07:40] C:\Program Files\<DIR> Microsoft Games
[01/01/2007|04:54] C:\Program Files\<DIR> Microsoft Location Finder
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft Office
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[11/08/2008|12:59] C:\Program Files\<DIR> Microsoft Silverlight
[12/12/2006|05:50] C:\Program Files\<DIR> Microsoft SQL Server
[12/12/2006|06:05] C:\Program Files\<DIR> Microsoft.NET
[11/24/2008|05:07] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[08/11/2004|05:12] C:\Program Files\<DIR> Movie Maker
[11/28/2008|11:35] C:\Program Files\<DIR> Mozilla Firefox
[08/09/2008|09:45] C:\Program Files\<DIR> MSN
[08/11/2004|05:11] C:\Program Files\<DIR> MSN Gaming Zone
[12/09/2006|05:14] C:\Program Files\<DIR> MSXML 4.0
[11/03/2007|08:38] C:\Program Files\<DIR> MSXML 6.0
[12/25/2006|08:00] C:\Program Files\<DIR> MUSICMATCH
[08/19/2007|08:50] C:\Program Files\<DIR> MyVideoConverter
[10/01/2008|12:15] C:\Program Files\<DIR> NBC Direct Beta
[12/05/2007|05:50] C:\Program Files\<DIR> NCH Software
[12/05/2007|06:00] C:\Program Files\<DIR> NCH Swift Sound
[10/13/2007|04:39] C:\Program Files\<DIR> NCSOFT
[08/11/2004|05:12] C:\Program Files\<DIR> NetMeeting
[08/11/2004|05:11] C:\Program Files\<DIR> Online Services
[01/05/2008|05:43] C:\Program Files\<DIR> ONWIND
[02/23/2008|08:36] C:\Program Files\<DIR> OpenAL
[10/01/2008|12:13] C:\Program Files\<DIR> OpenCase
[12/11/2007|11:40] C:\Program Files\<DIR> Orb Networks
[06/15/2007|09:42] C:\Program Files\<DIR> Outlook Express
[01/20/2007|04:05] C:\Program Files\<DIR> PenTwain
[03/13/2008|03:45] C:\Program Files\<DIR> Photodex
[05/01/2007|04:14] C:\Program Files\<DIR> Photodex Presenter
[04/20/2008|09:40] C:\Program Files\<DIR> Pinnacle
[04/20/2008|09:41] C:\Program Files\<DIR> proDAD
[09/10/2008|07:14] C:\Program Files\<DIR> QuickTime
[09/03/2007|03:11] C:\Program Files\<DIR> QuickVerse 2007
[07/30/2007|11:07] C:\Program Files\<DIR> Real
[02/17/2007|05:28] C:\Program Files\<DIR> Real Alternative
[05/04/2008|03:33] C:\Program Files\<DIR> Red Eye Remover
[08/23/2008|02:43] C:\Program Files\<DIR> Red Eye Remover Pro
[07/19/2008|03:58] C:\Program Files\<DIR> Replay Converter
[07/19/2008|04:04] C:\Program Files\<DIR> Replay Media Catcher
[10/09/2007|04:27] C:\Program Files\<DIR> River Past
[08/30/2008|10:08] C:\Program Files\<DIR> Rokario
[05/29/2008|06:29] C:\Program Files\<DIR> Roxio
[07/09/2008|10:34] C:\Program Files\<DIR> Safari
[01/20/2007|04:08] C:\Program Files\<DIR> ScanSoft
[11/24/2008|05:07] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[10/11/2007|11:01] C:\Program Files\<DIR> Serious Magic
[08/05/2007|03:04] C:\Program Files\<DIR> Siber Systems
[11/01/2007|06:22] C:\Program Files\<DIR> SilentMusicBand
[11/24/2008|11:29] C:\Program Files\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\Program Files\<DIR> Skype
[12/12/2006|05:47] C:\Program Files\<DIR> SmartSound Software
[02/13/2007|06:25] C:\Program Files\<DIR> Sonic
[09/30/2008|06:34] C:\Program Files\<DIR> Sony
[10/11/2008|01:23] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/12/2008|12:20] C:\Program Files\<DIR> SpyNoMore
[06/04/2007|03:11] C:\Program Files\<DIR> Summitsoft
[07/09/2008|09:54] C:\Program Files\<DIR> Sun
[11/25/2008|05:38] C:\Program Files\<DIR> Sunbelt Software
[02/13/2007|12:15] C:\Program Files\<DIR> Super DVD Creator 9.25.0
[02/24/2008|05:31] C:\Program Files\<DIR> Sword of The New World
[02/23/2008|03:45] C:\Program Files\<DIR> SystemRequirementsLab
[11/24/2008|05:07] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[12/16/2007|04:29] C:\Program Files\<DIR> Telltale Games
[11/18/2007|12:38] C:\Program Files\<DIR> THQ
[09/13/2008|03:20] C:\Program Files\<DIR> Tivo Decoder
[09/13/2008|03:22] C:\Program Files\<DIR> TiVoToGo Filter
[11/19/2007|02:48] C:\Program Files\<DIR> Total Video Converter
[11/25/2008|09:56] C:\Program Files\<DIR> Trend Micro
[11/23/2008|05:32] C:\Program Files\<DIR> Trillian
[02/23/2008|02:24] C:\Program Files\<DIR> Turbine
[06/04/2008|03:56] C:\Program Files\<DIR> Ulead Systems
[11/22/2007|10:45] C:\Program Files\<DIR> Ultimate Nullifier
[08/11/2004|05:20] C:\Program Files\<DIR> Uninstall Information
[01/27/2008|03:51] C:\Program Files\<DIR> Ventrilo
[01/05/2008|03:59] C:\Program Files\<DIR> VestGame
[06/18/2008|08:09] C:\Program Files\<DIR> VideoCharge Software
[12/10/2006|08:48] C:\Program Files\<DIR> VideoLAN
[09/13/2008|04:51] C:\Program Files\<DIR> VideoReDoTVSuite
[11/28/2008|11:47] C:\Program Files\<DIR> Viewpoint
[02/10/2007|03:52] C:\Program Files\<DIR> Virtools
[03/15/2008|08:37] C:\Program Files\<DIR> Warcraft III
[08/23/2008|02:43] C:\Program Files\<DIR> Web Photo Album
[04/23/2008|07:54] C:\Program Files\<DIR> Winamp
[12/13/2007|11:54] C:\Program Files\<DIR> WinAVI Video Converter 9.0
[08/09/2008|09:36] C:\Program Files\<DIR> Windows Live
[01/01/2007|04:51] C:\Program Files\<DIR> Windows Live Local for Outlook
[12/16/2006|08:26] C:\Program Files\<DIR> Windows Media Components
[12/10/2006|07:22] C:\Program Files\<DIR> Windows Media Connect 2
[03/05/2008|04:22] C:\Program Files\<DIR> Windows Media Player
[08/11/2004|05:11] C:\Program Files\<DIR> Windows NT
[08/11/2004|05:13] C:\Program Files\<DIR> WindowsUpdate
[12/10/2006|12:40] C:\Program Files\<DIR> WinRAR
[11/13/2008|04:42] C:\Program Files\<DIR> World of Warcraft
[08/11/2004|05:15] C:\Program Files\<DIR> xerox
[08/17/2008|12:58] C:\Program Files\<DIR> Yahoo!
[12/16/2007|01:57] C:\Program Files\<DIR> Zlurp!
[09/13/2008|04:21] C:\Program Files\<DIR> Zoom Player
[09/22/2007|07:06] C:\Program Files\<DIR> Zortam Mp3 Media Studio
--------------------\\ Listing Folders in C:\Program Files\Common Files
[11/25/2008|10:12] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2008|11:43] C:\Program Files\Common Files\<DIR> AOL
[09/10/2008|07:14] C:\Program Files\Common Files\<DIR> Apple
[11/11/2008|06:30] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[08/23/2008|12:53] C:\Program Files\Common Files\<DIR> Corel
[12/12/2006|06:06] C:\Program Files\Common Files\<DIR> DESIGNER
[10/11/2008|03:04] C:\Program Files\Common Files\<DIR> Download Manager
[10/04/2007|06:12] C:\Program Files\Common Files\<DIR> GTK
[05/16/2008|03:06] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[05/16/2008|03:08] C:\Program Files\Common Files\<DIR> HP
[03/23/2008|12:12] C:\Program Files\Common Files\<DIR> INCA Shared
[01/20/2007|03:42] C:\Program Files\Common Files\<DIR> InstallShield
[10/22/2006|04:36] C:\Program Files\Common Files\<DIR> InstallShieldx
[05/31/2008|08:38] C:\Program Files\Common Files\<DIR> InterVideo
[08/10/2008|06:13] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[10/22/2006|04:21] C:\Program Files\Common Files\<DIR> Java
[05/31/2008|07:51] C:\Program Files\Common Files\<DIR> LightScribe
[08/27/2007|04:26] C:\Program Files\Common Files\<DIR> Macrovision Shared
[02/13/2007|12:38] C:\Program Files\Common Files\<DIR> MAGIX Shared
[11/25/2008|06:20] C:\Program Files\Common Files\<DIR> McAfee
[11/08/2008|12:41] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> MSSoap
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> Real
[09/22/2007|07:56] C:\Program Files\Common Files\<DIR> River Past
[05/29/2008|06:27] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/20/2007|04:08] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> Services
[04/02/2008|02:43] C:\Program Files\Common Files\<DIR> Skype
[05/29/2008|06:29] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/14/2007|10:07] C:\Program Files\Common Files\<DIR> SONY Digital Images
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[07/29/2007|07:11] C:\Program Files\Common Files\<DIR> supportsoft
[05/25/2008|09:10] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/15/2007|09:42] C:\Program Files\Common Files\<DIR> System
[10/14/2008|09:59] C:\Program Files\Common Files\<DIR> TiVo Shared
[02/09/2007|05:04] C:\Program Files\Common Files\<DIR> Totem Shared
[05/31/2008|08:39] C:\Program Files\Common Files\<DIR> Ulead
[04/09/2008|07:40] C:\Program Files\Common Files\<DIR> Ulead Systems
[08/09/2008|09:34] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[09/13/2008|11:22] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> xing shared
--------------------\\ Process
( 76 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 12:01:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan
--------------------\\ Searching for other infections
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
==> WAREOUT <==
[F:865][D:1274]-> C:\DOCUME~1\HABITA~1\LOCALS~1\Temp
[F:129][D:0]-> C:\DOCUME~1\HABITA~1\Cookies
[F:1601][D:8]-> C:\DOCUME~1\HABITA~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Thu 11/27/2008|17:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 11/27/2008|17:19 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - Fri 11/28/2008|11:49 - Option : [3]
4 - "C:\Lop SD\LopR_4.txt" - Fri 11/28/2008|12:01 - Option : [3]
--------------------\\ Scan completed at 12:01:32
oldskooldw
2008-11-28, 19:17
Malwarebytes' Anti-Malware 1.30
Database version: 1432
Windows 5.1.2600 Service Pack 2
11/28/2008 12:12:02 PM
mbam-log-2008-11-28 (12-11-51).txt
Scan type: Quick Scan
Objects scanned: 65144
Time elapsed: 8 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{939ce971-0651-4909-80cd-6425c39a8210}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
oldskooldw
2008-11-28, 19:19
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:01 PM, on 11/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 19191 bytes
oldskooldw
2008-11-28, 19:29
Primary DNS: 100.255.112.21
Secondary DNS: 100.255.112.150
IP Address: 69.250.63.169
IP Subnet Mask: 255.255.248.0
Gateway IP Address: 69.250.56.1
Hi
Did you quarantine MBAM findings? It reads 'no action taken' there.
Uninstall AskBar (may be a bit differently written) if you haven't installed it on purpose.
Start hjt, do a system scan, check (if found):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
Close browsers and fix checked.
Reboot.
We need to execute an OTMoveIt3 script
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop.
Double click theOTMoveIt3 icon on your desktop.
Paste the following code under the Paste Fix Here area. Do not include the word
Code
.
:Files
C:\Documents and Settings\All Users\Application Data\wma five ante wait
C:\Program Files\BitComet
Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log. How's the system running?
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
oldskooldw
2008-11-28, 21:18
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\wma five ante wait moved successfully.
C:\Program Files\BitComet\torrents moved successfully.
C:\Program Files\BitComet\rules moved successfully.
C:\Program Files\BitComet moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_140457
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:57 PM, on 11/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 18829 bytes
by the way, after I restarted after the HJT fix I put in my password to log into windows and my computer froze on the login screen. i waited 10 minutes and then turned my computer off and then on again and it logged in normally, and my windows update still doesn't work.
Also will other computers on my network be affected?
Hi again
Your other systems shouldn't be affected if there was nothing else than wareout and LOP in the system we're now cleaning.
my windows update still doesn't work
Do you get any error message or how doesn't it work? Please post exact error message if you get any.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report & a fresh hjt log.
oldskooldw
2008-11-28, 23:11
Kaspersky Online Scanner will not work, I get [ERROR: Failed to resolve source DNS name] and as far as Windows update goes, when I click on windows update on the start menu I get redirected to MSN.com and I'm guessing this means I am still infected...
here is the HJT log anyway...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:16 PM, on 11/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 18880 bytes
Hi
Please run MBAM again and make sure you do full scan and quarantine its findings. Reboot and post back MBAM report & a fresh hjt log. Still getting redirected?
oldskooldw
2008-11-29, 17:38
Once again, like with the HJT fix, after I restarted after the MWBAM quarantine and removal I put in my password to log into windows and my computer froze on the login screen. i waited 10 minutes and then turned my computer off and then on again and it logged in normally, any thoughts as to why?
Here is the MWBAM associated with the last scan...
Malwarebytes' Anti-Malware 1.30
Database version: 1432
Windows 5.1.2600 Service Pack 2
11/29/2008 10:12:30 AM
mbam-log-2008-11-29 (10-12-30).txt
Scan type: Full Scan (C:\|)
Objects scanned: 303116
Time elapsed: 2 hour(s), 15 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{939ce971-0651-4909-80cd-6425c39a8210}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
oldskooldw
2008-11-29, 17:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:09 AM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 18876 bytes
oldskooldw
2008-11-29, 17:43
I'm still infected after I restarted and I don't know how to just quarantine the findings without mwbam deleting them...
Malwarebytes' Anti-Malware 1.30
Database version: 1432
Windows 5.1.2600 Service Pack 2
11/29/2008 10:36:52 AM
mbam-log-2008-11-29 (10-36-48).txt
Scan type: Quick Scan
Objects scanned: 64834
Time elapsed: 7 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{939ce971-0651-4909-80cd-6425c39a8210}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi
MBAM quarantines the findings when you delete them.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
oldskooldw
2008-11-29, 18:18
I couldn't install the recovery console because the virus will not allow me to connect to the microsoft download servers...
ComboFix 08-11-28.03 - Habitat Productions 2008-11-29 11:04:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1393 [GMT -5:00]
Running from: c:\documents and settings\Habitat Productions\My Documents\Comics\New Folder\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.
2008-11-28 14:04 . 2008-11-28 14:04 <DIR> d-------- C:\_OTMoveIt
2008-11-27 17:05 . 2008-11-28 12:01 <DIR> d-------- C:\Lop SD
2008-11-27 15:26 . 2008-11-27 15:27 <DIR> d-------- C:\rsit
2008-11-26 14:38 . 2008-11-26 14:38 <DIR> d-------- c:\windows\system32\zh_temp
2008-11-26 11:57 . 2008-11-26 11:57 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-25 22:21 . 2008-11-25 22:21 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-25 22:13 . 2008-11-25 22:13 <DIR> d-------- c:\program files\Foxit Software
2008-11-25 22:13 . 2008-11-25 22:13 <DIR> d-------- c:\documents and settings\Habitat Productions\Application Data\Foxit
2008-11-25 21:56 . 2008-11-25 21:56 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:20 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-25 19:20 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-25 19:20 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-25 19:20 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-25 18:37 . 2008-11-29 10:24 9,531 --a------ c:\windows\system32\Config.MPF
2008-11-25 18:21 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-11-25 18:20 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-25 18:20 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-25 18:20 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-25 18:20 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-25 18:20 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-25 18:20 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-25 18:19 . 2008-11-25 18:19 <DIR> d-------- c:\program files\McAfee.com
2008-11-25 18:19 . 2008-11-25 18:36 <DIR> d-------- c:\program files\McAfee
2008-11-25 18:19 . 2008-11-25 18:20 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-25 17:39 . 2008-09-12 11:12 69,168 --a------ c:\windows\system32\drivers\sbapifs.sys
2008-11-25 17:39 . 2008-09-12 11:12 13,360 --a------ c:\windows\system32\drivers\sbaphd.sys
2008-11-25 17:38 . 2008-11-25 17:38 <DIR> d-------- c:\program files\Sunbelt Software
2008-11-25 17:38 . 2008-11-25 17:38 <DIR> d-------- c:\documents and settings\Habitat Productions\Application Data\Sunbelt
2008-11-25 17:38 . 2008-11-25 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2008-11-25 13:51 . 2008-11-25 13:51 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-24 11:28 . 2008-11-24 11:29 <DIR> d-------- c:\program files\SiteAdvisor
2008-11-24 11:28 . 2008-11-24 11:28 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SiteAdvisor
2008-11-24 11:28 . 2008-11-24 18:21 <DIR> d-------- c:\documents and settings\Habitat Productions\Application Data\SiteAdvisor
2008-11-23 13:01 . 2008-11-23 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-11-23 12:59 . 2008-11-23 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-23 12:59 . 2008-11-25 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-23 12:09 . 2008-11-24 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-11 18:29 . 2008-11-13 16:42 <DIR> d-------- c:\program files\World of Warcraft
2008-11-08 10:13 . 2008-11-25 19:01 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-08 10:10 . 2008-05-01 09:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-08 10:10 . 2008-08-14 04:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 15:25 --------- d-----w c:\program files\dl_cats
2008-11-28 21:55 --------- d-----w c:\program files\Java
2008-11-28 16:47 --------- d-----w c:\program files\Viewpoint
2008-11-28 16:25 --------- d-----w c:\program files\DC++
2008-11-26 03:12 --------- d-----w c:\program files\Common Files\Adobe
2008-11-26 00:21 8,554 ----a-w c:\windows\system32\tmp.reg
2008-11-26 00:21 --------- d-----w c:\program files\Google
2008-11-25 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-24 17:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 22:32 --------- d-----w c:\program files\Trillian
2008-11-23 01:25 --------- d-----w c:\program files\Folder Lock
2008-11-12 02:05 --------- d-----w c:\documents and settings\Habitat Productions\Application Data\GetRightToGo
2008-11-11 23:30 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-08 17:59 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 21:28 65,320 ----a-w c:\windows\system32\sbbd.exe
2008-10-23 09:09 92,464 ----a-w c:\windows\system32\drivers\SBREDrv.sys
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-14 14:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2008-10-12 21:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-12 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 19:54 --------- d-----w c:\program files\Enigma Software Group
2008-10-12 17:20 --------- d-----w c:\program files\SpyNoMore
2008-10-12 17:10 --------- d-----w c:\program files\Atomic Alarm Clock
2008-10-12 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-10-11 20:04 --------- d-----w c:\program files\Common Files\Download Manager
2008-10-11 18:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-07 16:13 --------- d-----w c:\program files\iTunes
2008-10-07 16:13 --------- d-----w c:\program files\iPod
2008-10-07 16:13 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 00:48 --------- d--h--w c:\documents and settings\Habitat Productions\Application Data\Move Networks
2008-10-04 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-10-03 17:29 --------- d-----w c:\program files\Curse
2008-10-01 19:51 87,552 ----a-w c:\windows\system32\VACFix.exe
2008-10-01 17:15 --------- d-----w c:\program files\NBC Direct Beta
2008-10-01 17:13 --------- d-----w c:\program files\OpenCase
2008-10-01 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\ExtendMedia
2008-09-30 23:34 --------- d-----w c:\program files\Sony
2008-09-19 23:36 3,012 ----a-w C:\drmHeader.bin
2008-09-17 13:16 549,159 --sha-r c:\program files\Norton2009Reset.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 19:18 737,280 ----a-w c:\windows\iun6002.exe
2008-09-09 03:38 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
2008-09-07 17:31 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-07 17:20 7,612 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-07-05 13:30 0 ----a-w c:\documents and settings\Habitat Productions\jagex_runescape_preferences.dat
2008-02-13 17:54 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-09 22:42 81,920 ----a-w c:\documents and settings\Habitat Productions\Application Data\ezpinst.exe
2006-12-09 22:42 47,360 ----a-w c:\documents and settings\Habitat Productions\Application Data\pcouffin.sys
2008-03-13 21:48 88 --sh--r c:\windows\system32\5EC32884D8.sys
2008-04-23 20:35 56 --sh--r c:\windows\system32\D88428C35E.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 121640]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-02-16 1724416]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"bandmon"="c:\program files\Rokario\Bandwidth Monitor\bandmon.exe" [2008-06-01 1529856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-08-03 137216]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-01-26 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-01-26 40960]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2006-06-20 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 966\memcard.exe" [2006-06-27 299008]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-06-07 106496]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-10-28 681256]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-01 160592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9817:TCP"= 9817:TCP:BitComet 9817 TCP
"9817:UDP"= 9817:UDP:BitComet 9817 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"57108:TCP"= 57108:TCP:Pando P2P TCP Listening Port
"57108:UDP"= 57108:UDP:Pando P2P UDP Listening Port
"49166:TCP"= 49166:TCP:Azureus
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56611:TCP"= 56611:TCP:PandoRest Listening Port
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-11-25 13360]
R2 OpenCASE Media Agent;OpenCASE Media Agent;"c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe" [2008-08-29 835208]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-11-25 69168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-08 24652]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-10-22 1096192]
S2 0044291227655211mcinstcleanup;McAfee Application Installer Cleanup (0044291227655211);c:\docume~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe []
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 166384]
S2 SBAMSvc;CounterSpy Antispyware;"c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe" [2008-10-28 886056]
S2 SessionLauncher;SessionLauncher;c:\docume~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 CW100;CW100 Device;c:\windows\system32\DRIVERS\CW100.sys [2007-03-04 24092]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 1083888]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys [2008-10-23 92464]
S3 WideUSB;WideUSB Generic USB Bulk driver;c:\windows\system32\Drivers\WideUSB.sys [2007-01-20 18720]
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-11-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-11-24 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Habitat Productions\Application Data\Mozilla\Firefox\Profiles\jw956gp4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - c:\documents and settings\Habitat Productions\Application Data\Mozilla\Firefox\Profiles\jw956gp4.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF -: plugin - c:\documents and settings\Habitat Productions\Application Data\Mozilla\Firefox\Profiles\jw956gp4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\documents and settings\Habitat Productions\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\windows\system32\C2MP\npdivx32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 11:08:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2008-11-29 11:09:42
ComboFix-quarantined-files.txt 2008-11-29 16:09:40
Pre-Run: 485,007,994,880 bytes free
Post-Run: 486,743,515,136 bytes free
330 --- E O F --- 2008-11-28 02:04:11
HJT log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:28 AM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 18759 bytes
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
DC++
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete these folders afterwards:
c:\program files\DC++
Empty Recycle Bin.
After that:
Please reset your router settings to factory defaults. Then change the password so that it's stronger than the default one.
Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\program files\Norton2009Reset.exe
Folder::
c:\program files\DC++
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9817:TCP"=-
"9817:UDP"=-
"57108:TCP"=-
"57108:UDP"=-
"49166:TCP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log. Also, see if you can access Kaspersky online scanner after router reset.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
oldskooldw
2008-11-29, 18:49
Will resetting my router to default settings affect the pre-existing connections to other computers on my network?
Yes if systems are set to receive IP and DNS addresses from DHCP.
oldskooldw
2008-11-30, 00:01
It seem as though the zlob.dnschanger is removed....
ComboFix 08-11-29.03 - Habitat Productions 2008-11-29 16:53:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271 [GMT -5:00]
Running from: c:\documents and settings\Habitat Productions\My Documents\Comics\New Folder\ComboFix.exe
Command switches used :: c:\documents and settings\Habitat Productions\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
c:\program files\Norton2009Reset.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Norton2009Reset.exe
.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-29 )))))))))))))))))))))))))))))))
.
2008-11-29 15:06 . 2008-09-04 11:42 1,106,944 --a------ c:\windows\system32\SET22C.tmp
2008-11-29 14:43 . 2008-11-29 14:43 <DIR> d-------- c:\windows\LastGood
2008-11-28 14:04 . 2008-11-28 14:04 <DIR> d-------- C:\_OTMoveIt
2008-11-27 17:05 . 2008-11-28 12:01 <DIR> d-------- C:\Lop SD
2008-11-27 15:26 . 2008-11-27 15:27 <DIR> d-------- C:\rsit
2008-11-26 14:38 . 2008-11-26 14:38 <DIR> d-------- c:\windows\system32\zh_temp
2008-11-26 11:57 . 2008-11-26 11:57 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-25 22:21 . 2008-11-25 22:21 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-25 22:13 . 2008-11-25 22:13 <DIR> d-------- c:\program files\Foxit Software
2008-11-25 22:13 . 2008-11-25 22:13 <DIR> d-------- c:\documents and settings\Habitat Productions\Application Data\Foxit
2008-11-25 21:56 . 2008-11-25 21:56 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 19:20 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-25 18:37 . 2008-11-29 13:27 9,945 --a------ c:\windows\system32\Config.MPF
2008-11-25 18:21 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-11-25 18:20 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-11-25 18:20 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-11-25 18:20 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-11-25 18:20 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-11-25 18:20 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-11-25 18:20 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-11-25 18:19 . 2008-11-25 18:19 <DIR> d-------- c:\program files\McAfee.com
2008-11-25 18:19 . 2008-11-29 14:43 <DIR> d-------- c:\program files\McAfee
2008-11-25 18:19 . 2008-11-25 18:20 <DIR> d-------- c:\program files\Common Files\McAfee
2008-11-25 17:39 . 2008-09-12 11:12 69,168 --a------ c:\windows\system32\drivers\sbapifs.sys
2008-11-25 17:39 . 2008-09-12 11:12 13,360 --a------ c:\windows\system32\drivers\sbaphd.sys
2008-11-25 17:38 . 2008-11-25 17:38 <DIR> d-------- c:\program files\Sunbelt Software
2008-11-25 17:38 . 2008-11-25 17:38 <DIR> d-------- c:\documents and settings\Habitat Productions\Application Data\Sunbelt
2008-11-25 17:38 . 2008-11-25 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2008-11-25 13:51 . 2008-11-25 13:51 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-24 17:07 . 2008-11-24 17:07 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-24 11:28 . 2008-11-24 11:29 <DIR> d-------- c:\program files\SiteAdvisor
2008-11-24 11:28 . 2008-11-24 11:28 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SiteAdvisor
2008-11-24 11:28 . 2008-11-24 18:21 <DIR> d-------- c:\documents and settings\Habitat Productions\Application Data\SiteAdvisor
2008-11-23 13:01 . 2008-11-23 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\PCSettings
2008-11-23 12:59 . 2008-11-23 13:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-23 12:59 . 2008-11-25 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-23 12:09 . 2008-11-24 11:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-11-11 18:29 . 2008-11-13 16:42 <DIR> d-------- c:\program files\World of Warcraft
2008-11-08 10:13 . 2008-11-29 14:07 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-08 10:10 . 2008-05-01 09:30 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-08 10:10 . 2008-08-14 04:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 16:43 --------- d-----w c:\program files\Trillian
2008-11-29 15:25 --------- d-----w c:\program files\dl_cats
2008-11-28 21:55 --------- d-----w c:\program files\Java
2008-11-28 16:47 --------- d-----w c:\program files\Viewpoint
2008-11-26 03:12 --------- d-----w c:\program files\Common Files\Adobe
2008-11-26 00:21 8,554 ----a-w c:\windows\system32\tmp.reg
2008-11-26 00:21 --------- d-----w c:\program files\Google
2008-11-25 23:22 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-24 17:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 01:25 --------- d-----w c:\program files\Folder Lock
2008-11-12 02:05 --------- d-----w c:\documents and settings\Habitat Productions\Application Data\GetRightToGo
2008-11-11 23:30 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-11-08 17:59 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 21:28 65,320 ----a-w c:\windows\system32\sbbd.exe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 09:09 92,464 ----a-w c:\windows\system32\drivers\SBREDrv.sys
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-14 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-14 14:59 --------- d-----w c:\program files\Common Files\TiVo Shared
2008-10-12 21:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-12 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-12 19:54 --------- d-----w c:\program files\Enigma Software Group
2008-10-12 17:20 --------- d-----w c:\program files\SpyNoMore
2008-10-12 17:10 --------- d-----w c:\program files\Atomic Alarm Clock
2008-10-12 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2008-10-11 20:04 --------- d-----w c:\program files\Common Files\Download Manager
2008-10-11 18:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-07 16:13 --------- d-----w c:\program files\iTunes
2008-10-07 16:13 --------- d-----w c:\program files\iPod
2008-10-07 16:13 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-05 00:48 --------- d--h--w c:\documents and settings\Habitat Productions\Application Data\Move Networks
2008-10-04 22:20 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-10-03 17:29 --------- d-----w c:\program files\Curse
2008-10-01 17:15 --------- d-----w c:\program files\NBC Direct Beta
2008-10-01 17:13 --------- d-----w c:\program files\OpenCase
2008-10-01 17:13 --------- d-----w c:\documents and settings\All Users\Application Data\ExtendMedia
2008-09-30 23:34 --------- d-----w c:\program files\Sony
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 23:36 3,012 ----a-w C:\drmHeader.bin
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-13 19:18 737,280 ----a-w c:\windows\iun6002.exe
2008-09-09 03:38 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
2008-09-07 17:31 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-07 17:20 7,612 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-06 04:30 241,704 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-06 04:29 917,032 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-30 01:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-07-05 13:30 0 ----a-w c:\documents and settings\Habitat Productions\jagex_runescape_preferences.dat
2008-02-13 17:54 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-09 22:42 81,920 ----a-w c:\documents and settings\Habitat Productions\Application Data\ezpinst.exe
2006-12-09 22:42 47,360 ----a-w c:\documents and settings\Habitat Productions\Application Data\pcouffin.sys
2008-03-13 21:48 88 --sh--r c:\windows\system32\5EC32884D8.sys
2008-04-23 20:35 56 --sh--r c:\windows\system32\D88428C35E.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-29_11.09.23.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2007-03-23 00:07:56 91,488 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-23 00:07:54 80,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 18:53:52 137,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 18:41:06 10,352,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 19:09:30 167,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-04-19 18:53:52 127,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 18:54:04 183,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 22:16:32 12,259,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-10 18:35:04 6,747,480 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE
+ 2007-05-31 18:43:46 7,613,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 18:53:44 106,336 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 18:42:14 200,032 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 18:53:56 149,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 18:53:24 69,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-05-31 18:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
+ 2007-05-31 18:35:46 133,976 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL
+ 2007-05-31 18:36:08 612,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL
+ 2007-05-10 18:34:48 562,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL
+ 2007-03-23 00:07:10 41,824 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-23 00:07:54 78,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-23 00:22:02 103,264 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
+ 2007-05-09 22:19:48 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\VBE6.DLL
+ 2007-05-31 18:37:40 12,310,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE
+ 2008-11-29 21:26:08 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-11-08 17:48:01 12,288 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-29 21:32:56 12,288 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-08 17:48:01 135,168 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-29 21:32:56 135,168 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-08 17:48:01 11,264 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-29 21:32:56 11,264 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-08 17:48:01 27,136 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-29 21:32:56 27,136 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-08 17:48:01 4,096 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-29 21:32:56 4,096 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-08 17:48:01 794,624 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-29 21:32:56 794,624 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-08 17:48:01 249,856 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-29 21:32:56 249,856 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-08 17:48:01 61,440 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-29 21:32:56 61,440 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-08 17:48:01 23,040 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-29 21:32:56 23,040 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-08 17:48:01 286,720 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-29 21:32:56 286,720 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-08 17:48:01 409,600 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-29 21:32:56 409,600 ----a-r c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-01-04 14:05:28 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-08-20 05:33:17 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-11-29 14:51:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-29 19:41:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-29 14:51:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-29 19:41:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-11-29 14:51:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-29 19:41:23 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-01-04 14:05:28 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-08-20 05:33:18 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2007-01-04 14:05:28 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll
+ 2008-08-20 05:33:19 1,024,000 ------w c:\windows\system32\dllcache\browseui.dll
- 2007-01-04 14:05:28 151,040 ------w c:\windows\system32\dllcache\cdfview.dll
+ 2008-08-20 05:33:17 151,040 ------w c:\windows\system32\dllcache\cdfview.dll
- 2007-01-04 14:05:28 1,054,208 ------w c:\windows\system32\dllcache\danim.dll
+ 2008-08-20 05:33:18 1,054,208 ------w c:\windows\system32\dllcache\danim.dll
- 2007-01-04 14:05:28 357,888 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-20 05:33:18 357,888 ------w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-01-04 14:05:28 205,312 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-20 05:33:18 205,312 ------w c:\windows\system32\dllcache\dxtrans.dll
- 2007-01-04 14:05:28 55,808 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-20 05:33:18 55,808 ------w c:\windows\system32\dllcache\extmgr.dll
- 2007-01-04 11:03:40 18,432 ------w c:\windows\system32\dllcache\iedw.exe
+ 2008-08-19 09:38:57 18,432 ------w c:\windows\system32\dllcache\iedw.exe
- 2007-01-04 14:05:28 251,904 ------w c:\windows\system32\dllcache\iepeers.dll
+ 2008-08-20 05:33:18 251,904 ------w c:\windows\system32\dllcache\iepeers.dll
- 2007-01-04 14:05:29 96,256 ------w c:\windows\system32\dllcache\inseng.dll
+ 2008-08-20 05:33:18 96,256 ------w c:\windows\system32\dllcache\inseng.dll
- 2007-01-04 14:05:29 16,384 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-20 05:33:19 16,384 ------w c:\windows\system32\dllcache\jsproxy.dll
- 2007-01-04 14:05:30 3,062,272 ------w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-20 05:33:20 3,067,392 ------w c:\windows\system32\dllcache\mshtml.dll
- 2007-01-04 14:05:29 449,024 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-20 05:33:19 449,024 ------w c:\windows\system32\dllcache\mshtmled.dll
- 2007-01-04 14:05:29 146,432 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-20 05:33:18 146,432 ------w c:\windows\system32\dllcache\msrating.dll
- 2007-01-04 14:05:30 532,480 ------w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-20 05:33:18 532,480 ------w c:\windows\system32\dllcache\mstime.dll
- 2007-01-04 14:05:30 39,424 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-20 05:33:18 39,424 ------w c:\windows\system32\dllcache\pngfilt.dll
- 2007-01-04 14:05:30 1,498,112 ------w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:33:19 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
- 2007-01-04 14:05:30 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-08-20 05:33:19 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll
- 2007-01-25 12:24:58 616,960 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-20 05:33:19 619,008 ------w c:\windows\system32\dllcache\urlmon.dll
- 2007-01-04 14:05:30 665,088 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-20 05:33:19 667,648 ------w c:\windows\system32\dllcache\wininet.dll
- 2007-01-04 14:05:28 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-20 05:33:18 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2007-01-04 14:05:28 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-20 05:33:18 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2007-01-04 14:05:28 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-08-20 05:33:18 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2007-01-04 14:05:28 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2008-08-20 05:33:18 251,904 ----a-w c:\windows\system32\iepeers.dll
- 2007-01-04 14:05:29 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-08-20 05:33:18 96,256 ----a-w c:\windows\system32\inseng.dll
- 2007-01-04 14:05:29 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-20 05:33:19 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2003-06-18 22:31:48 17,920 ----a-w c:\windows\system32\mdimon.dll
+ 2007-04-09 18:23:54 28,040 ----a-w c:\windows\system32\mdimon.dll
- 2008-10-07 17:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2007-01-04 14:05:29 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-20 05:33:19 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2007-01-04 14:05:29 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-20 05:33:18 146,432 ----a-w c:\windows\system32\msrating.dll
- 2007-01-04 14:05:30 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-08-20 05:33:18 532,480 ----a-w c:\windows\system32\mstime.dll
- 2007-01-04 14:05:30 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-20 05:33:18 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
- 2003-06-18 22:31:48 18,944 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 18:23:54 28,552 ----a-w c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 121640]
"SkinClock"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-02-16 1724416]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"bandmon"="c:\program files\Rokario\Bandwidth Monitor\bandmon.exe" [2008-06-01 1529856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShaPlus Bandwidth Meter"="c:\program files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-08-03 137216]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-01-26 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-01-26 40960]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcqmon.exe"="c:\program files\Dell Photo AIO Printer 966\dlcqmon.exe" [2006-06-20 286720]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 966\memcard.exe" [2006-06-27 299008]
"DLCQCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-06-07 106496]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-18 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2008-10-28 681256]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"CTHelper"="CTHELPER.EXE" [2005-11-08 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-01 160592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dlcqcoms.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56611:TCP"= 56611:TCP:PandoRest Listening Port
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-11-25 13360]
R2 OpenCASE Media Agent;OpenCASE Media Agent;"c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe" [2008-08-29 835208]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-11-25 69168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-08-08 24652]
S2 0091741227987798mcinstcleanup;McAfee Application Installer Cleanup (0091741227987798);c:\windows\TEMP\009174~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe []
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 166384]
S2 SBAMSvc;CounterSpy Antispyware;"c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe" [2008-10-28 886056]
S2 SessionLauncher;SessionLauncher;c:\docume~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 CW100;CW100 Device;c:\windows\system32\DRIVERS\CW100.sys [2007-03-04 24092]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 1083888]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys [2008-10-23 92464]
S3 WideUSB;WideUSB Generic USB Bulk driver;c:\windows\system32\Drivers\WideUSB.sys [2007-01-20 18720]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-11-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-11-24 c:\windows\Tasks\SpyHunter Scanner.job
- c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe []
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 16:56:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
DLCQCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2008-11-29 16:57:33
ComboFix-quarantined-files.txt 2008-11-29 21:57:31
ComboFix2.txt 2008-11-29 16:09:43
Pre-Run: 485,882,789,888 bytes free
Post-Run: 485,905,821,696 bytes free
431 --- E O F --- 2008-11-29 21:33:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:29 PM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0091741227987798) (0091741227987798mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\009174~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 18819 bytes
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now type "c:\documents and settings\Habitat Productions\My Documents\Comics\New Folder\ComboFix.exe" /u in the runbox and click OK
Next we remove all used tools.
Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster here here (http://majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef)
SpywareBlaster tutorial (http://www.bleepingcomputer.com/forums/tutorial49.html)
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.