PDA

View Full Version : Fake virus warnings, suspect XP AV 2009



Petez
2009-01-25, 23:15
Hi,

My friend's computer started throwing fake virus warnings yesterday.

-Erunt installed and run.
-HJT log follows:

-----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:24 PM, on 1/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P38 "EPSON Stylus Photo 820 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alissa Stoops\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://cccs.blackboard.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219645831469&h=ff72003048038a4783ca78c6d8322ba5/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11808 bytes

peku006
2009-01-29, 20:10
Hello and Welcome to Safer Networking,

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

Petez
2009-01-29, 21:15
Peku,

Thank you for the response!

Unfortunately, my friend got impatient, and took the computer to a local computer store against my recommendation. I do not trust the store's ability to remove malware, but it is out of my control. If it is agreeable to you, what I would like to leave this open unitl they get it back (should be very soon) and then do another HJT scan (and I can do MBAM and RSIT scans as well if you like), and post the results here for you to see if it is truly clean. I'd like to avoid starting over with you guys.

If, on the other hand, you want to wash your hands of this, I will understand. Please let me know.

Also, I've noticed a lot of trouble the last few days accessing this site, and safer-networking as well. Is there a DOS attack of some sort, or other network congestion problem? I've tried various (clean) computers, and of course, other web sites, all are fine, so the common factor is this site.

Thanks again, I appreciate all you guys do!!!

Pete

peku006
2009-01-29, 21:58
Hi Pete

I would like to leave this open unitl they get it back
Ok no problem....I will wait....(five days)

Petez
2009-01-30, 05:20
Thank you so much!

They got the computer back today, it had been scanned with MBAM, which found and removed 2 items... nothing else was done.

I ran RSIT and re-ran MBAM. Looks ok but want to be sure. I would also appreciate your input on what was bug(s) were. Logs to follow...

1-MBAM from computer store
2-RSIT log from today
3-RSIT info from today (post too long, this one in next post)
4-MBAM from today (post too long, this one in next post)

--------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1702
Windows 5.1.2600 Service Pack 3

1/28/2009 3:40:06 PM
mbam-log-2009-01-28 (15-40-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161181
Time elapsed: 2 hour(s), 8 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





--------------------------------------------------------------




Logfile of random's system information tool 1.05 (written by random/random)
Run by Alissa Stoops at 2009-01-29 17:15:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (64%) free of 76 GB
Total RAM: 479 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:12 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Alissa Stoops\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alissa Stoops.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P38 "EPSON Stylus Photo 820 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alissa Stoops\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://cccs.blackboard.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219645831469&h=ff72003048038a4783ca78c6d8322ba5/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5976ADEB-886D-49F0-A490-9207511A6FE3}: NameServer = 12.108.9.124,12.108.9.125
O17 - HKLM\System\CS1\Services\Tcpip\..\{5976ADEB-886D-49F0-A490-9207511A6FE3}: NameServer = 12.108.9.124,12.108.9.125
O17 - HKLM\System\CS2\Services\Tcpip\..\{5976ADEB-886D-49F0-A490-9207511A6FE3}: NameServer = 12.108.9.124,12.108.9.125
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10722 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-29 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2006-02-14 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2006-02-14 1191424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5400"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE [2003-05-26 99840]
"EPSON Stylus Photo 820 Series (Copy 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2001-01-18 68608]
"EPSON Stylus Photo 820 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [2001-01-18 68608]
"EPSON Stylus CX4800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [2005-02-01 98304]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-29 1601304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2006-11-07 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [2001-12-07 258118]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-08-14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2002-08-02 46592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
C:\PROGRA~1\COMMON~1\MYSOFT~1\NewsFlsh.exe [2001-02-06 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"Viewpoint Manager Service"=2
"usnjsvc"=3
"SLService"=2
"ose"=3
"odserv"=3
"IDriverT"=3
"Avg7UpdSvc"=2
"Avg7Alrt"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-29 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\Common Files\AOL\1148275047\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148275047\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1148275047\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1148275047\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe"="C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe:*:Enabled:RavenShield"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-01-29 17:15:23 ----D---- C:\rsit
2009-01-28 13:27:27 ----HD---- C:\$AVG8.VAULT$
2009-01-28 12:17:16 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-28 12:16:54 ----D---- C:\Program Files\AVG
2009-01-28 12:16:54 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-28 11:55:14 ----D---- C:\Documents and Settings\Alissa Stoops\Application Data\Malwarebytes
2009-01-28 11:55:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-28 11:55:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-25 13:08:55 ----D---- C:\Program Files\Trend Micro
2009-01-25 13:08:37 ----D---- C:\WINDOWS\ERDNT
2009-01-25 13:08:04 ----D---- C:\Program Files\ERUNT
2009-01-14 23:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

======List of files/folders modified in the last 1 months======

2009-01-29 17:15:05 ----D---- C:\WINDOWS\Prefetch
2009-01-29 17:07:21 ----D---- C:\Program Files\Mozilla Firefox
2009-01-29 14:18:28 ----D---- C:\WINDOWS\Temp
2009-01-29 13:09:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-29 10:56:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-29 10:08:30 ----D---- C:\WINDOWS\system32
2009-01-29 09:39:31 ----D---- C:\WINDOWS\system32\drivers
2009-01-28 12:16:54 ----RD---- C:\Program Files
2009-01-28 12:16:25 ----SHD---- C:\WINDOWS\Installer
2009-01-28 12:16:24 ----D---- C:\WINDOWS\WinSxS
2009-01-28 12:16:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-28 12:12:21 ----D---- C:\WINDOWS
2009-01-28 11:46:54 ----RASH---- C:\boot.ini
2009-01-28 11:46:54 ----A---- C:\WINDOWS\win.ini
2009-01-28 11:46:54 ----A---- C:\WINDOWS\system.ini
2009-01-28 11:46:53 ----D---- C:\WINDOWS\pss
2009-01-28 11:41:39 ----HD---- C:\WINDOWS\inf
2009-01-14 23:41:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 23:41:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-09 17:35:28 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-29 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-29 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-29 107272]
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-08-16 40576]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-08-02 659228]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Eplpdx02;Eplpdx02; \??\C:\WINDOWS\System32\Drivers\EPLPDX02.SYS []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2001-11-29 172708]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-07-12 155008]
R3 Slntamr;NetoDragon AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2002-01-28 220432]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2001-11-29 33028]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 458db92d-5499-4411-b34e-7b591241f27e;458db92d-5499-4411-b34e-7b591241f27e; \??\D:\CDS300\cds300.dll []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2002-12-13 129875]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2001-11-29 2383460]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2001-11-29 607732]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2001-11-29 175160]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 V90drv;v90drv; C:\WINDOWS\System32\DRIVERS\v90drv.sys [2001-11-29 1432836]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-15 468480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-29 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-12 44032]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-11-17 114688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2001-11-29 45056]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Petez
2009-01-30, 05:21
3-RSIT info from today (post too long, this one in next post)
4-MBAM from today (post too long, this one in next post)


--------------------------------------------------------------------



info.txt logfile of random's system information tool 1.05 2009-01-29 17:16:17

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00C6-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF00D1-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{25EF03FD-F17B-11D6-88EA-000476CD2443}\Setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B65F068-5A91-4B41-AE3A-0BCC34DC7904}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B65F068-5A91-4B41-AE3A-0BCC34DC7904}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9A812DA-143D-4780-BEDC-FD6D41386317}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Ahead InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
AIM 6.0-->C:\Program Files\AIM6\uninst.exe
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\SETUP.EXE" -l0x9 -uninst
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Camera Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Chemistry Plus 3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\homeworkhelp\chemplus\irunin.ini"
ClickArt Fonts 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC2C40CE-62A8-4BC2-9FB1-FD8794DE3C1A}\setup.exe" -l0x9 anything
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative MuVo NX-TX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B124151-B6A0-492C-8838-0854B800535D}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON CX 4200 4800 Guide-->C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exe
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22901BB7-2C57-409E-AF2F-56FFFEA41116}\setup.exe" -l0x9 MyUninstall
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x9 Uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homeworkhelp.com US History-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\homeworkhelp\USHistory\Uninst.isu"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Ink Monitor-->C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Musicnotes Player V1.23.2 and Viewer-->"C:\Program Files\Musicnotes\Player\unins000.exe"
MuVo Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
My Wal-Mart Digital Photo Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}\setup.exe" -l0x9 -removeonly
MyLabels-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6108757-F62E-4A25-8B68-DC8091802726}\setup.exe"
MyProfessionalBusinessCards-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}\setup.exe" -l0x9 UNINSTALL
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NetoDragon 56K Voice Modem-->C:\WINDOWS\Modio\SLAMRNTV\slclean.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
ProSavageDDR and Utilities-->C:\PROGRA~1\S3\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3\P4M266\P4M266.uns
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
Raven Shield Multiplayer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71F5686A-9055-4651-A220-054489D065E7}\Setup.exe" -l0x9
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
RTLSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Verizon Online-->C:\WINDOWS\system32\VerizonUninstaller.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Vocabulary 2.1-->C:\WINDOWS\iun6002.exe "C:\Program Files\homeworkhelp\voc\irunin.ini"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Mail-->C:\WINDOWS\system32\regsvr32.exe /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: ALISSA
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 39752
Source Name: Service Control Manager
Time Written: 20081109160510.000000-480
Event Type: information
User:

Computer Name: ALISSA
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 39751
Source Name: Service Control Manager
Time Written: 20081109160510.000000-480
Event Type: information
User:

Computer Name: ALISSA
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 39750
Source Name: Service Control Manager
Time Written: 20081109160510.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ALISSA
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 39749
Source Name: Service Control Manager
Time Written: 20081109160510.000000-480
Event Type: information
User: ALISSA\Alissa Stoops

Computer Name: ALISSA
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 39748
Source Name: Service Control Manager
Time Written: 20081109160510.000000-480
Event Type: information
User:

Application event log

Computer Name: ALISSA
Event Code: 301
Message: MsnMsgr (2132) \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\fsr012C7.log.

Record Number: 5127
Source Name: ESENT
Time Written: 20080902120307.000000-420
Event Type: information
User:

Computer Name: ALISSA
Event Code: 301
Message: MsnMsgr (2132) \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\fsr012C6.log.

Record Number: 5126
Source Name: ESENT
Time Written: 20080902120307.000000-420
Event Type: information
User:

Computer Name: ALISSA
Event Code: 301
Message: MsnMsgr (2132) \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\fsr012C5.log.

Record Number: 5125
Source Name: ESENT
Time Written: 20080902120307.000000-420
Event Type: information
User:

Computer Name: ALISSA
Event Code: 301
Message: MsnMsgr (2132) \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\fsr012C4.log.

Record Number: 5124
Source Name: ESENT
Time Written: 20080902120307.000000-420
Event Type: information
User:

Computer Name: ALISSA
Event Code: 300
Message: MsnMsgr (2132) \\.\C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\Working\database_2294_CDB8_94CD_8F2B\dfsr.db: The database engine is initiating recovery steps.

Record Number: 5123
Source Name: ESENT
Time Written: 20080902120307.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Petez
2009-01-30, 05:26
Sorry, submitted without this one last time by accident.

4-MBAM from today (post too long, this one in next post)


Malwarebytes' Anti-Malware 1.33
Database version: 1707
Windows 5.1.2600 Service Pack 3

1/29/2009 6:47:55 PM
mbam-log-2009-01-29 (18-47-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 160288
Time elapsed: 1 hour(s), 35 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

peku006
2009-01-30, 16:53
Hi Pete
I do not see anything that does not look OK

Let us take a deeper look.

Please download OTScanIt2 from Geeks to Go (http://oldtimer.geekstogo.com/OTScanIt2.exe) or Bleeping Computer (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe). Save it to your desktop.

Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.

Thanks peku006

Petez
2009-01-30, 20:00
Scan completed properly... (but too long to post, I'll have to split it... sorry...)

[code]
OTScanIt2 logfile created on: 1/30/2009 8:12:36 AM - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Alissa Stoops\Desktop\pete\OTScanIt2
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 299.82 Mb Available Physical Memory | 62.53% Memory free
740.77 Mb Paging File | 505.96 Mb Available in Paging File | 68.30% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.63 Gb Free Space | 63.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALISSA
Current User Name: Alissa Stoops
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
avgcsrvx.exe -> %ProgramFiles%\AVG\AVG8\avgcsrvx.exe -> [2009/01/29 09:38:40 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2009/01/29 09:38:16 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2009/01/29 09:38:39 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2009/01/29 09:38:41 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> [2009/01/29 09:38:35 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/01/29 09:38:23 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
bgsvcgen.exe -> %SystemRoot%\system32\bgsvcgen.exe -> [2005/04/30 16:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation)
ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 17:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
e_fatiada.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE -> [2005/02/01 11:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
e_s10ic2.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S10IC2.EXE -> [2001/01/18 19:00:00 | 00,068,608 | ---- | M] (SEIKO EPSON CORPORATION)
msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\pete\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
sagent2.exe -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> [2000/11/17 00:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2004/09/22 17:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation)
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\Ymsgr_tray.exe -> [2006/11/30 21:49:06 | 00,103,928 | ---- | M] (Yahoo! Inc.)

[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation)
(avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> [2009/01/29 09:38:16 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/01/29 09:38:23 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
(bgsvcgen) B's Recorder GOLD Library General Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\bgsvcgen.exe -> [2005/04/30 16:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation)
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 17:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd)
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Auto | Running] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> [2000/11/17 00:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPodService) iPodService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2006/06/14 15:23:58 | 00,323,584 | ---- | M] (Apple Computer, Inc.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(SLService) SmartLinkService [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\slserv.exe -> [2001/11/29 00:10:28 | 00,045,056 | ---- | M] ( )
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2004/09/22 17:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Live\Messenger\usnsvc.exe -> [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(WLSetupSvc) Windows Live Setup Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\afc.sys -> [2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.)
(ALCXWDM) Service for Avance AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2002/08/02 02:10:44 | 00,659,228 | R--- | M] (Avance Logic, Inc.)
(AmdK7) AMD K7 Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\amdk7.sys -> [2008/04/13 10:31:33 | 00,037,760 | ---- | M] (Microsoft Corporation)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2009/01/29 09:38:40 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2009/01/29 09:38:41 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2009/01/29 09:38:32 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BsStor) InCD Storage Helper Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bsstor.sys -> [2002/06/05 15:07:00 | 00,009,344 | ---- | M] (B.H.A Co.,Ltd.)
(BsUDF) InCD UDF Driver [File_System | Disabled | Stopped] -> %SystemRoot%\system32\drivers\bsudf.sys -> [2003/01/15 10:02:06 | 00,468,480 | ---- | M] (ahead software)
(Eplpdx02) Eplpdx02 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EPLPDX02.SYS -> [2001/08/09 18:03:00 | 00,070,084 | ---- | M] (MK Systems CO., LTD.)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2005/02/02 00:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(MR97310_USB_DUAL_CAMERA) MR97310 CIF Dual Mode Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mr97310c.sys -> [2002/12/13 00:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.)
(Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mtlmnt5.sys -> [2001/11/29 00:10:14 | 00,172,708 | ---- | M] ()
(Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlstrm.sys -> [2001/11/29 00:10:18 | 02,383,460 | ---- | M] ()
(NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ntmtlfax.sys -> [2001/11/29 00:10:20 | 00,607,732 | ---- | M] ()
(PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PfModNT.sys -> [2004/06/03 12:10:00 | 00,071,596 | ---- | M] (Creative Technology Ltd.)
(Point32) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\point32.sys -> [2006/11/07 23:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003/03/31 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(RTL8023) Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Rtlnic51.sys -> [2003/12/31 11:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation )
(RTL8023xp) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtlnicxp.sys -> [2004/04/13 19:14:12 | 00,070,144 | ---- | M] (Realtek Semiconductor Corporation )
(rtl8139) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\rtl8139.sys -> [2004/08/03 21:31:32 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(S3Psddr) S3Psddr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\s3gnbm.sys -> [2002/07/12 05:27:04 | 00,155,008 | R--- | M] (S3 Graphics, Inc.)
(sdcplh) sdcplh [Kernel | System | Running] -> %SystemRoot%\system32\drivers\sdcplh.sys -> [2005/08/16 13:34:47 | 00,040,576 | ---- | M] ()
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Slntamr) NetoDragon AMR_PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slntamr.sys -> [2002/01/28 20:28:28 | 00,220,432 | R--- | M] ( )
(SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slnthal.sys -> [2001/11/29 00:10:26 | 00,175,160 | ---- | M] ( )
(SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slwdmsup.sys -> [2001/11/29 00:10:28 | 00,033,028 | R--- | M] (Vireo Software)
(V90drv) V90drv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\v90drv.sys -> [2001/11/29 00:10:32 | 01,432,836 | ---- | M] ( )
(viaagp) VIA AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> [2002/03/20 04:20:00 | 00,027,648 | ---- | M] (VIA Technologies, Inc.)
(viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> [2002/03/20 04:20:00 | 00,027,648 | ---- | M] (VIA Technologies, Inc.)
(ViaIde) ViaIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\viaidexp.sys -> [2001/10/18 12:00:00 | 00,006,144 | ---- | M] (VIA Technologies, Inc.)
(VIAPFD) VIAPFD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\VIAPFD.SYS -> [2001/12/18 14:45:04 | 00,003,279 | ---- | M] (VIA Technologies. Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search ->
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: Search\\"AutoSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx ->
HKEY_CURRENT_USER\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Alissa Stoops\Application Data\Mozilla\FireFox\Profiles\n475got9.default\prefs.js ->
browser.startup.homepage -> "http://www.yahoo.com/" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.5" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar Helper] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/01/29 09:38:29 | 01,078,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 03:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2007/09/20 10:30:18 | 00,328,752 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> [2006/10/26 10:28:40 | 00,440,384 | ---- | M] (Yahoo! Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/01/29 09:38:35 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"EPSON Stylus CX4800 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIADA.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"] -> [2005/02/01 11:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
"EPSON Stylus CX5400" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"] -> [2003/05/26 19:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION)
"EPSON Stylus Photo 820 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"] -> [2001/01/18 19:00:00 | 00,068,608 | ---- | M] (SEIKO EPSON CORPORATION)
"EPSON Stylus Photo 820 Series (Copy 1)" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P38 "EPSON Stylus Photo 820 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo 820"] -> [2001/01/18 19:00:00 | 00,068,608 | ---- | M] (SEIKO EPSON CORPORATION)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"msnmsgr" -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"Yahoo! Pager" -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
< Alissa Stoops Startup Folder > -> C:\Documents and Settings\Alissa Stoops\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_SRCV02.EXE -> [2000/10/04 18:06:00 | 00,127,488 | ---- | M] (SEIKO EPSON CORPORATION)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Google Search -> %ProgramFiles%\Google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Translate English Word -> %ProgramFiles%\Google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
&Yahoo! Search -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsrch.htm] -> [2008/11/03 22:08:02 | 00,000,000 | ---D | M]
Backward Links -> %ProgramFiles%\Google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Cached Snapshot of Page -> %ProgramFiles%\Google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmcache.html] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)
Similar Pages -> %ProgramFiles%\Google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Translate Page into English -> %ProgramFiles%\Google\GoogleToolbar2.dll [res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html] -> [2006/02/14 19:05:30 | 01,191,424 | R--- | M] (Google Inc.)
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycdict.htm] -> [2008/11/03 22:08:02 | 00,000,000 | ---D | M]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycmap.htm] -> [2008/11/03 22:08:02 | 00,000,000 | ---D | M]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\Common [file:///C:\Program Files\Yahoo!\Common/ycsms.htm] -> [2008/11/03 22:08:02 | 00,000,000 | ---D | M]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2007/12/13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Button: Yahoo! Services] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{d9288080-1baa-4bc4-9cf8-a92d743db949}:Exec [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU [Button: Run IMVU] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Button: Yahoo! Messenger] -> [2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}:Exec [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Menu: Yahoo! Messenger] -> [2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> [2006/10/31 15:29:16 | 00,198,136 | ---- | M] (Yahoo! Inc.)
CmdMapping\\"{d9288080-1baa-4bc4-9cf8-a92d743db949}" [HKLM] -> %UserProfile%\Start Menu\Programs\IMVU\Run IMVU [Run IMVU] -> File not found
CmdMapping\\"{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}" [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> [2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1023 domain(s) found. ->
.[msn] -> My Computer ->
cccs_blackboard.com [http] -> Trusted sites ->
74 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] ->
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab [Office Genuine Advantage Validation Tool] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] ->
{138E6DC9-722B-4F4B-B09D-95D191869696} [HKLM] -> http://www.bebo.com/files/BeboUploader.5.1.4.cab [Bebo Uploader Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll [Installation Support] ->
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photos.walmart.com/WalmartActivia.cab [Snapfish Activia] ->
{48DD0448-9209-4F81-9F6D-D83562940134} [HKLM] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab [MySpace Uploader Control] ->
{6F714D46-E4EF-11D4-93EF-00D0D7032099} [HKLM] -> http://www.christianrock2.net/amp3dj.cab [Active DJ Studio ActiveX Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219645831469&h=ff72003048038a4783ca78c6d8322ba5/&filename=jinstall-6u7-windows-i586-jc.cab [Java Plug-in 1.6.0_07] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key does not exist or could not be opened.] ->
{A30FBBDC-FA29-4606-8565-14AADCCA6708} [HKLM] -> https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab [Rite Aid One Hour Photo Online Control] ->
{AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} [HKLM] -> http://www.globalchat.com/custom/nativeclient/msichat.cab [msichat50 Client Control] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5976ADEB-886D-49F0-A490-9207511A6FE3} -> 12.108.9.124,12.108.9.125 (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{AC746C20-1485-49E1-938F-C69DE156734B} -> () ->
{FC68000C-9025-47A3-96E8-2CFCA3CC272C} -> (1394 Net Adapter) ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
avgrsstarter -> %SystemRoot%\system32\avgrsstx.dll -> [2009/01/29 09:38:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe:*:Enabled:AOL Services] -> File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/10/10 09:53:46 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" -> C:\Program Files\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> [2009/01/29 09:38:16 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/01/29 09:35:09 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1124351019\ee\AOLServiceHost.exe:*:Enabled:AOL Services] -> File not found
"C:\Program Files\Common Files\AOL\1148275047\ee\aim6.exe" -> C:\Program Files\Common Files\AOL\1148275047\ee\aim6.exe [C:\Program Files\Common Files\AOL\1148275047\ee\aim6.exe:*:Enabled:AIM] -> File not found
"C:\Program Files\Common Files\AOL\1148275047\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1148275047\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1148275047\ee\aolsoftware.exe:*:Enabled:AOL Services] -> File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/10/10 09:53:46 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> [2008/10/14 23:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2006/06/14 15:48:00 | 14,276,608 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" -> C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe [C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8] -> [2005/08/30 15:04:14 | 14,602,240 | ---- | M] (Macromedia, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | -HS- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe" -> C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe [C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe:*:Enabled:RavenShield] -> [2002/12/23 05:58:00 | 00,208,896 | ---- | M] ()
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" -> C:\Program Files\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger] -> [2006/11/30 21:49:04 | 04,662,776 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YPager.exe" -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> [2006/11/30 21:49:06 | 00,091,640 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2008/04/13 10:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/03/05 11:15:56 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

Petez
2009-01-30, 20:01
[Files/Folders - Created Within 30 Days]
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
rsit -> %SystemDrive%\rsit -> [2009/01/29 17:15:23 | 00,000,000 | ---D | C]
pete -> %UserProfile%\Desktop\pete -> [2009/01/29 17:13:17 | 00,000,000 | ---D | C]
Church Government.doc -> %UserProfile%\My Documents\Church Government.doc -> [2009/01/29 11:53:49 | 00,096,256 | ---- | C] ()
Lucas, Church Government, cleaned and styled.doc -> %UserProfile%\Desktop\Lucas, Church Government, cleaned and styled.doc -> [2009/01/29 11:50:56 | 00,107,520 | ---- | C] ()
$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [2009/01/28 13:27:27 | 00,000,000 | -H-D | C]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/01/28 12:17:16 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/01/28 12:17:15 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/01/28 12:17:15 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/01/28 12:17:15 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/01/28 12:17:05 | 32,583,892 | ---- | C] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/01/28 12:17:05 | 00,368,010 | ---- | C] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/01/28 12:17:05 | 00,078,864 | ---- | C] ()
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/01/28 12:17:04 | 06,061,540 | ---- | C] ()
Avg -> %SystemRoot%\System32\drivers\Avg -> [2009/01/28 12:17:04 | 00,000,000 | ---D | C]
avg8 -> %AllUsersProfile%\Application Data\avg8 -> [2009/01/28 12:16:54 | 00,000,000 | ---D | C]
AVG -> %ProgramFiles%\AVG -> [2009/01/28 12:16:54 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/01/28 11:55:14 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/28 11:55:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/28 11:55:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/01/28 11:55:05 | 00,000,000 | ---D | C]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/01/28 11:55:05 | 00,000,000 | ---D | C]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2009/01/28 11:46:58 | 00,000,268 | -H-- | C] ()
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2009/01/28 11:46:58 | 00,000,244 | -H-- | C] ()
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2009/01/25 22:41:21 | 00,000,268 | -H-- | C] ()
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2009/01/25 22:41:21 | 00,000,244 | -H-- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2009/01/25 13:08:55 | 00,000,000 | ---D | C]
ERDNT -> %SystemRoot%\ERDNT -> [2009/01/25 13:08:37 | 00,000,000 | ---D | C]
ERUNT -> %ProgramFiles%\ERUNT -> [2009/01/25 13:08:04 | 00,000,000 | ---D | C]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2009/01/24 12:21:52 | 00,000,268 | -H-- | C] ()
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2009/01/24 12:21:52 | 00,000,244 | -H-- | C] ()
webct_upload_applet.properties -> %UserProfile%\webct_upload_applet.properties -> [2009/01/22 13:29:46 | 00,000,168 | ---- | C] ()
IMGA0957[1].JPG -> %UserProfile%\My Documents\IMGA0957[1].JPG -> [2009/01/13 22:33:24 | 00,110,253 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
4 C:\Documents and Settings\Alissa Stoops\My Documents\*.tmp files -> C:\Documents and Settings\Alissa Stoops\My Documents\*.tmp ->
185 C:\Documents and Settings\Alissa Stoops\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Alissa Stoops\Local Settings\Temp\*.tmp ->
185 C:\Documents and Settings\Alissa Stoops\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Alissa Stoops\Local Settings\Temp\*.tmp ->
185 C:\Documents and Settings\Alissa Stoops\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Alissa Stoops\Local Settings\Temp\*.tmp ->
70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
70 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
OH.com%2Fsearch%3Fp%3Dgiotto%2Barena%2Bchapel%2Bpainting%26ei%3DUTF-8%26fr%3Dslv8-msgr%26b%3D21&cc=245&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=-420&u_his=20&u_java=true -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\4J8F2HK3\OH.com%2Fsearch%3Fp%3Dgiotto%2Barena%2Bchapel%2Bpainting%26ei%3DUTF-8%26fr%3Dslv8-msgr%26b%3D21&cc=245&u_h=768&u_w=1024&u_ah=768&u_aw=1024&u_cd=32&u_tz=-420&u_his=20&u_java=true -> File not found
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/01/30 07:59:32 | 00,012,598 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/01/30 07:58:25 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/01/30 07:58:20 | 00,002,048 | --S- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/01/29 23:39:28 | 07,864,320 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/01/29 23:39:28 | 00,000,278 | -HS- | M] ()
Church Government.doc -> %UserProfile%\My Documents\Church Government.doc -> [2009/01/29 22:32:21 | 00,096,256 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/01/29 19:50:59 | 32,583,892 | ---- | M] ()
Lucas, Church Government, cleaned and styled.doc -> %UserProfile%\Desktop\Lucas, Church Government, cleaned and styled.doc -> [2009/01/29 11:50:57 | 00,107,520 | ---- | M] ()
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/01/29 09:38:41 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/01/29 09:38:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/01/29 09:38:40 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/01/29 09:38:32 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.)
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/01/28 12:33:58 | 00,368,010 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/01/28 12:33:58 | 00,078,864 | ---- | M] ()
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/01/28 12:17:04 | 06,061,540 | ---- | M] ()
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2009/01/28 11:46:58 | 00,000,268 | -H-- | M] ()
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2009/01/28 11:46:58 | 00,000,244 | -H-- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2009/01/28 11:46:54 | 00,000,900 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/28 11:46:54 | 00,000,227 | ---- | M] ()
boot.ini -> %SystemDrive%\boot.ini -> [2009/01/28 11:46:54 | 00,000,211 | RHS- | M] ()
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2009/01/25 22:41:21 | 00,000,268 | -H-- | M] ()
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2009/01/25 22:41:21 | 00,000,244 | -H-- | M] ()
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2009/01/24 12:21:52 | 00,000,268 | -H-- | M] ()
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2009/01/24 12:21:52 | 00,000,244 | -H-- | M] ()
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2009/01/23 21:42:52 | 00,000,664 | ---- | M] ()
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2009/01/23 21:36:24 | 00,054,156 | -H-- | M] ()
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2009/01/23 11:24:42 | 00,000,588 | ---- | M] ()
webct_upload_applet.properties -> %UserProfile%\webct_upload_applet.properties -> [2009/01/22 23:02:31 | 00,000,168 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/14 11:37:59 | 00,004,646 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/14 11:37:59 | 00,004,232 | ---- | M] ()
IMGA0957[1].JPG -> %UserProfile%\My Documents\IMGA0957[1].JPG -> [2009/01/13 22:33:04 | 00,110,253 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/01/09 17:35:28 | 20,853,704 | ---- | M] (Microsoft Corporation)
Perflib_Perfdata_dc4.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_dc4.dat -> [2009/01/01 13:03:08 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_b2c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_b2c.dat -> [2008/12/08 11:17:40 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_48c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_48c.dat -> [2008/11/10 08:14:32 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_6bc.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_6bc.dat -> [2008/11/09 16:09:54 | 00,016,384 | ---- | M] ()
yahoo_toolbar_install_helper.exe -> %UserProfile%\Local Settings\Temp\yahoo_toolbar_install_helper.exe -> [2008/10/18 23:04:00 | 00,232,704 | ---- | M] (Yahoo! Inc.)
SkypeSetup.exe -> %UserProfile%\Local Settings\Temp\SkypeSetup.exe -> [2008/07/24 11:54:40 | 22,414,120 | ---- | M] (Skype Technologies S.A.)
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\opa12.dat -> [2008/05/13 13:33:04 | 00,008,378 | ---- | M] ()
Perflib_Perfdata_c58.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_c58.dat -> [2008/04/22 07:45:21 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_74c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_74c.dat -> [2008/03/11 07:49:49 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_e34.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_e34.dat -> [2008/01/07 09:12:20 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_cac.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_cac.dat -> [2007/12/03 11:56:29 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_53c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_53c.dat -> [2007/10/15 10:25:17 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_a1c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_a1c.dat -> [2007/09/07 07:14:27 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_9c8.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_9c8.dat -> [2007/07/16 09:17:45 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_720.dat -> %SystemRoot%\Temp\Perflib_Perfdata_720.dat -> [2007/06/29 19:16:58 | 00,016,384 | ---- | M] ()
WindowsUpdateAgent20-x86.exe -> %UserProfile%\Local Settings\Temp\WindowsUpdateAgent20-x86.exe -> [2007/04/30 11:38:54 | 04,490,712 | ---- | M] (Microsoft Corporation)
Perflib_Perfdata_934.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_934.dat -> [2007/04/03 10:13:48 | 00,016,384 | ---- | M] ()
regtdi.exe -> %SystemRoot%\Temp\regtdi.exe -> [2007/04/02 08:36:06 | 00,003,584 | ---- | M] ()
ISSetup.dll -> %UserProfile%\Local Settings\Temp\{0327237C-E495-43AF-8B2E-9B80137A7B95}\ISSetup.dll -> [2007/02/18 22:51:56 | 00,552,214 | R--- | M] (Macrovision Corporation)
ISSetup.dll -> %UserProfile%\Local Settings\Temp\{C162E24E-F88C-47F3-A1CC-1FD1F6B564E1}\ISSetup.dll -> [2007/02/18 21:29:18 | 00,552,214 | R--- | M] (Macrovision Corporation)
msgup_us.exe -> %UserProfile%\Local Settings\Temp\msgup_us.exe -> [2006/12/18 12:41:31 | 12,550,696 | ---- | M] ()
ymsgr_inst.exe -> %UserProfile%\Local Settings\Temp\ymsgr_inst.exe -> [2006/12/01 05:49:32 | 10,376,696 | ---- | M] ()
instph.dll -> %UserProfile%\Local Settings\Temp\instph.dll -> [2006/11/26 00:02:15 | 00,094,256 | ---- | M] (AOL LLC)
ywiseext.dll -> %UserProfile%\Local Settings\Temp\ywiseext.dll -> [2006/11/06 10:20:16 | 00,098,304 | ---- | M] (Yahoo! Inc.)
ytb_inst.exe -> %UserProfile%\Local Settings\Temp\ytb_inst.exe -> [2006/11/02 14:48:18 | 01,162,280 | ---- | M] ()
ose00000.exe -> %UserProfile%\Local Settings\Temp\ose00000.exe -> [2006/10/27 21:28:26 | 00,145,184 | R--- | M] (Microsoft Corporation)
index.dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2006/10/17 01:03:45 | 04,292,608 | ---- | M] ()
index.dat -> %UserProfile%\Local Settings\Temp\History\History.IE5\index.dat -> [2006/10/17 00:59:52 | 00,442,368 | ---- | M] ()
index.dat -> %UserProfile%\Local Settings\Temp\Cookies\index.dat -> [2006/10/17 00:12:21 | 00,049,152 | ---- | M] ()
0676396_0103_00_0690[1].dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\M3832FAP\0676396_0103_00_0690[1].dat -> [2006/10/16 23:30:02 | 00,084,315 | ---- | M] ()
0253276_0104_00_0690[1].dat -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\4J8F2HK3\0253276_0104_00_0690[1].dat -> [2006/10/16 23:21:33 | 00,084,321 | ---- | M] ()
CANOD9R8.com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\M3832FAP\CANOD9R8.com -> [2006/10/16 22:56:25 | 00,000,015 | ---- | M] ()
CA10J6J7.com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\2RS92PGF\CA10J6J7.com -> [2006/10/16 21:26:07 | 00,000,015 | ---- | M] ()
CA6R0TEV.com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\2WJEC02H\CA6R0TEV.com -> [2006/10/16 18:52:35 | 00,000,015 | ---- | M] ()
CAG925RC.com -> %UserProfile%\Local Settings\Temp\Temporary Internet Files\Content.IE5\UHWGSERQ\CAG925RC.com -> [2006/10/16 18:44:42 | 00,000,015 | ---- | M] ()
GoogleInstall.dll -> %UserProfile%\Local Settings\Temp\GoogleInstall.dll -> [2006/09/13 10:13:12 | 01,077,760 | ---- | M] ()
_isD1.exe -> %UserProfile%\Local Settings\Temp\_isD1.exe -> [2006/05/24 18:10:42 | 00,455,600 | R--- | M] (Macrovision Corporation)
_isD0.exe -> %UserProfile%\Local Settings\Temp\_isD0.exe -> [2006/05/24 18:10:42 | 00,455,600 | R--- | M] (Macrovision Corporation)
_Setup.dll -> %UserProfile%\Local Settings\Temp\{C162E24E-F88C-47F3-A1CC-1FD1F6B564E1}\_Setup.dll -> [2006/05/17 17:21:04 | 00,385,968 | R--- | M] (Macrovision Corporation)
_Setup.dll -> %UserProfile%\Local Settings\Temp\{0327237C-E495-43AF-8B2E-9B80137A7B95}\_Setup.dll -> [2006/05/17 17:21:04 | 00,385,968 | R--- | M] (Macrovision Corporation)
setup.exe -> %UserProfile%\Local Settings\Temp\bye18A.tmp\Disk1\setup.exe -> [2006/03/29 21:04:00 | 00,117,200 | ---- | M] (InstallShield Software Corporation)
gtb2k1033.exe -> %UserProfile%\Local Settings\Temp\gtb2k1033.exe -> [2006/03/02 17:46:38 | 00,559,784 | ---- | M] (Google)
FlashPlayerUpdate.exe -> %UserProfile%\Local Settings\Temp\FlashPlayerUpdate.exe -> [2006/01/09 22:24:29 | 00,819,912 | ---- | M] (Microsoft Corporation)
AutoDL%3FBundleId=10342_b1977064.exe -> %UserProfile%\Local Settings\Temp\AutoDL%3FBundleId=10342_b1977064.exe -> [2005/11/16 12:50:03 | 00,243,512 | ---- | M] (Sun Microsystems, Inc.)
regincd2.exe -> %SystemRoot%\Temp\regincd2.exe -> [2005/11/16 09:10:06 | 00,003,072 | ---- | M] ()
Perflib_Perfdata_6c.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_6c.dat -> [2005/11/03 12:19:16 | 00,016,384 | ---- | M] ()
InfoWindow.dll -> %UserProfile%\Local Settings\Temp\InfoWindow.dll -> [2005/10/06 20:38:12 | 00,075,080 | ---- | M] (RealNetworks, Inc.)
msgr7us.exe -> %UserProfile%\Local Settings\Temp\msgr7us.exe -> [2005/08/30 16:25:53 | 00,381,480 | ---- | M] ()
SceneComponent.dll -> %UserProfile%\Local Settings\Temp\SceneComponent.dll -> [2005/08/18 00:32:34 | 01,171,507 | ---- | M] (Viewpoint Corporation)
SWFView.dll -> %UserProfile%\Local Settings\Temp\SWFView.dll -> [2005/08/18 00:32:34 | 00,643,116 | ---- | M] (Viewpoint Corporation)
VMPVideo.dll -> %UserProfile%\Local Settings\Temp\VMPVideo.dll -> [2005/08/18 00:32:34 | 00,618,541 | ---- | M] (Viewpoint Corporation)
SreeDMMX.dll -> %UserProfile%\Local Settings\Temp\SreeDMMX.dll -> [2005/08/18 00:32:34 | 00,528,429 | ---- | M] (Viewpoint Corporation)
ComponentMgr_03000F11.dll -> %UserProfile%\Local Settings\Temp\ComponentMgr_03000F11.dll -> [2005/08/18 00:32:34 | 00,208,945 | ---- | M] (Viewpoint Corporation)
Mts3Reader.dll -> %UserProfile%\Local Settings\Temp\Mts3Reader.dll -> [2005/08/18 00:32:34 | 00,204,847 | ---- | M] (Viewpoint Corporation)
JpegReader.dll -> %UserProfile%\Local Settings\Temp\JpegReader.dll -> [2005/08/18 00:32:34 | 00,122,927 | ---- | M] (Viewpoint Corporation)
Cursors.dll -> %UserProfile%\Local Settings\Temp\Cursors.dll -> [2005/08/18 00:32:34 | 00,028,672 | ---- | M] (Viewpoint Corporation)
AOLUserShell.dll -> %UserProfile%\Local Settings\Temp\AOLUserShell.dll -> [2005/08/17 23:54:24 | 00,413,746 | ---- | M] (Viewpoint Corporation)
AxMetaStream_0302021C.dll -> %UserProfile%\Local Settings\Temp\AxMetaStream_0302021C.dll -> [2005/08/17 23:54:24 | 00,249,906 | ---- | M] (Viewpoint Corporation)
Perflib_Perfdata_7a8.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_7a8.dat -> [2005/08/13 06:49:31 | 00,016,384 | ---- | M] ()
OCPCustomAction.dll -> %UserProfile%\Local Settings\Temp\OCPCustomAction.dll -> [2005/08/02 11:40:53 | 00,010,240 | ---- | M] ()
aolexpat.dll -> %UserProfile%\Local Settings\Temp\aolexpat.dll -> [2005/08/02 11:34:22 | 00,118,784 | ---- | M] (America Online, Inc.)
aolzlib.dll -> %UserProfile%\Local Settings\Temp\aolzlib.dll -> [2005/08/02 11:34:20 | 00,077,824 | ---- | M] (America Online)
xprt4.dll -> %UserProfile%\Local Settings\Temp\xprt4.dll -> [2005/08/02 11:34:17 | 00,081,920 | ---- | M] (America Online, Inc.)
Xprt3.dll -> %UserProfile%\Local Settings\Temp\Xprt3.dll -> [2005/08/02 11:34:00 | 00,172,032 | ---- | M] (America Online, Inc.)
preferences.dll -> %UserProfile%\Local Settings\Temp\services\preferences\ver1_2_0_0\preferences.dll -> [2005/08/02 11:33:07 | 00,081,408 | ---- | M] (America Online, Inc.)
clsSvc.dll -> %UserProfile%\Local Settings\Temp\services\localStorage\ver3_0_0_0\clsSvc.dll -> [2005/08/02 11:33:06 | 00,295,936 | ---- | M] (America Online, Inc.)
htmlRenderer.dll -> %UserProfile%\Local Settings\Temp\services\htmlRenderer\ver0_9_13\htmlRenderer.dll -> [2005/08/02 11:33:06 | 00,135,168 | ---- | M] (America Online Inc.)
zipper.dll -> %UserProfile%\Local Settings\Temp\services\compression\ver1_1_3_0\zipper.dll -> [2005/08/02 11:33:06 | 00,093,184 | ---- | M] (America Online, Inc.)
Notify.dll -> %UserProfile%\Local Settings\Temp\services\notification\ver3_5_0_0\Notify.dll -> [2005/08/02 11:33:05 | 00,113,152 | ---- | M] (America Online, Inc.)
XMLMini.dll -> %UserProfile%\Local Settings\Temp\services\miniXML\ver1_1_1_0\XMLMini.dll -> [2005/08/02 11:33:05 | 00,080,384 | ---- | M] (America Online, Inc.)
unicows.dll -> %UserProfile%\Local Settings\Temp\unicows.dll -> [2005/08/02 11:33:04 | 00,245,408 | ---- | M] (Microsoft Corporation)
xprt5.dll -> %UserProfile%\Local Settings\Temp\xprt5.dll -> [2005/08/02 11:33:04 | 00,217,088 | ---- | M] (America Online, Inc.)
AOLSvcMgr.dll -> %UserProfile%\Local Settings\Temp\AOLSvcMgr.dll -> [2005/08/02 11:33:02 | 00,216,064 | ---- | M] (America Online, Inc.)
AOLHostManager.exe -> %UserProfile%\Local Settings\Temp\AOLHostManager.exe -> [2005/08/02 11:33:02 | 00,159,832 | ---- | M] (America Online, Inc.)
AOLServiceHost.exe -> %UserProfile%\Local Settings\Temp\AOLServiceHost.exe -> [2005/08/02 11:33:02 | 00,151,640 | ---- | M] (America Online, Inc.)
AOLLaunch.exe -> %UserProfile%\Local Settings\Temp\AOLLaunch.exe -> [2005/08/02 11:33:02 | 00,109,656 | ---- | M] (America Online, Inc.)
symcprop.dat -> %UserProfile%\Local Settings\Temp\symcprop.dat -> [2005/06/27 10:51:55 | 00,059,460 | ---- | M] ()
NAVLiveReg.dat -> %UserProfile%\Local Settings\Temp\NAVLiveReg.dat -> [2005/06/27 10:51:14 | 00,000,268 | ---- | M] ()
msnsearch.exe -> %UserProfile%\Local Settings\Temp\msnsearch.exe -> [2005/06/13 13:46:24 | 00,228,824 | ---- | M] (Microsoft Corporation)
Perflib_Perfdata_7b4.dat -> %UserProfile%\Local Settings\Temp\Perflib_Perfdata_7b4.dat -> [2005/05/06 10:54:25 | 00,016,384 | ---- | M] ()
wyb64.dll -> %UserProfile%\Local Settings\Temp\wyb64.dll -> [2004/12/03 14:34:26 | 00,058,464 | ---- | M] (Yahoo! Inc.)
InstHelp.dll -> %UserProfile%\Local Settings\Temp\InstHelp.dll -> [2004/10/12 10:14:18 | 00,057,344 | ---- | M] ()
_IsUser.dll -> %UserProfile%\Local Settings\Temp\{D34AF559-9E67-45D7-A9E0-A08789623FDA}\_IsUser.dll -> [2004/09/13 01:22:00 | 00,122,880 | ---- | M] (Creative Technology Ltd.)
setup_wm.exe -> %UserProfile%\Local Settings\Temp\setup_wm.exe -> [2004/08/03 23:56:56 | 00,774,144 | ---- | M] (Microsoft Corporation)
data.dat -> %AllUsersProfile%\Application Data\Microsoft\Office\Data\data.dat -> [2004/05/27 10:56:01 | 00,001,538 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2004/05/26 09:10:34 | 00,016,384 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2004/05/26 09:10:34 | 00,016,384 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2004/05/26 09:10:34 | 00,016,384 | ---- | M] ()
newdev.dll -> %SystemRoot%\Temp\newdev.dll -> [2003/03/31 04:00:00 | 00,238,080 | ---- | M] (Microsoft Corporation)
mun297.exe -> %UserProfile%\Local Settings\Temp\mun297.exe -> [2003/03/31 04:00:00 | 00,036,864 | ---- | M] (Microsoft Corporation)
_IsUser.dll -> %UserProfile%\Local Settings\Temp\{09e617f0-6dbb-4953-9ef7-c6c5932fb9f8}\_IsUser.dll -> [2002/08/19 12:45:26 | 00,053,248 | ---- | M] ()
soundman.exe -> %SystemRoot%\Temp\soundman.exe -> [2002/08/02 03:00:12 | 00,046,592 | R--- | M] (Avance Logic, Inc.)
alcupd.exe -> %SystemRoot%\Temp\alcupd.exe -> [2002/04/22 19:12:00 | 00,208,896 | R--- | M] (Avance Logic, Inc.)
_IsRes.dll -> %UserProfile%\Local Settings\Temp\{D34AF559-9E67-45D7-A9E0-A08789623FDA}\_IsRes.dll -> [2001/09/05 03:21:30 | 00,258,048 | ---- | M] (InstallShield Software Corporation)
isrt.dll -> %UserProfile%\Local Settings\Temp\{D34AF559-9E67-45D7-A9E0-A08789623FDA}\isrt.dll -> [2001/09/05 03:20:54 | 00,331,776 | ---- | M] (InstallShield Software Corporation)
Setup.exe -> %UserProfile%\Local Settings\Temp\pft6~tmp\Disk1\Setup.exe -> [2000/10/05 16:00:06 | 00,054,272 | ---- | M] (InstallShield Software Corporation)
isrt.dll -> %UserProfile%\Local Settings\Temp\{09e617f0-6dbb-4953-9ef7-c6c5932fb9f8}\isrt.dll -> [2000/05/16 15:46:14 | 00,315,392 | ---- | M] (InstallShield Software Corporation)
isrt.dll -> %UserProfile%\Local Settings\Temp\{e6108757-f62e-4a25-8b68-dc8091802726}\isrt.dll -> [2000/05/16 14:46:14 | 00,315,392 | ---- | M] (InstallShield Software Corporation)
_IsRes.dll -> %UserProfile%\Local Settings\Temp\{e24a4625-247c-460c-89b8-028db0a605ae}\_IsRes.dll -> [2000/01/12 12:30:06 | 00,200,704 | ---- | M] (InstallShield Software Corporation)
_IsRes.dll -> %UserProfile%\Local Settings\Temp\{66d97d5f-b0d6-4253-93bc-227e38c7555d}\_IsRes.dll -> [2000/01/12 12:30:06 | 00,200,704 | ---- | M] (InstallShield Software Corporation)
_IsRes.dll -> %UserProfile%\Local Settings\Temp\{09e617f0-6dbb-4953-9ef7-c6c5932fb9f8}\_IsRes.dll -> [2000/01/12 12:30:06 | 00,200,704 | ---- | M] (InstallShield Software Corporation)
_IsRes.dll -> %UserProfile%\Local Settings\Temp\{e6108757-f62e-4a25-8b68-dc8091802726}\_IsRes.dll -> [2000/01/12 11:30:06 | 00,200,704 | ---- | M] (InstallShield Software Corporation)
isrt.dll -> %UserProfile%\Local Settings\Temp\{e24a4625-247c-460c-89b8-028db0a605ae}\isrt.dll -> [2000/01/08 06:40:26 | 00,311,296 | ---- | M] (InstallShield Software Corporation)
isrt.dll -> %UserProfile%\Local Settings\Temp\{66d97d5f-b0d6-4253-93bc-227e38c7555d}\isrt.dll -> [2000/01/08 06:40:26 | 00,311,296 | ---- | M] (InstallShield Software Corporation)
PidGen.dll -> %UserProfile%\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\PidGen.dll -> [1999/03/24 16:16:16 | 00,021,504 | R--- | M] ()
53bc8.DLL -> %UserProfile%\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\53bc8.DLL -> [1998/10/14 13:18:06 | 00,050,176 | R--- | M] ()
WINTDIST.EXE -> %SystemRoot%\Temp\_ISTMP1.DIR\WINTDIST.EXE -> [1996/10/24 14:45:52 | 00,401,760 | ---- | M] (Microsoft Corporation)

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\Alissa Stoops\Favorites\Alissa's Sites\DeviantArt.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Alissa's Sites\myspace.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Alissa's Sites\Ultimate MySpace Selector Reference.url:favicon 3638 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Alisha's Adventures.url:favicon 3638 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\ASLPro.com Home.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Bebo.url:favicon 1150 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Blue Letter Bible.url:favicon 2494 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Bridesmaid dresses.url:favicon 1078 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Cheryl's blog.url:favicon 5222 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Latin mottos, phrases and familiar quotations.url:favicon 1150 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\M&M and peanut.url:favicon 3638 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\MySpace.com - (Crystal) - 26 - Female - ROSEBURG, Oregon - www.myspace.com-729crystal729.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\MySpace.com - www.myspace.com-398750981.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\MySpace.com.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\recipezaar Where the World's Recipes Are.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\David's Bridal - Bridal Gowns T8763R Strapless satin A-line gown with beaded lace and scalloped sweetheart neckline..url:favicon 1078 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Facebook .url:favicon 1150 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Fav wedding dress.url:favicon 6598 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Votoy Dog Toy Latex Puppy Burger-Dog Toys.url:favicon 3638 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Wedding Gowns.url:favicon 6598 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Yo Adam.url:favicon 3638 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\YouTube - Going Up Yonder.url:favicon 1150 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\YouTube - I Will Survive- Homeschool Version.url:favicon 1150 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Joanna's favs\Christian Forums - The Online Christian Chat Forum & Message Board.url:favicon 822 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Master's degree study Communication Department, North Dakota State University.url:favicon 1406 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Multiple Choice Quiz.url:favicon 1014 bytes
C:\Documents and Settings\Alissa Stoops\Favorites\Two New Bibles Preach A Hip, Eco-Friendly Gospel NPR.url:favicon 318 bytes
C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\bwhitemarsh_90@hotmail.com\DFSR\Staging\CS{C3A4E64D-1F8C-D77B-FB64-2DF70270131C}\01\10-{C3A4E64D-1F8C-D77B-FB64-2DF70270131C}-v1-{3DCC6CF6-E787-4B60-B77B-3CC645D5231E}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Alissa Stoops\Local Settings\Application Data\Microsoft\Messenger\train_ur_mutt@yahoo.com\SharingMetadata\littlecherylpie@hotmail.com\DFSR\Staging\CS{2F5AD558-9712-5EE5-7667-7A65EE3B8208}\01\12-{2F5AD558-9712-5EE5-7667-7A65EE3B8208}-v1-{3DCC6CF6-E787-4B60-B77B-3CC645D5231E}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
scan completed successfully
hidden files: 399

< End of report >
[/code]

peku006
2009-02-01, 11:28
Hi Pete
Logs look good.
Could you please describe your malware problems?

1 - Update Java

Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.

Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 10 (http://java.sun.com/javase/downloads/index.jsp).

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

2 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


3 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006

Petez
2009-02-05, 03:01
Hi,

I won't be able to get there until tomorrow night, but wanted you to know I didn't abandon it.

The original problem was fake virus warning pop-ups, and they have ceased. I was going to update Java for them, and remove some unwanted stuff/do some clean up. I expect all the scans you request will be clear. If so, I think you can close it after you see them.

I appreciate the help!

Petez
2009-02-06, 07:20
Ok, I updated JAVA and ran AFT cleaner. Kaspersky returned a 100% clean scan. I think we are done here. Thanks again!!!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, February 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 06, 2009 02:22:27
Records in database: 1757486
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 111195
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:26:29

No malware has been detected. The scan area is clean.

The selected area was scanned.

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:50 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P38 "EPSON Stylus Photo 820 Series (Copy 1)" /O6 "USB002" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus Photo 820 Series" /O5 "LPT1:" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alissa Stoops\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://cccs.blackboard.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} (Active DJ Studio ActiveX Control) - http://www.christianrock2.net/amp3dj.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5976ADEB-886D-49F0-A490-9207511A6FE3}: NameServer = 12.108.9.124,12.108.9.125
O17 - HKLM\System\CS1\Services\Tcpip\..\{5976ADEB-886D-49F0-A490-9207511A6FE3}: NameServer = 12.108.9.124,12.108.9.125
O17 - HKLM\System\CS2\Services\Tcpip\..\{5976ADEB-886D-49F0-A490-9207511A6FE3}: NameServer = 12.108.9.124,12.108.9.125
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 10517 bytes

peku006
2009-02-06, 12:08
Hi Pete
The scans are fine and it looks like your machine is clean :yahoo:

Delete RSIT from your desktop, also delete this folder C:\rsit.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.


Happy safe surfing! :bigthumb:

peku006
2009-02-10, 17:43
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.