PDA

View Full Version : Problems with DealAssistant and MyWebSearch



toladogold
2009-10-02, 18:49
Hi, I have problems with DealAssistant and MyWebSearch and can't seem to get rid of them. I'm a very basic computer user, but have followed your instructions and hopefully have done it right. Could you help me with this please.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:34 PM, on 2/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13247 bytes

Shaba
2009-10-05, 22:06
Hi toladogold

Please post spybot report next :)

toladogold
2009-10-06, 12:59
Sorry, don't know what report you're talking about. Do you mean i should do a scan and send you the results?

Shaba
2009-10-06, 20:09
Yes if spybot finds those :)

toladogold
2009-10-07, 16:27
--- Search result list ---

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-09-08 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-09-08 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-09-08 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-09-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-08-19 Includes\Malware.sbi (*)
2009-09-08 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-09-08 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-09-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-09-08 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi (*)
2009-09-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB929729)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB941833)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
file: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
size: 177440
MD5: 633B66014DDEDA70C21CFD327BDC214A

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 305440
MD5: D1458A77A6E15462CB96D34089549BAC

Located: HK_LM:Run, mcagent_exe
command: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
file: C:\Program Files\McAfee.com\Agent\mcagent.exe
size: 645328
MD5: EAE3C29E6B437F970D014E59D462A66E

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 417792
MD5: 8CBD57D84729DEBEE1E83CB5FA3E3D7A

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\Windows\SOUNDMAN.EXE
size: 598016
MD5: A41A73F3D1BE4350CBA9125247EFF330

Located: HK_CU:Run, MySpaceIM
where: .DEFAULT...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9117696
MD5: 24FB0BE24236C791201486D04DB7C41B

Located: HK_CU:Run, Picasa Media Detector
where: .DEFAULT...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 16FC5B430123238E522B18E63C257AF8

Located: HK_CU:Run, DealAssistant
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
file: C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, EA Core
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
file: C:\Program Files\Electronic Arts\EADM\Core.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SfKg6wIPuSpdcduD7
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
file: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Skype
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file: C:\Program Files\Skype\Phone\Skype.exe
size: 25623336
MD5: 9780A4EC41060F6164CC5DDDC815DB34

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:RunOnce, Shockwave Updater
where: S-1-5-21-2490314987-2349913300-1285092130-1000...
command: C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MySpaceIM
where: S-1-5-18...
command: C:\Program Files\MySpace\IM\MySpaceIM.exe
file: C:\Program Files\MySpace\IM\MySpaceIM.exe
size: 9117696
MD5: 24FB0BE24236C791201486D04DB7C41B

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-18...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: Startup (common), Microsoft Office.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98696
MD5: A6D772AA861E673636D48B6EB452ADE3

Located: Startup (disabled), LimeWire On Startup (DISABLED)
command: C:\PROGRA~1\LimeWire\LimeWire.exe -startup
file: C:\PROGRA~1\LimeWire\LimeWire.exe
size: 122880
MD5: 7B5D624FBB163CE7ACA3BDA9290F6702

Located: WinLogon, GoToAssist
command: C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
file: C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 27/02/2009 12:07:26 PM
Date (last access): 22/05/2009 9:28:38 PM
Date (last write): 27/02/2009 12:07:26 PM
Filesize: 75128
Attributes: archive
MD5: 5CF6190CD875DA6B35256FEE573E7908
CRC32: 764BA81B
Version: 9.1.0.163

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Skype add-on (mastermind)
CLSID name: Skype add-on (mastermind)
Path: C:\Program Files\Skype\Toolbars\Internet Explorer\
Long name: SkypeIEPlugin.dll
Short name: SKYPEI~1.DLL
Date (created): 4/08/2009 3:47:42 PM
Date (last access): 15/09/2009 8:38:18 PM
Date (last write): 4/08/2009 3:47:42 PM
Filesize: 1586472
Attributes: archive
MD5: D419F7E912A83A86B41FC1AE11AED22B
CRC32: 4A645895
Version: 3.3.0.3928

{243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyside.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein
Path: C:\Program Files\Microsoft Money\System\
Long name: mnyside.dll
Short name:
Date (created): 17/07/2002 11:00:00 AM
Date (last access): 16/06/2007 3:05:38 PM
Date (last write): 17/07/2002 11:00:00 AM
Filesize: 163906
Attributes: archive
MD5: BEED9AE28E5696C7C2EEA11075E258CE
CRC32: D7C7E8B5
Version: 11.0.0.716

{27B4851A-3207-45A2-B947-BE8AFE6163AB} (McAfee Phishing Filter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: McAfee Phishing Filter
CLSID name: McAfee Phishing Filter
Path: c:\PROGRA~1\mcafee\msk\
Long name: mskapbho.dll
Short name:
Date (created): 22/09/2009 6:10:46 PM
Date (last access): 8/07/2009 2:48:48 PM
Date (last write): 8/07/2009 2:48:48 PM
Filesize: 246800
Attributes: archive
MD5: 7B54980334E33FC209B5C56D80BF5A60
CRC32: DDC1BCFD
Version: 10.15.101.0

{3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: RealPlayer Download and Record Plugin for Internet Explorer
Path: C:\Program Files\Real\RealPlayer\
Long name: rpbrowserrecordplugin.dll
Short name: RPBROW~1.DLL
Date (created): 24/12/2008 8:43:18 PM
Date (last access): 24/12/2008 8:43:18 PM
Date (last write): 24/12/2008 8:43:18 PM
Filesize: 308856
Attributes: archive
MD5: 33440A3EF90AF7ED74EE55CA634A9CFA
CRC32: B00E58A9
Version: 1.0.1.57

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 20/08/2009 1:50:56 PM
Date (last access): 20/08/2009 1:50:56 PM
Date (last write): 26/01/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14

{547395D9-934A-CED6-B851-F238C86079E5} (PremiereAdvertisingPlatform)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: PremiereAdvertisingPlatform
CLSID name: PremiereAdvertisingPlatform
Path: C:\Program Files\PremiereAdvertisingPlatform\
Long name: PremiereAdvertisingPlatform.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: c:\PROGRA~1\mcafee\VIRUSS~1\
Long name: scriptsn.dll
Short name:
Date (created): 20/03/2009 8:46:44 PM
Date (last access): 8/07/2009 1:43:46 PM
Date (last write): 8/07/2009 1:43:46 PM
Filesize: 62784
Attributes: archive
MD5: E7FD30A856E6BD3EAB92B9D6C76E6B1B
CRC32: EA160385
Version: 14.0.0.433

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/01/2009 3:41:30 PM
Date (last access): 16/09/2009 5:01:04 PM
Date (last write): 22/01/2009 3:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 16/06/2009 12:46:04 AM
Date (last access): 16/06/2009 12:46:04 AM
Date (last write): 16/06/2009 12:46:04 AM
Filesize: 2403392
Attributes: readonly archive
MD5: 6319F2D4708DBCAE37CFA03DA10782C0
CRC32: D51D8296
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\
Long name: swg.dll
Short name:
Date (created): 24/03/2009 10:52:22 AM
Date (last access): 24/03/2009 10:52:22 AM
Date (last write): 24/03/2009 10:52:22 AM
Filesize: 668656
Attributes: archive
MD5: D1585B06DED161E13B905DC4FFBF7F12
CRC32: 88D5BAA5
Version: 5.1.1309.3572

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: c:\PROGRA~1\mcafee\SITEAD~1\
Long name: McIEPlg.dll
Short name:
Date (created): 20/03/2009 8:49:36 PM
Date (last access): 13/02/2009 11:44:56 AM
Date (last write): 13/02/2009 11:44:56 AM
Filesize: 150032
Attributes: archive
MD5: 4428FA80C5AC5D0C8F764207E651B65E
CRC32: 2025B4F6
Version: 1.0.2.158

{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Microsoft Money
classification: Open for discussion
known filename: mnyviewer.dll
info link: http://www.microsoft.com/money/default.asp
info source: TonyKlein



--- ActiveX list ---
{149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control)
DPF name:
CLSID name: SpinTop DRM Control
Installer:
Codebase: file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
Path: C:\Program Files\Women's Murder Club - Twice in a Blue Moon\Images\
Long name: stg_drm.ocx
Short name:
Date (created): 10/09/2009 5:53:44 AM
Date (last access): 3/10/2009 8:58:12 PM
Date (last write): 10/09/2009 5:53:44 AM
Filesize: 181584
Attributes: archive
MD5: C3068473076E4FC48E45EF16706C75B9
CRC32: 888A0DC0
Version: 1.0.0.8

{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
Path: C:\Windows\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 28/02/2007 2:21:04 PM
Date (last access): 28/02/2007 2:21:04 PM
Date (last write): 28/02/2007 2:21:04 PM
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\Windows\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 29/04/2009 6:29:00 PM
Date (last access): 16/06/2009 12:45:14 AM
Date (last write): 29/04/2009 6:29:00 PM
Filesize: 202168
Attributes: archive
MD5: 1B3A14C57997CC19974BA9F2BE5BD543
CRC32: D43621A2
Version: 11.5.0.596

{3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control)
DPF name:
CLSID name: Windows Live OneCare safety scanner control
Installer: C:\Windows\Downloaded Program Files\wlscCtrl2.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
Path: %ProgramFiles%\Windows Live Safety Center\
Long name: wlscCtrl2.dll

{5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)
DPF name:
CLSID name: UnoCtrl Class
Installer: C:\Windows\Downloaded Program Files\GAME_UNO1.INF
Codebase: http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
description:
classification: Legitimate
known filename: unomsnger.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: GAME_UNO1.dll
Short name: GAME_U~1.DLL
Date (created): 28/09/2007 4:41:28 AM
Date (last access): 28/09/2007 4:41:28 AM
Date (last write): 28/09/2007 4:41:28 AM
Filesize: 381960
Attributes: archive
MD5: 80F4A456633F78A26A3C6B16E64EFEC5
CRC32: 7DFC41A5
Version: 1.0.1201.1

{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab)
DPF name: System Requirements Lab
CLSID name: System Requirements Lab Class
Installer:
Codebase: http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
Path: C:\Windows\Downloaded Program Files\
Long name: sysreqlab2.dll
Short name: SYSREQ~1.DLL
Date (created): 29/03/2007 11:07:12 AM
Date (last access): 29/03/2007 11:07:12 AM
Date (last write): 29/03/2007 11:07:12 AM
Filesize: 206384
Attributes: archive
MD5: ED3B0F1BA60554B9D2E5AE1B02AD9306
CRC32: E2F1D780
Version: 2.30.0.0

{6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class)
DPF name:
CLSID name: ContactExtractor Class
Installer:
Codebase: http://www.facebook.com/controls/contactx.dll
Path: C:\Windows\Downloaded Program Files\
Long name: contactx.dll
Short name:
Date (created): 7/12/2008 1:51:50 PM
Date (last access): 7/12/2008 1:51:50 PM
Date (last write): 7/12/2008 1:51:42 PM
Filesize: 160488
Attributes: archive
MD5: 238A6FFC7EE17330C1C5859C7827EE2D
CRC32: 79676D36
Version: 1.0.0.1

{8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control)
DPF name:
CLSID name: Facebook Photo Uploader 5 Control
Installer: C:\Windows\Downloaded Program Files\PhotoUploader55.inf
Codebase: http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PhotoUploader55.ocx
Short name: PHOTOU~2.OCX
Date (created): 29/07/2009 9:21:24 PM
Date (last access): 29/07/2009 9:21:24 PM
Date (last write): 29/07/2009 9:21:24 PM
Filesize: 3540488
Attributes: archive
MD5: B36353934BB8B0E7CC8557AC5143EF41
CRC32: 3AC3C312
Version: 5.5.8.1

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control)
DPF name:
CLSID name: MySpace Uploader Control
Installer: C:\Windows\Downloaded Program Files\MySpaceUploader2.inf
Codebase: http://lads.myspace.com/upload/MySpaceUploader2.cab
Path: C:\Windows\Downloaded Program Files\
Long name: MySpaceUploader2.ocx
Short name: MYSPAC~1.OCX
Date (created): 14/05/2009 6:00:56 PM
Date (last access): 14/05/2009 6:00:56 PM
Date (last write): 14/05/2009 6:00:56 PM
Filesize: 3525696
Attributes: archive
MD5: DCE8E7C3E671006011C042F9A1F96DEC
CRC32: 9F1551E2
Version: 5.7.16.0

{A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl)
DPF name:
CLSID name: Diagnostics ActiveX WebControl
Installer: C:\Windows\Downloaded Program Files\DiagWebControl.inf
Codebase: http://support.microsoft.com/mats/DiagWebControl.cab
Path: C:\Windows\Downloaded Program Files\
Long name: DiagWAPI.dll
Short name:
Date (created): 25/08/2009 11:43:10 AM
Date (last access): 25/08/2009 11:43:10 AM
Date (last write): 25/08/2009 11:43:10 AM
Filesize: 128240
Attributes: archive
MD5: 807C94C248848A2C5A6CF67F75CF04B4
CRC32: 461CE22F
Version: 1.5.0.15

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 19/02/2007 11:26:28 AM
Date (last access): 19/02/2007 11:26:28 AM
Date (last write): 19/02/2007 11:26:28 AM
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 22/02/2007 10:41:12 PM
Date (last access): 22/02/2007 10:41:12 PM
Date (last write): 22/02/2007 10:41:12 PM
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: ssv.dll
Short name:
Date (created): 19/10/2007 10:58:54 AM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 501136
Attributes: archive
MD5: D787E3123FAD2BD58AB45B9A5C360ACD
CRC32: DDC625C2
Version: 6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24/09/2007 11:31:44 PM
Date (last access): 24/09/2007 11:31:44 PM
Date (last write): 25/09/2007 1:11:34 AM
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control)
DPF name:
CLSID name: ArmHelper Control
Installer:
Codebase: file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
Path:
Long name: ./Images/armhelper.ocx

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\CONFLICT.55\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash10c.ocx
Short name:
Date (created): 18/07/2009 11:12:12 AM
Date (last access): 20/08/2009 10:08:50 AM
Date (last write): 18/07/2009 11:12:12 AM
Filesize: 3979680
Attributes: readonly archive
MD5: 43C6ACDFB92A18C3E516E6BD5F1ACD51
CRC32: D6F40D46
Version: 10.0.32.18

{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
description:
classification: Legitimate
known filename: MineSweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MineSweeper.dll
Short name: MINESW~1.DLL
Date (created): 28/02/2007 2:21:04 PM
Date (last access): 28/02/2007 2:21:04 PM
Date (last write): 28/02/2007 2:21:04 PM
Filesize: 130472
Attributes: archive
MD5: E661E91B5929632665683222D509D271
CRC32: 63A9B975
Version: 9.5.6986.1



--- Process list ---
PID: 3764 (1940) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
size: 186904
MD5: 9E41266C68C11D7101A2D18CD1F7553E
PID: 1636 (1048) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 4032 (3840) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 1964 ( 832) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
size: 645328
MD5: EAE3C29E6B437F970D014E59D462A66E
PID: 2704 (1100) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 3104 (4032) C:\Windows\SOUNDMAN.EXE
size: 598016
MD5: A41A73F3D1BE4350CBA9125247EFF330
PID: 3752 (4032) C:\Program Files\iTunes\iTunesHelper.exe
size: 305440
MD5: D1458A77A6E15462CB96D34089549BAC
PID: 1536 (4032) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3728 (4032) C:\Program Files\Skype\Phone\Skype.exe
size: 25623336
MD5: 9780A4EC41060F6164CC5DDDC815DB34
PID: 4104 (4032) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
size: 98696
MD5: A6D772AA861E673636D48B6EB452ADE3
PID: 5280 (3728) C:\Program Files\Skype\Plugin Manager\skypePM.exe
size: 77360
MD5: A3996F435192AAEE6CB5D7E45E3A51FF
PID: 3604 (1100) C:\Windows\system32\taskeng.exe
size: 169984
MD5: E5BBFC283D6F5D69B41E464676361020
PID: 5436 (1100) C:\Windows\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 5900 (3604) C:\Windows\system32\sdclt.exe
size: 1169408
MD5: 0427038DD4FC9C653AEE8B0E0C36323A
PID: 1992 ( 832) C:\PROGRA~1\INCRED~1\bin\IMApp.exe
size: 143408
MD5: 82DE7916EAB1FE749BCBC2C997BB7F88
PID: 2228 (4032) C:\Program Files\Internet Explorer\iexplore.exe
size: 638216
MD5: C33BD196A0301F9B23D9A003D30ED8B0
PID: 6128 (2228) C:\Program Files\Internet Explorer\iexplore.exe
size: 638216
MD5: C33BD196A0301F9B23D9A003D30ED8B0
PID: 6104 ( 832) C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
size: 257440
MD5: AE619F242F2CE340F3B33DDEAA88248D
PID: 5176 ( 832) C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
size: 238888
MD5: AE82B3B6A33DC23019B604DA5920D726
PID: 764 (4032) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 452 ( 4) smss.exe
size: 64000
PID: 524 ( 512) csrss.exe
size: 6144
PID: 572 ( 512) wininit.exe
size: 96768
PID: 584 ( 564) csrss.exe
size: 6144
PID: 616 ( 572) services.exe
size: 279552
PID: 628 ( 572) lsass.exe
size: 9728
PID: 640 ( 572) lsm.exe
size: 229888
PID: 724 ( 564) winlogon.exe
size: 314368
PID: 832 ( 616) svchost.exe
size: 21504
PID: 892 ( 616) svchost.exe
size: 21504
PID: 932 ( 616) svchost.exe
size: 21504
PID: 1020 ( 616) svchost.exe
size: 21504
PID: 1048 ( 616) svchost.exe
size: 21504
PID: 1060 ( 616) LVPrcSrv.exe
PID: 1100 ( 616) svchost.exe
size: 21504
PID: 1204 (1020) audiodg.exe
size: 88576
PID: 1236 ( 616) svchost.exe
size: 21504
PID: 1288 ( 616) SLsvc.exe
size: 3408896
PID: 1392 ( 616) svchost.exe
size: 21504
PID: 1524 ( 616) svchost.exe
size: 21504
PID: 1744 ( 616) spoolsv.exe
size: 127488
PID: 1772 ( 616) svchost.exe
size: 21504
PID: 2032 ( 616) alg.exe
size: 59392
PID: 292 ( 616) AppleMobileDeviceService.exe
PID: 340 ( 616) mDNSResponder.exe
PID: 360 ( 616) svchost.exe
size: 21504
PID: 484 ( 616) findbasic125.exe
PID: 1520 ( 616) iWinTrusted.exe
PID: 1412 ( 12) GoogleUpdate.exe
PID: 1940 ( 616) LVComSer.exe
PID: 1168 ( 616) McSACore.exe
PID: 1232 ( 616) McProxy.exe
PID: 372 (1168) rundll32.exe
size: 44544
PID: 1972 ( 616) Mcshield.exe
PID: 2160 ( 616) MpfSrv.exe
PID: 2212 ( 616) msdtc.exe
size: 105984
PID: 2268 ( 616) msksrver.exe
PID: 2356 ( 616) svchost.exe
size: 21504
PID: 2412 ( 616) svchost.exe
size: 21504
PID: 2484 ( 616) svchost.exe
size: 21504
PID: 2556 ( 616) TosBtSrv.exe
PID: 2616 ( 616) UI0Detect.exe
size: 35840
PID: 2712 ( 616) svchost.exe
size: 21504
PID: 2772 ( 616) SearchIndexer.exe
size: 441344
PID: 2864 ( 616) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 3784 (1100) taskeng.exe
size: 169984
PID: 2612 ( 616) mcmscsvc.exe
PID: 1340 ( 484) findbasic.exe
PID: 3856 ( 616) mcsysmon.exe
PID: 4516 ( 616) iPodService.exe
PID: 4688 ( 616) McNASvc.exe
PID: 6048 ( 616) svchost.exe
size: 21504
PID: 240 (4804) mcbuilder.exe
size: 275968


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7/10/2009 9:19:03 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://mystart.incredigames.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84515D64-3732-42BE-8168-D4B7565F6FCF}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84515D64-3732-42BE-8168-D4B7565F6FCF}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9301A1AA-AFB7-488A-A016-617ACB5804D9}] SEQPACKET 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9301A1AA-AFB7-488A-A016-617ACB5804D9}] DATAGRAM 11
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EE4FFEE7-7514-475C-99A5-3F696951B124}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EE4FFEE7-7514-475C-99A5-3F696951B124}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F0F36E5B-E2CF-490B-B78A-39ED5D75B194}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{818D500F-D943-4257-95A5-CFD5C3AE9A9C}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{842C9C07-BF36-4E9E-B0FE-BB8E50363DEA}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 32: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6A52C23F-71F7-4E2E-98F5-C1D094991C61}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 33: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84515D64-3732-42BE-8168-D4B7565F6FCF}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 34: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{84515D64-3732-42BE-8168-D4B7565F6FCF}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

Namespace Provider 5: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace

Namespace Provider 6: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Shaba
2009-10-07, 21:19
So looks like it didn't find anything.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

toladogold
2009-10-08, 10:11
By the way, I also have incredigames's "MyStart" which has taken over from Google and I can't seem to get rid of that either.

Results of RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-10-08 14:37:16
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 48 GB (31%) free of 153 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:37 PM, on 8/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13533 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{9B855E8D-610D-473F-A0DC-00A6900276B0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2007-03-09 598016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"DealAssistant"=C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe []
"SfKg6wIPuSpdcduD7"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2007-05-20 208946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-09-03 475180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-12-11 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2007-01-30 122880]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05eb7ce-16ce-11dc-b5c0-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2037-04-19 04:03:21 ----D---- C:\ProgramData\CyberLink
2037-04-19 04:02:59 ----D---- C:\Program Files\CyberLink
2037-04-19 03:54:35 ----D---- C:\ProgramData\Nero
2037-04-19 03:54:35 ----D---- C:\Program Files\Nero
2037-04-19 03:08:33 ----D---- C:\Windows\Panther
2037-04-19 03:08:19 ----SHD---- C:\Boot
2037-04-19 03:05:02 ----D---- C:\Program Files\Microsoft Visual Studio
2037-04-19 02:57:45 ----A---- C:\Windows\system32\msonpmon.dll
2037-04-19 02:57:18 ----D---- C:\Program Files\Microsoft Works
2037-04-19 02:57:03 ----D---- C:\Program Files\Common Files\DESIGNER
2037-04-19 02:56:44 ----D---- C:\Windows\PCHEALTH
2037-04-19 02:56:44 ----D---- C:\Program Files\Microsoft.NET
2037-04-19 02:55:38 ----D---- C:\Windows\SHELLNEW
2037-04-19 02:55:08 ----D---- C:\ProgramData\Microsoft Help
2037-04-19 02:55:08 ----D---- C:\Program Files\Microsoft Office
2037-04-19 02:54:46 ----RHD---- C:\MSOCache
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_30.dll
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_28.dll
2037-04-19 02:30:49 ----SHD---- C:\Windows\Installer
2037-04-19 02:29:47 ----D---- C:\arrow
2037-04-19 02:27:08 ----A---- C:\Windows\system32\NeroCheck.exe
2037-04-19 02:26:13 ----D---- C:\Program Files\Common Files\Nero
2037-04-19 02:25:50 ----A---- C:\Windows\system32\msxml3a.dll
2037-04-19 02:25:04 ----D---- C:\ProgramData\Ahead
2037-04-19 02:25:02 ----A---- C:\Windows\system32\TwnLib20.dll
2037-04-19 02:25:02 ----A---- C:\Windows\system32\picn20.dll
2037-04-19 02:24:57 ----D---- C:\Program Files\Common Files\Ahead
2037-04-19 02:24:55 ----D---- C:\Program Files\Ahead
2037-04-19 02:23:27 ----A---- C:\Windows\system32\ChCfg.exe
2037-04-19 02:22:44 ----D---- C:\Program Files\Realtek AC97
2037-04-19 02:22:38 ----A---- C:\Windows\system32\RtlCPAPI.dll
2037-04-19 02:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2037-04-19 02:22:06 ----D---- C:\Program Files\Common Files\InstallShield
2037-04-19 02:10:30 ----D---- C:\Windows\Debug
2037-04-19 02:09:09 ----D---- C:\Windows\Prefetch
2009-10-08 14:37:16 ----D---- C:\rsit
2009-10-07 11:04:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wucltux.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wups.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wudriver.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wuapi.dll
2009-10-07 10:59:47 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-07 10:59:46 ----A---- C:\Windows\system32\wuapp.exe
2009-10-06 11:18:12 ----D---- C:\Program Files\Mad Skills Motocross Demo
2009-10-05 22:46:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-10-03 20:58:10 ----D---- C:\Program Files\Women's Murder Club - Twice in a Blue Moon
2009-10-03 20:50:20 ----D---- C:\Program Files\Pantheon
2009-10-03 01:18:55 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-03 00:33:57 ----D---- C:\Users\Owner\AppData\Roaming\Magic Academy 2
2009-10-02 23:40:59 ----D---- C:\Program Files\Trend Micro
2009-10-02 23:34:03 ----D---- C:\Windows\ERDNT
2009-10-02 23:29:18 ----D---- C:\Program Files\ERUNT
2009-10-01 00:38:45 ----D---- C:\Windows\system32\WindowsPowerShell
2009-10-01 00:34:00 ----D---- C:\Program Files\Microsoft ATS
2009-09-29 01:39:45 ----D---- C:\ProgramData\Electronic Arts
2009-09-28 23:09:56 ----RA---- C:\Windows\system32\vp6vfw.dll
2009-09-28 22:28:42 ----D---- C:\Program Files\Electronic Arts
2009-09-28 16:11:54 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-28 16:08:19 ----D---- C:\Program Files\iPod
2009-09-28 16:08:05 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-28 16:08:05 ----D---- C:\Program Files\iTunes
2009-09-28 16:02:33 ----D---- C:\Program Files\QuickTime
2009-09-28 15:47:03 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-27 21:25:47 ----D---- C:\ProgramData\SOS
2009-09-25 23:28:48 ----D---- C:\Windows\system32\eu-ES
2009-09-25 23:28:48 ----D---- C:\Windows\system32\ca-ES
2009-09-25 23:28:41 ----D---- C:\Windows\system32\vi-VN
2009-09-25 23:01:23 ----D---- C:\Users\Owner\AppData\Roaming\FlyWheelGames
2009-09-24 13:37:02 ----HD---- C:\Windows\PIF
2009-09-23 22:38:35 ----D---- C:\ProgramData\Findbasic
2009-09-23 22:38:35 ----D---- C:\Program Files\Findbasic
2009-09-23 22:38:31 ----D---- C:\Users\Owner\AppData\Roaming\DealAssistant
2009-09-23 22:38:30 ----A---- C:\Windows\system32\5c78.dll
2009-09-22 23:23:07 ----D---- C:\Program Files\iWin Games
2009-09-19 22:59:22 ----D---- C:\Users\Owner\AppData\Roaming\Merscom
2009-09-19 22:59:22 ----D---- C:\ProgramData\Merscom
2009-09-16 17:11:25 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-09-16 17:08:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-09-16 17:01:56 ----D---- C:\Program Files\Microsoft
2009-09-16 17:00:23 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-16 16:59:17 ----D---- C:\Program Files\Windows Live
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-14 18:54:25 ----D---- C:\Users\Owner\AppData\Roaming\skypePM
2009-09-14 18:48:52 ----D---- C:\Users\Owner\AppData\Roaming\Skype
2009-09-14 17:42:54 ----D---- C:\Program Files\Common Files\Skype
2009-09-14 17:42:49 ----RD---- C:\Program Files\Skype
2009-09-14 17:42:20 ----D---- C:\ProgramData\Skype
2009-09-11 20:53:32 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-09-11 20:28:05 ----D---- C:\Program Files\Codemasters
2009-09-10 13:21:30 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 13:21:12 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 13:21:09 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\finger.exe
2009-09-10 13:21:06 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 13:21:05 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 13:21:03 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 13:19:24 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 13:19:15 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 13:19:14 ----A---- C:\Windows\system32\mf.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfps.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-10 13:19:12 ----A---- C:\Windows\system32\mferror.dll

======List of files/folders modified in the last 1 months======

2037-04-19 02:49:33 ----D---- C:\Windows\system32\NDF
2009-10-08 14:37:23 ----D---- C:\Windows\Temp
2009-10-08 13:36:39 ----D---- C:\Windows\Tasks
2009-10-08 13:32:43 ----D---- C:\Windows\tracing
2009-10-08 00:27:20 ----AD---- C:\ProgramData\TEMP
2009-10-07 21:19:23 ----D---- C:\Windows\rescache
2009-10-07 20:59:13 ----D---- C:\ProgramData\Google Updater
2009-10-07 20:53:59 ----D---- C:\Windows\system32\en-US
2009-10-07 20:53:59 ----D---- C:\Windows\System32
2009-10-07 12:34:17 ----D---- C:\Windows\winsxs
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot2
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot
2009-10-07 11:00:46 ----SHD---- C:\System Volume Information
2009-10-07 10:50:35 ----D---- C:\Windows
2009-10-06 11:18:12 ----RD---- C:\Program Files
2009-10-05 22:52:08 ----D---- C:\Program Files\iWin.com
2009-10-03 20:58:57 ----D---- C:\ProgramData\Flood Light Games
2009-10-03 20:58:56 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2009-10-03 20:48:37 ----D---- C:\BigFishGamesCache
2009-10-02 18:15:43 ----A---- C:\Windows\NeroDigital.ini
2009-10-02 18:15:10 ----A---- C:\Windows\ntbtlog.txt
2009-10-02 01:15:21 ----HD---- C:\ProgramData
2009-10-01 22:33:23 ----D---- C:\Program Files\Oberon Media
2009-10-01 22:33:23 ----D---- C:\Program Files\IncrediGames
2009-10-01 20:42:13 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2009-10-01 20:14:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-01 20:14:50 ----D---- C:\Windows\inf
2009-10-01 01:41:29 ----D---- C:\Program Files\SGPSA
2009-10-01 01:12:06 ----D---- C:\Windows\Microsoft.NET
2009-10-01 00:49:23 ----D---- C:\Windows\AppPatch
2009-10-01 00:34:16 ----SD---- C:\Windows\Downloaded Program Files
2009-09-30 16:57:35 ----D---- C:\Windows\system32\drivers
2009-09-30 14:05:20 ----D---- C:\Program Files\Registry Mechanic
2009-09-30 00:55:49 ----D---- C:\Program Files\NCH Software
2009-09-28 16:11:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-28 16:08:18 ----D---- C:\Program Files\Common Files\Apple
2009-09-27 21:09:08 ----D---- C:\Program Files\bfgclient
2009-09-26 00:01:46 ----RSD---- C:\Windows\assembly
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Mail
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Calendar
2009-09-25 23:33:01 ----D---- C:\Program Files\Movie Maker
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Sidebar
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Media Player
2009-09-25 23:32:59 ----D---- C:\Program Files\Internet Explorer
2009-09-25 23:32:58 ----D---- C:\Program Files\Windows Collaboration
2009-09-25 23:32:54 ----D---- C:\Program Files\Common Files\System
2009-09-25 23:32:52 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-25 23:32:39 ----D---- C:\Program Files\Windows Defender
2009-09-25 23:32:38 ----D---- C:\Windows\servicing
2009-09-25 23:31:57 ----D---- C:\Windows\IME
2009-09-25 23:31:55 ----D---- C:\Windows\system32\XPSViewer
2009-09-25 23:31:54 ----D---- C:\Windows\system32\sk-SK
2009-09-25 23:31:54 ----D---- C:\Windows\system32\lv-LV
2009-09-25 23:31:54 ----D---- C:\Windows\system32\ko-KR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\hr-HR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\et-EE
2009-09-25 23:31:54 ----D---- C:\Windows\system32\da-DK
2009-09-25 23:31:26 ----D---- C:\Windows\system32\de-DE
2009-09-25 23:31:25 ----D---- C:\Windows\system32\it-IT
2009-09-25 23:31:25 ----D---- C:\Windows\system32\el-GR
2009-09-25 23:31:24 ----D---- C:\Windows\system32\oobe
2009-09-25 23:31:22 ----D---- C:\Windows\system32\migration
2009-09-25 23:31:10 ----D---- C:\Windows\system32\ru-RU
2009-09-25 23:31:10 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-25 23:31:09 ----D---- C:\Windows\system32\sv-SE
2009-09-25 23:31:09 ----D---- C:\Windows\system32\setup
2009-09-25 23:31:09 ----D---- C:\Windows\system32\hu-HU
2009-09-25 23:31:09 ----D---- C:\Windows\system32\he-IL
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fr-FR
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fi-FI
2009-09-25 23:31:09 ----D---- C:\Windows\system32\cs-CZ
2009-09-25 23:31:08 ----D---- C:\Windows\system32\SLUI
2009-09-25 23:31:08 ----D---- C:\Windows\system32\pt-PT
2009-09-25 23:31:02 ----D---- C:\Windows\system32\zh-CN
2009-09-25 23:31:02 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-25 23:31:02 ----D---- C:\Windows\system32\manifeststore
2009-09-25 23:31:02 ----D---- C:\Windows\system32\es-ES
2009-09-25 23:31:02 ----D---- C:\Windows\system32\en
2009-09-25 23:31:01 ----D---- C:\Windows\system32\zh-TW
2009-09-25 23:31:01 ----D---- C:\Windows\system32\uk-UA
2009-09-25 23:31:01 ----D---- C:\Windows\system32\sl-SI
2009-09-25 23:31:01 ----D---- C:\Windows\system32\pl-PL
2009-09-25 23:31:01 ----D---- C:\Windows\system32\ja-JP
2009-09-25 23:31:01 ----D---- C:\Windows\system32\bg-BG
2009-09-25 23:31:00 ----D---- C:\Windows\system32\ro-RO
2009-09-25 23:30:56 ----D---- C:\Windows\system32\th-TH
2009-09-25 23:30:51 ----D---- C:\Windows\system32\tr-TR
2009-09-25 23:30:47 ----D---- C:\Windows\system32\wbem
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nl-NL
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nb-NO
2009-09-25 23:30:39 ----D---- C:\Windows\system32\lt-LT
2009-09-25 23:30:39 ----D---- C:\Windows\system32\ar-SA
2009-09-25 23:30:37 ----D---- C:\Windows\system32\pt-BR
2009-09-25 23:30:37 ----D---- C:\Windows\system32\migwiz
2009-09-25 23:29:10 ----RSD---- C:\Windows\Fonts
2009-09-25 23:28:41 ----D---- C:\Windows\system32\Boot
2009-09-25 22:50:26 ----D---- C:\Users\Owner\AppData\Roaming\Princess Isabella
2009-09-23 22:41:06 ----D---- C:\Program Files\Mozilla Firefox
2009-09-23 14:04:35 ----D---- C:\Program Files\McAfee
2009-09-22 23:23:23 ----D---- C:\Windows\system32\Tasks
2009-09-16 17:04:53 ----D---- C:\Windows\SoftwareDistribution
2009-09-16 17:04:02 ----D---- C:\Program Files\MSN Messenger
2009-09-16 17:01:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files
2009-09-16 16:52:21 ----SD---- C:\ProgramData\Microsoft
2009-09-14 17:48:39 ----D---- C:\Program Files\Google
2009-09-10 23:54:46 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-12-27 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\sisnic.sys [2006-11-02 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-03-27 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys []
S3 SiS315;SiS315; C:\Windows\system32\DRIVERS\sisgrp.sys [2006-11-02 256000]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-01-12 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-01-24 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-01-12 40576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Findbasic Service;Findbasic Service; C:\ProgramData\Findbasic\findbasic125.exe [2009-09-23 54776]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-09-03 78104]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 gupdate1ca352042073a72;Google Update Service (gupdate1ca352042073a72); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe [2009-06-08 16680]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-26 66872]

-----------------EOF-----------------

toladogold
2009-10-08, 10:12
info.txt logfile of random's system information tool 1.06 2009-10-08 14:37:48

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Airport Mania (remove only)-->"C:\Program Files\iWin.com\Airport Mania\Uninstall.exe"
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aveyond: Lord of Twilight (remove only)-->"C:\Program Files\iWin.com\Aveyond Lord of Twilight\Uninstall.exe"
Babysitting Mania (remove only)-->"C:\Program Files\iWin.com\Babysitting Mania\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP180-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x0009
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Deer Hunter - The 2005 Season Demo-->"C:\Program Files\Atari\Deer Hunter 2005 Demo\unins000.exe"
Dream Chronicles: The Chosen Child (remove only)-->"C:\Program Files\iWin.com\Dream Chronicles The Chosen Child\Uninstall.exe"
Dream Vacation Solitaire FREE-->"C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\Uninstall.exe" "C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\install.log"
Enemy Territory - QUAKE Wars(TM) Demo 2-->C:\Program Files\InstallShield Installation Information\{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}\setup.exe -runfromtemp -l0x0409
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FFPremiereAdvertisingPlatform-->C:\Program Files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\uninstall.exe uninstall=premiereadvertisingplatformff
Findbasic 1.0 build 125-->C:\Program Files\Findbasic\uninstall.exe
Fishdom (remove only)-->"C:\Program Files\iWin.com\Fishdom\Uninstall.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.25\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.516-->C:\Program Files\Citrix\GoToAssist\516\G2AUninstaller.exe /uninstall
Heroes Of Hellas (remove only)-->"C:\Program Files\iWin.com\Heroes Of Hellas\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest Mysteries: Trail of the Midnight Heart (remove only)-->"C:\Program Files\iWin.com\Jewel Quest Mysteries Trail of the Midnight Heart\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Just Cause 1.00.0000-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x9 -removeonly
Karate 3D-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Karate 3D\Uninst.isu"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire 4.12.11-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Mad Skills Motocross Demo-->C:\Program Files\Mad Skills Motocross Demo\uninstall.exe
Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Magic Academy 2 (remove only)-->"C:\Program Files\iWin.com\Magic Academy 2\Uninstall.exe"
Magic Utilities 2008 Version 5.51-->"C:\Program Files\Mgutil\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{FCC07EEA-FA18-4A21-9105-9666603C6885}
MessengerDiscovery 1.5.0800-->"C:\Program Files\MessengerDiscovery\unins001.exe"
MessengerDiscovery 2.0.44-->"C:\Program Files\MessengerDiscovery 2\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Money System Pack-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft Motocross Madness 2 Trial-->"C:\Program Files\Microsoft Games\Motocross Madness 2 Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mirar-->mshta.exe http://remove.getmirar.com/
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nancy Drew Dossier: Resorting to Danger (remove only)-->"C:\Program Files\iWin.com\Nancy Drew Dossier Resorting to Danger\Uninstall.exe"
Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
Nero 7 Essentials-->MsiExec.exe /X{2D0ECDC9-1595-473C-8716-35FEE3C01033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Paintball Heroes-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Paintball Heroes\Uninst.isu"
Pantheon-->"C:\Program Files\Pantheon\Uninstall.exe"
PFConfig 1.0.223-->C:\Program Files\PFConfig\uninst.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Race Driver 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A137D52E-FA96-4815-85F5-E7B8F66837DB}\setup.exe" -l0x9 -removeonly
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soldier of Fortune Platinum-->C:\Windows\IsUninst.exe -f"C:\Program Files\Raven\SOF PLATINUM\sofplat.isu"
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Splinter Cell Pandora Tomorrow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarOffice 8-->MsiExec.exe /I{86E2FE20-6679-4F30-B8E0-36D5BF6018BE}
Super Motocross Kings-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Super Motocross Kings\Uninst.isu"
Superbike Racing-->C:\Windows\IsUninst.exe -f"C:\Program Files\NodTronics Pty Ltd\Superbike Racing\Uninst.isu"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Townopolis (remove only)-->"C:\Program Files\iWin.com\Townopolis\Uninstall.exe"
Transport Giant-->MsiExec.exe /I{14288914-DED4-43D3-8B24-7F7EA9BDB0A5}
Tweak UI-->"C:\Windows\system32\mshta.exe" "res://C:\Windows\system32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
WinAce Archiver - Powered by AdVantage-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Women's Murder Club - Twice in a Blue Moon-->C:\Program Files\Women's Murder Club - Twice in a Blue Moon\uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender

======System event log======

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 210847
Source Name: Tcpip
Time Written: 20090515114825.144533-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 210844
Source Name: Tcpip
Time Written: 20090515104026.476874-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 210833
Source Name: Tcpip
Time Written: 20090515083621.025335-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SCMNdisP
Record Number: 210803
Source Name: Service Control Manager
Time Written: 20090515082524.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7022
Message: The Diagnostic Service Host service hung on starting.
Record Number: 210802
Source Name: Service Control Manager
Time Written: 20090515082524.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2df0 Start Time: 01c8feee6e5eb502 Termination Time: 0
Record Number: 46963
Source Name: Application Hang
Time Written: 20080815155018.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 222c Start Time: 01c8feed52cc72f3 Termination Time: 0
Record Number: 46961
Source Name: Application Hang
Time Written: 20080815155003.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6001.18000, time stamp 0x47918f11, faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception code 0xc0000005, fault offset 0x000a24b2, process id 0x2f7c, application start time 0x01c8fee9ce2dc2bb.
Record Number: 46959
Source Name: Application Error
Time Written: 20080815154057.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2490314987-2349913300-1285092130-1000_Classes:
Process 880 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000_CLASSES

Record Number: 46845
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080814163058.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
6 user registry handles leaked from \Registry\User\S-1-5-21-2490314987-2349913300-1285092130-1000:
Process 880 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3328 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner

Record Number: 46844
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080814163056.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Owner-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x254ba

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 65523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224164144.812875-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x514
Name: C:\Windows\System32\svchost.exe

Previous Time: 1:41:34 AM 25/12/2008
New Time: 1:41:34 AM 25/12/2008

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 65522
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224164136.859750-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 65521
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081224164135.531625-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2490314987-2349913300-1285092130-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x19233

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 65520
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224164122.829362-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 65519
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081224150714.797414-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2009-10-08, 16:59
First if all, you have too little RAM for Vista to work smoothly.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.12.11


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder.

Please run a new rsit log scan when finished and post the log back here.

toladogold
2009-10-09, 17:53
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-10-09 22:40:43
Microsoft® Windows Vista™ Home Basic Service Pack 2
System drive C: has 46 GB (30%) free of 153 GB
Total RAM: 1023 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:51 PM, on 9/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13386 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{9B855E8D-610D-473F-A0DC-00A6900276B0}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395D9-934A-CED6-B851-F238C86079E5}]
PremiereAdvertisingPlatform - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-06-16 2403392]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"SoundMan"=C:\Windows\SOUNDMAN.EXE [2007-03-09 598016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"DealAssistant"=C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe []
"SfKg6wIPuSpdcduD7"=C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe []
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiYo]
C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2007-05-20 208946]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe [2007-09-03 475180]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-12-11 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b05eb7ce-16ce-11dc-b5c0-806e6f6e6963}]
shell\AutoRun\command - D:\autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2037-04-19 04:03:21 ----D---- C:\ProgramData\CyberLink
2037-04-19 04:02:59 ----D---- C:\Program Files\CyberLink
2037-04-19 03:54:35 ----D---- C:\ProgramData\Nero
2037-04-19 03:54:35 ----D---- C:\Program Files\Nero
2037-04-19 03:08:33 ----D---- C:\Windows\Panther
2037-04-19 03:08:19 ----SHD---- C:\Boot
2037-04-19 03:05:02 ----D---- C:\Program Files\Microsoft Visual Studio
2037-04-19 02:57:45 ----A---- C:\Windows\system32\msonpmon.dll
2037-04-19 02:57:18 ----D---- C:\Program Files\Microsoft Works
2037-04-19 02:57:03 ----D---- C:\Program Files\Common Files\DESIGNER
2037-04-19 02:56:44 ----D---- C:\Windows\PCHEALTH
2037-04-19 02:56:44 ----D---- C:\Program Files\Microsoft.NET
2037-04-19 02:55:38 ----D---- C:\Windows\SHELLNEW
2037-04-19 02:55:08 ----D---- C:\ProgramData\Microsoft Help
2037-04-19 02:55:08 ----D---- C:\Program Files\Microsoft Office
2037-04-19 02:54:46 ----RHD---- C:\MSOCache
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_30.dll
2037-04-19 02:31:24 ----A---- C:\Windows\system32\d3dx9_28.dll
2037-04-19 02:30:49 ----SHD---- C:\Windows\Installer
2037-04-19 02:29:47 ----D---- C:\arrow
2037-04-19 02:27:08 ----A---- C:\Windows\system32\NeroCheck.exe
2037-04-19 02:26:13 ----D---- C:\Program Files\Common Files\Nero
2037-04-19 02:25:50 ----A---- C:\Windows\system32\msxml3a.dll
2037-04-19 02:25:04 ----D---- C:\ProgramData\Ahead
2037-04-19 02:25:02 ----A---- C:\Windows\system32\TwnLib20.dll
2037-04-19 02:25:02 ----A---- C:\Windows\system32\picn20.dll
2037-04-19 02:24:57 ----D---- C:\Program Files\Common Files\Ahead
2037-04-19 02:24:55 ----D---- C:\Program Files\Ahead
2037-04-19 02:23:27 ----A---- C:\Windows\system32\ChCfg.exe
2037-04-19 02:22:44 ----D---- C:\Program Files\Realtek AC97
2037-04-19 02:22:38 ----A---- C:\Windows\system32\RtlCPAPI.dll
2037-04-19 02:22:36 ----HD---- C:\Program Files\InstallShield Installation Information
2037-04-19 02:22:06 ----D---- C:\Program Files\Common Files\InstallShield
2037-04-19 02:10:30 ----D---- C:\Windows\Debug
2037-04-19 02:09:09 ----D---- C:\Windows\Prefetch
2009-10-08 14:37:16 ----D---- C:\rsit
2009-10-07 11:04:03 ----A---- C:\Windows\system32\wups2.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wucltux.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-07 11:04:02 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wups.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wudriver.dll
2009-10-07 11:01:21 ----A---- C:\Windows\system32\wuapi.dll
2009-10-07 10:59:47 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-07 10:59:46 ----A---- C:\Windows\system32\wuapp.exe
2009-10-06 11:18:12 ----D---- C:\Program Files\Mad Skills Motocross Demo
2009-10-05 22:46:03 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-10-03 20:58:10 ----D---- C:\Program Files\Women's Murder Club - Twice in a Blue Moon
2009-10-03 20:50:20 ----D---- C:\Program Files\Pantheon
2009-10-03 01:18:55 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-03 00:33:57 ----D---- C:\Users\Owner\AppData\Roaming\Magic Academy 2
2009-10-02 23:40:59 ----D---- C:\Program Files\Trend Micro
2009-10-02 23:34:03 ----D---- C:\Windows\ERDNT
2009-10-02 23:29:18 ----D---- C:\Program Files\ERUNT
2009-10-01 00:38:45 ----D---- C:\Windows\system32\WindowsPowerShell
2009-10-01 00:34:00 ----D---- C:\Program Files\Microsoft ATS
2009-09-29 01:39:45 ----D---- C:\ProgramData\Electronic Arts
2009-09-28 23:09:56 ----RA---- C:\Windows\system32\vp6vfw.dll
2009-09-28 22:28:42 ----D---- C:\Program Files\Electronic Arts
2009-09-28 16:11:54 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-28 16:08:19 ----D---- C:\Program Files\iPod
2009-09-28 16:08:05 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-28 16:08:05 ----D---- C:\Program Files\iTunes
2009-09-28 16:02:33 ----D---- C:\Program Files\QuickTime
2009-09-28 15:47:03 ----D---- C:\Program Files\iPhone Configuration Utility
2009-09-27 21:25:47 ----D---- C:\ProgramData\SOS
2009-09-25 23:28:48 ----D---- C:\Windows\system32\eu-ES
2009-09-25 23:28:48 ----D---- C:\Windows\system32\ca-ES
2009-09-25 23:28:41 ----D---- C:\Windows\system32\vi-VN
2009-09-25 23:01:23 ----D---- C:\Users\Owner\AppData\Roaming\FlyWheelGames
2009-09-24 13:37:02 ----HD---- C:\Windows\PIF
2009-09-23 22:38:35 ----D---- C:\ProgramData\Findbasic
2009-09-23 22:38:35 ----D---- C:\Program Files\Findbasic
2009-09-23 22:38:31 ----D---- C:\Users\Owner\AppData\Roaming\DealAssistant
2009-09-23 22:38:30 ----A---- C:\Windows\system32\5c78.dll
2009-09-22 23:23:07 ----D---- C:\Program Files\iWin Games
2009-09-19 22:59:22 ----D---- C:\Users\Owner\AppData\Roaming\Merscom
2009-09-19 22:59:22 ----D---- C:\ProgramData\Merscom
2009-09-16 17:11:25 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-09-16 17:08:29 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-09-16 17:01:56 ----D---- C:\Program Files\Microsoft
2009-09-16 17:00:23 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-16 16:59:17 ----D---- C:\Program Files\Windows Live
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-14 18:54:25 ----D---- C:\Users\Owner\AppData\Roaming\skypePM
2009-09-14 18:48:52 ----D---- C:\Users\Owner\AppData\Roaming\Skype
2009-09-14 17:42:54 ----D---- C:\Program Files\Common Files\Skype
2009-09-14 17:42:49 ----RD---- C:\Program Files\Skype
2009-09-14 17:42:20 ----D---- C:\ProgramData\Skype
2009-09-11 20:53:32 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-09-11 20:28:05 ----D---- C:\Program Files\Codemasters
2009-09-10 13:21:30 ----A---- C:\Windows\system32\jscript.dll
2009-09-10 13:21:12 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-10 13:21:09 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-10 13:21:08 ----A---- C:\Windows\system32\ARP.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-10 13:21:07 ----A---- C:\Windows\system32\finger.exe
2009-09-10 13:21:06 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-10 13:21:05 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-10 13:21:03 ----A---- C:\Windows\system32\netevent.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-10 13:19:26 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlansec.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-10 13:19:25 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-10 13:19:24 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-10 13:19:15 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-10 13:19:14 ----A---- C:\Windows\system32\mf.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfps.dll
2009-09-10 13:19:13 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-10 13:19:12 ----A---- C:\Windows\system32\mferror.dll

======List of files/folders modified in the last 1 months======

2037-04-19 02:49:33 ----D---- C:\Windows\system32\NDF
2009-10-09 22:40:49 ----D---- C:\Windows\Temp
2009-10-09 22:31:23 ----D---- C:\Program Files\LimeWire
2009-10-09 22:10:47 ----AD---- C:\ProgramData\TEMP
2009-10-09 22:04:17 ----D---- C:\Users\Owner\AppData\Roaming\Playrix Entertainment
2009-10-09 22:00:50 ----D---- C:\Program Files\iWin.com
2009-10-09 20:27:43 ----D---- C:\Windows\tracing
2009-10-09 16:20:14 ----SHD---- C:\System Volume Information
2009-10-09 14:35:51 ----D---- C:\Windows\Tasks
2009-10-09 14:31:22 ----D---- C:\Windows
2009-10-08 22:00:18 ----D---- C:\ProgramData\Google Updater
2009-10-08 16:19:22 ----D---- C:\Users\Owner\AppData\Roaming\PlayFirst
2009-10-08 16:19:22 ----D---- C:\ProgramData\PlayFirst
2009-10-07 21:19:23 ----D---- C:\Windows\rescache
2009-10-07 20:53:59 ----D---- C:\Windows\system32\en-US
2009-10-07 20:53:59 ----D---- C:\Windows\System32
2009-10-07 12:34:17 ----D---- C:\Windows\winsxs
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot2
2009-10-07 11:08:29 ----D---- C:\Windows\system32\catroot
2009-10-06 11:18:12 ----RD---- C:\Program Files
2009-10-03 20:58:57 ----D---- C:\ProgramData\Flood Light Games
2009-10-03 20:58:56 ----D---- C:\Users\Owner\AppData\Roaming\Flood Light Games
2009-10-03 20:48:37 ----D---- C:\BigFishGamesCache
2009-10-02 18:15:43 ----A---- C:\Windows\NeroDigital.ini
2009-10-02 18:15:10 ----A---- C:\Windows\ntbtlog.txt
2009-10-02 01:15:21 ----HD---- C:\ProgramData
2009-10-01 22:33:23 ----D---- C:\Program Files\Oberon Media
2009-10-01 22:33:23 ----D---- C:\Program Files\IncrediGames
2009-10-01 20:42:13 ----D---- C:\Users\Owner\AppData\Roaming\Apple Computer
2009-10-01 20:14:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-01 20:14:50 ----D---- C:\Windows\inf
2009-10-01 01:41:29 ----D---- C:\Program Files\SGPSA
2009-10-01 01:12:06 ----D---- C:\Windows\Microsoft.NET
2009-10-01 00:49:23 ----D---- C:\Windows\AppPatch
2009-10-01 00:34:16 ----SD---- C:\Windows\Downloaded Program Files
2009-09-30 16:57:35 ----D---- C:\Windows\system32\drivers
2009-09-30 14:05:20 ----D---- C:\Program Files\Registry Mechanic
2009-09-30 00:55:49 ----D---- C:\Program Files\NCH Software
2009-09-28 16:11:53 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-28 16:08:18 ----D---- C:\Program Files\Common Files\Apple
2009-09-27 21:09:08 ----D---- C:\Program Files\bfgclient
2009-09-26 00:01:46 ----RSD---- C:\Windows\assembly
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Mail
2009-09-25 23:33:01 ----D---- C:\Program Files\Windows Calendar
2009-09-25 23:33:01 ----D---- C:\Program Files\Movie Maker
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Sidebar
2009-09-25 23:32:59 ----D---- C:\Program Files\Windows Media Player
2009-09-25 23:32:59 ----D---- C:\Program Files\Internet Explorer
2009-09-25 23:32:58 ----D---- C:\Program Files\Windows Collaboration
2009-09-25 23:32:54 ----D---- C:\Program Files\Common Files\System
2009-09-25 23:32:52 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-25 23:32:39 ----D---- C:\Program Files\Windows Defender
2009-09-25 23:32:38 ----D---- C:\Windows\servicing
2009-09-25 23:31:57 ----D---- C:\Windows\IME
2009-09-25 23:31:55 ----D---- C:\Windows\system32\XPSViewer
2009-09-25 23:31:54 ----D---- C:\Windows\system32\sk-SK
2009-09-25 23:31:54 ----D---- C:\Windows\system32\lv-LV
2009-09-25 23:31:54 ----D---- C:\Windows\system32\ko-KR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\hr-HR
2009-09-25 23:31:54 ----D---- C:\Windows\system32\et-EE
2009-09-25 23:31:54 ----D---- C:\Windows\system32\da-DK
2009-09-25 23:31:26 ----D---- C:\Windows\system32\de-DE
2009-09-25 23:31:25 ----D---- C:\Windows\system32\it-IT
2009-09-25 23:31:25 ----D---- C:\Windows\system32\el-GR
2009-09-25 23:31:24 ----D---- C:\Windows\system32\oobe
2009-09-25 23:31:22 ----D---- C:\Windows\system32\migration
2009-09-25 23:31:10 ----D---- C:\Windows\system32\ru-RU
2009-09-25 23:31:10 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-25 23:31:09 ----D---- C:\Windows\system32\sv-SE
2009-09-25 23:31:09 ----D---- C:\Windows\system32\setup
2009-09-25 23:31:09 ----D---- C:\Windows\system32\hu-HU
2009-09-25 23:31:09 ----D---- C:\Windows\system32\he-IL
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fr-FR
2009-09-25 23:31:09 ----D---- C:\Windows\system32\fi-FI
2009-09-25 23:31:09 ----D---- C:\Windows\system32\cs-CZ
2009-09-25 23:31:08 ----D---- C:\Windows\system32\SLUI
2009-09-25 23:31:08 ----D---- C:\Windows\system32\pt-PT
2009-09-25 23:31:02 ----D---- C:\Windows\system32\zh-CN
2009-09-25 23:31:02 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-25 23:31:02 ----D---- C:\Windows\system32\manifeststore
2009-09-25 23:31:02 ----D---- C:\Windows\system32\es-ES
2009-09-25 23:31:02 ----D---- C:\Windows\system32\en
2009-09-25 23:31:01 ----D---- C:\Windows\system32\zh-TW
2009-09-25 23:31:01 ----D---- C:\Windows\system32\uk-UA
2009-09-25 23:31:01 ----D---- C:\Windows\system32\sl-SI
2009-09-25 23:31:01 ----D---- C:\Windows\system32\pl-PL
2009-09-25 23:31:01 ----D---- C:\Windows\system32\ja-JP
2009-09-25 23:31:01 ----D---- C:\Windows\system32\bg-BG
2009-09-25 23:31:00 ----D---- C:\Windows\system32\ro-RO
2009-09-25 23:30:56 ----D---- C:\Windows\system32\th-TH
2009-09-25 23:30:51 ----D---- C:\Windows\system32\tr-TR
2009-09-25 23:30:47 ----D---- C:\Windows\system32\wbem
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nl-NL
2009-09-25 23:30:39 ----D---- C:\Windows\system32\nb-NO
2009-09-25 23:30:39 ----D---- C:\Windows\system32\lt-LT
2009-09-25 23:30:39 ----D---- C:\Windows\system32\ar-SA
2009-09-25 23:30:37 ----D---- C:\Windows\system32\pt-BR
2009-09-25 23:30:37 ----D---- C:\Windows\system32\migwiz
2009-09-25 23:29:10 ----RSD---- C:\Windows\Fonts
2009-09-25 23:28:41 ----D---- C:\Windows\system32\Boot
2009-09-25 22:50:26 ----D---- C:\Users\Owner\AppData\Roaming\Princess Isabella
2009-09-23 22:41:06 ----D---- C:\Program Files\Mozilla Firefox
2009-09-23 14:04:35 ----D---- C:\Program Files\McAfee
2009-09-22 23:23:23 ----D---- C:\Windows\system32\Tasks
2009-09-16 17:04:53 ----D---- C:\Windows\SoftwareDistribution
2009-09-16 17:04:02 ----D---- C:\Program Files\MSN Messenger
2009-09-16 17:01:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-16 16:52:31 ----D---- C:\Program Files\Common Files
2009-09-16 16:52:21 ----SD---- C:\ProgramData\Microsoft
2009-09-14 17:48:39 ----D---- C:\Program Files\Google
2009-09-10 23:54:46 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2008-03-25 4137312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-12-27 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\sisnic.sys [2006-11-02 35328]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys [2007-08-24 15872]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-03-27 49904]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys []
S3 SiS315;SiS315; C:\Windows\system32\DRIVERS\sisgrp.sys [2006-11-02 256000]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-01-12 113792]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-01-24 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-01-12 40576]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Findbasic Service;Findbasic Service; C:\ProgramData\Findbasic\findbasic125.exe [2009-09-23 54776]
R2 iWinTrusted;iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [2009-09-03 78104]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 gupdate1ca352042073a72;Google Update Service (gupdate1ca352042073a72); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-14 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe [2009-06-08 16680]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-26 66872]

-----------------EOF-----------------

toladogold
2009-10-09, 17:54
info.txt logfile of random's system information tool 1.06 2009-10-09 22:40:58

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Airport Mania (remove only)-->"C:\Program Files\iWin.com\Airport Mania\Uninstall.exe"
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Aveyond: Lord of Twilight (remove only)-->"C:\Program Files\iWin.com\Aveyond Lord of Twilight\Uninstall.exe"
Babysitting Mania (remove only)-->"C:\Program Files\iWin.com\Babysitting Mania\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP180-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x0009
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Deer Hunter - The 2005 Season Demo-->"C:\Program Files\Atari\Deer Hunter 2005 Demo\unins000.exe"
DinerTown Detective Agency (remove only)-->"C:\Program Files\iWin.com\DinerTown Detective Agency\Uninstall.exe"
Dream Chronicles: The Chosen Child (remove only)-->"C:\Program Files\iWin.com\Dream Chronicles The Chosen Child\Uninstall.exe"
Dream Vacation Solitaire FREE-->"C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\Uninstall.exe" "C:\Program Files\IncrediGames\Dream Vacation Solitaire FREE\install.log"
Enemy Territory - QUAKE Wars(TM) Demo 2-->C:\Program Files\InstallShield Installation Information\{0E1B773B-B396-4FA4-BBB9-01F8D1F74C57}\setup.exe -runfromtemp -l0x0409
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FFPremiereAdvertisingPlatform-->C:\Program Files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\uninstall.exe uninstall=premiereadvertisingplatformff
Findbasic 1.0 build 125-->C:\Program Files\Findbasic\uninstall.exe
Fishdom (remove only)-->"C:\Program Files\iWin.com\Fishdom\Uninstall.exe"
Fishdom: Spooky Splash (remove only)-->"C:\Program Files\iWin.com\Fishdom Spooky Splash\Uninstall.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.25\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.516-->C:\Program Files\Citrix\GoToAssist\516\G2AUninstaller.exe /uninstall
Heroes Of Hellas (remove only)-->"C:\Program Files\iWin.com\Heroes Of Hellas\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
iWin Games (remove only)-->"C:\Program Files\iWin Games\Uninstall.exe"
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jewel Quest Mysteries: Trail of the Midnight Heart (remove only)-->"C:\Program Files\iWin.com\Jewel Quest Mysteries Trail of the Midnight Heart\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Just Cause 1.00.0000-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\setup.exe" -l0x9 -removeonly
Karate 3D-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Karate 3D\Uninst.isu"
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Mad Skills Motocross Demo-->C:\Program Files\Mad Skills Motocross Demo\uninstall.exe
Magentic-->C:\PROGRA~1\Magentic\bin\mgsetup.exe /remove /addon:Magentic
Magic Academy 2 (remove only)-->"C:\Program Files\iWin.com\Magic Academy 2\Uninstall.exe"
Magic Utilities 2008 Version 5.51-->"C:\Program Files\Mgutil\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee Virtual Technician-->MsiExec.exe /I{FCC07EEA-FA18-4A21-9105-9666603C6885}
MessengerDiscovery 1.5.0800-->"C:\Program Files\MessengerDiscovery\unins001.exe"
MessengerDiscovery 2.0.44-->"C:\Program Files\MessengerDiscovery 2\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Money System Pack-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft Motocross Madness 2 Trial-->"C:\Program Files\Microsoft Games\Motocross Madness 2 Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mirar-->mshta.exe http://remove.getmirar.com/
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nancy Drew Dossier: Resorting to Danger (remove only)-->"C:\Program Files\iWin.com\Nancy Drew Dossier Resorting to Danger\Uninstall.exe"
Nero 7 Essentials-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
Nero 7 Essentials-->MsiExec.exe /X{2D0ECDC9-1595-473C-8716-35FEE3C01033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Paintball Heroes-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Paintball Heroes\Uninst.isu"
Pantheon-->"C:\Program Files\Pantheon\Uninstall.exe"
PFConfig 1.0.223-->C:\Program Files\PFConfig\uninst.exe
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Race Driver 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A137D52E-FA96-4815-85F5-E7B8F66837DB}\setup.exe" -l0x9 -removeonly
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soldier of Fortune Platinum-->C:\Windows\IsUninst.exe -f"C:\Program Files\Raven\SOF PLATINUM\sofplat.isu"
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Splinter Cell Pandora Tomorrow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StarOffice 8-->MsiExec.exe /I{86E2FE20-6679-4F30-B8E0-36D5BF6018BE}
Super Motocross Kings-->C:\Windows\IsUninst.exe -f"C:\Program Files\Nodtronics Pty Ltd\Super Motocross Kings\Uninst.isu"
Superbike Racing-->C:\Windows\IsUninst.exe -f"C:\Program Files\NodTronics Pty Ltd\Superbike Racing\Uninst.isu"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Townopolis (remove only)-->"C:\Program Files\iWin.com\Townopolis\Uninstall.exe"
Transport Giant-->MsiExec.exe /I{14288914-DED4-43D3-8B24-7F7EA9BDB0A5}
Tweak UI-->"C:\Windows\system32\mshta.exe" "res://C:\Windows\system32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
WinAce Archiver - Powered by AdVantage-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Women's Murder Club - Twice in a Blue Moon-->C:\Program Files\Women's Murder Club - Twice in a Blue Moon\uninstall.exe

======Security center information======

AS: Spybot - Search and Destroy (outdated)
AS: Windows Defender

======System event log======

Computer Name: Owner-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 211075
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090516165058.889625-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 211047
Source Name: Tcpip
Time Written: 20090516121021.669160-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 4227
Message: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Record Number: 211046
Source Name: Tcpip
Time Written: 20090516120543.800226-000
Event Type: Warning
User:

Computer Name: Owner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SCMNdisP
Record Number: 210995
Source Name: Service Control Manager
Time Written: 20090516022957.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 7022
Message: The Diagnostic System Host service hung on starting.
Record Number: 210994
Source Name: Service Control Manager
Time Written: 20090516022957.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2e78 Start Time: 01c8fef14e6b2da9 Termination Time: 0
Record Number: 46971
Source Name: Application Hang
Time Written: 20080815161604.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 22fc Start Time: 01c8feee94fb8136 Termination Time: 0
Record Number: 46969
Source Name: Application Hang
Time Written: 20080815160935.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2e64 Start Time: 01c8feee9d99c749 Termination Time: 0
Record Number: 46967
Source Name: Application Hang
Time Written: 20080815160312.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2df0 Start Time: 01c8feee6e5eb502 Termination Time: 0
Record Number: 46963
Source Name: Application Hang
Time Written: 20080815155018.000000-000
Event Type: Error
User:

Computer Name: Owner-PC
Event Code: 1002
Message: The program iexplore.exe version 7.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 222c Start Time: 01c8feed52cc72f3 Termination Time: 0
Record Number: 46961
Source Name: Application Hang
Time Written: 20080815155003.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Owner-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 65609
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225085321.798626-000
Event Type: Audit Failure
User:

Computer Name: Owner-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2490314987-2349913300-1285092130-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0xbed42f

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 65608
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225085320.322158-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2490314987-2349913300-1285092130-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0xbed454

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 65607
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225085320.307510-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-2490314987-2349913300-1285092130-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0xbed42f

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 65606
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225085318.546875-000
Event Type: Audit Success
User:

Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-2490314987-2349913300-1285092130-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0xbed454
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2b0
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: OWNER-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 65605
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081225085318.546875-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Shaba
2009-10-09, 19:09
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

toladogold
2009-10-11, 17:02
Went on the Kaspersky website as you asked but couldn't download or do the scan as I got a message that said "Launch of the Java application is interrupted! Please establish an uninterrupted internet connection for work with this program". I asked for help on their forum and was told the virus or whatever had probably taken over my computer, but they didn't seem to want to help me any further.

Shaba
2009-10-11, 18:12
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

toladogold
2009-10-13, 08:31
ComboFix 09-10-12.03 - Owner 13/10/2009 12:49.1.2 - NTFSx86
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1537224207-2914738720-433581702-500
c:\$recycle.bin\S-1-5-21-1827202424-3058028180-2005173096-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
C:\data
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\FBStoolbar.dll
c:\program files\Fast Browser Search\fbstoolbar.jar
c:\program files\Fast Browser Search\fbstoolbar.manifest
c:\program files\Fast Browser Search\icons.bmp
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\Fast Browser Search\info.txt
c:\program files\Fast Browser Search\local.xml
c:\program files\Fast Browser Search\logobg.bmp
c:\program files\Fast Browser Search\MTWB3SH.dll
c:\program files\Fast Browser Search\MTWBtoolbar.html
c:\program files\Fast Browser Search\search.bmp
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\SGPSA
c:\users\Owner\Documents\My Documents.url
c:\users\Owner\FAVORI~1\Games.url
c:\users\Owner\Favorites\Games.url
c:\windows\Installer\3ea47.msi
c:\windows\Installer\40c9ace.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2037-04-18 20:03 . 2037-04-18 20:03 -------- d-----w- c:\programdata\CyberLink
2037-04-18 20:02 . 2037-04-18 20:02 -------- d-----w- c:\program files\CyberLink
2037-04-18 19:54 . 2037-04-18 19:54 -------- d-----w- c:\programdata\Nero
2037-04-18 19:54 . 2037-04-18 19:54 -------- d-----w- c:\program files\Nero
2037-04-18 19:08 . 2007-06-09 21:20 -------- d-----w- c:\windows\Panther
2037-04-18 19:08 . 2009-09-25 15:43 -------- d-----w- C:\Boot
2037-04-18 18:57 . 2008-11-10 03:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2037-04-18 18:57 . 2009-06-21 05:24 -------- d-----w- c:\program files\Microsoft Works
2037-04-18 18:56 . 2037-04-18 18:56 -------- d-----w- c:\windows\PCHEALTH
2037-04-18 18:56 . 2037-04-18 18:56 -------- d-----w- c:\program files\Microsoft.NET
2037-04-18 18:55 . 2007-06-16 06:56 -------- d-----w- c:\windows\SHELLNEW
2037-04-18 18:55 . 2009-10-07 14:53 -------- d-----w- c:\programdata\Microsoft Help
2037-04-18 18:54 . 2037-04-18 18:54 -------- d-----r- C:\MSOCache
2037-04-18 18:30 . 2009-10-13 05:07 -------- d-sh--w- c:\windows\Installer
2037-04-18 18:29 . 2008-10-31 05:45 -------- d-----w- C:\arrow
2037-04-18 18:27 . 2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2037-04-18 18:26 . 2037-04-18 18:26 -------- d-----w- c:\program files\Common Files\Nero
2037-04-18 18:25 . 2001-03-09 01:30 24064 ----a-w- c:\windows\system32\msxml3a.dll
2037-04-18 18:25 . 2007-06-16 11:09 -------- d-----w- c:\programdata\Ahead
2037-04-18 18:25 . 2001-06-26 14:15 38912 ----a-w- c:\windows\system32\picn20.dll
2037-04-18 18:25 . 2000-06-26 17:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2037-04-18 18:24 . 2007-06-16 11:08 -------- d-----w- c:\program files\Common Files\Ahead
2037-04-18 18:24 . 2037-04-18 19:50 -------- d-----w- c:\program files\Ahead
2037-04-18 18:23 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2037-04-18 18:22 . 2037-04-18 18:22 -------- d-----w- c:\program files\Realtek AC97
2037-04-18 18:22 . 2006-12-01 00:20 4071272 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2037-04-18 18:22 . 2009-09-11 12:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2037-04-18 18:22 . 2008-04-19 11:43 -------- d-----w- c:\program files\Common Files\InstallShield
2037-04-18 18:10 . 2008-11-12 15:03 -------- d-----w- c:\windows\Debug
2009-10-13 05:08 . 2009-10-13 05:09 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-10-13 05:08 . 2009-10-13 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-10 14:39 . 2009-10-10 14:39 -------- d-----w- c:\users\Owner\AppData\Local\Astar Games
2009-10-10 11:47 . 2009-10-10 11:50 -------- d--h--w- c:\windows\msdownld.tmp
2009-10-10 11:46 . 2009-10-10 11:52 -------- d-----w- c:\program files\Aztec Tribe
2009-10-08 06:37 . 2009-10-09 14:40 -------- d-----w- C:\rsit
2009-10-07 03:04 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-07 03:04 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-07 03:04 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-07 03:04 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-07 03:01 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-07 03:01 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-07 03:01 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-07 02:59 . 2009-08-06 11:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-07 02:59 . 2009-08-06 10:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-06 03:18 . 2009-10-06 03:23 -------- d-----w- c:\users\Owner\AppData\Local\Mad Skills Motocross
2009-10-06 03:18 . 2009-10-06 03:18 -------- d-----w- c:\program files\Mad Skills Motocross Demo
2009-10-05 14:46 . 2007-03-12 08:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-10-03 12:58 . 2009-10-03 12:58 -------- d-----w- c:\program files\Women's Murder Club - Twice in a Blue Moon
2009-10-03 12:50 . 2009-10-03 12:50 -------- d-----w- c:\program files\Pantheon
2009-10-02 17:18 . 2009-10-01 02:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 16:33 . 2009-10-02 16:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Magic Academy 2
2009-10-02 15:40 . 2009-10-02 15:40 -------- d-----w- c:\program files\Trend Micro
2009-10-02 15:29 . 2009-10-02 15:29 -------- d-----w- c:\program files\ERUNT
2009-09-30 16:44 . 2009-10-12 15:34 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2009-09-30 16:34 . 2009-09-30 16:34 -------- d-----w- c:\program files\Microsoft ATS
2009-09-29 15:48 . 2009-09-29 15:48 163840 ----a-w- c:\windows\system32\Fishdom Screensaver.scr
2009-09-28 17:39 . 2009-09-29 16:53 -------- d-----w- c:\programdata\Electronic Arts
2009-09-28 15:09 . 2004-08-18 02:14 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-09-28 14:28 . 2009-09-29 16:53 -------- d-----w- c:\program files\Electronic Arts
2009-09-28 08:11 . 2009-05-18 06:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-28 08:11 . 2008-04-17 05:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-28 08:08 . 2009-09-28 08:08 -------- d-----w- c:\program files\iPod
2009-09-28 08:08 . 2009-09-28 08:11 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-28 08:08 . 2009-09-28 08:11 -------- d-----w- c:\program files\iTunes
2009-09-28 08:02 . 2009-09-28 08:03 -------- d-----w- c:\program files\QuickTime
2009-09-28 07:47 . 2009-09-28 07:47 -------- d-----w- c:\program files\iPhone Configuration Utility
2009-09-27 13:25 . 2009-09-27 13:25 -------- d-----w- c:\programdata\SOS
2009-09-25 15:28 . 2009-09-25 15:31 -------- d-----w- c:\windows\system32\ca-ES
2009-09-25 15:28 . 2009-09-25 15:31 -------- d-----w- c:\windows\system32\eu-ES
2009-09-25 15:28 . 2009-09-25 15:30 -------- d-----w- c:\windows\system32\vi-VN
2009-09-25 15:01 . 2009-09-25 15:01 -------- d-----w- c:\users\Owner\AppData\Roaming\FlyWheelGames
2009-09-24 05:37 . 2009-09-24 05:37 -------- d--h--w- c:\windows\PIF
2009-09-23 14:38 . 2009-09-23 14:38 273920 ----a-w- c:\users\Owner\AppData\Roaming\DealAssistant\DAUninstall.exe
2009-09-23 14:38 . 2009-09-24 02:08 -------- d-----w- c:\program files\Findbasic
2009-09-23 14:38 . 2009-09-23 14:41 -------- d-----w- c:\programdata\Findbasic
2009-09-23 14:38 . 2009-10-06 02:45 -------- d-----w- c:\users\Owner\AppData\Roaming\DealAssistant
2009-09-23 14:38 . 2009-09-23 14:38 729088 ----a-w- c:\windows\system32\5c78.dll
2009-09-22 15:23 . 2009-10-13 05:07 -------- d-----w- c:\program files\iWin Games
2009-09-19 14:59 . 2009-09-19 14:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Merscom
2009-09-19 14:59 . 2009-09-19 14:59 -------- d-----w- c:\programdata\Merscom
2009-09-16 09:42 . 2009-10-12 13:52 -------- d-----w- c:\users\Owner\Tracing
2009-09-16 09:11 . 2006-11-29 05:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-16 09:08 . 2009-09-16 09:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 09:01 . 2009-10-12 10:26 -------- d-----w- c:\program files\Microsoft
2009-09-16 09:00 . 2009-09-16 09:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 08:59 . 2009-09-16 09:04 -------- d-----w- c:\program files\Windows Live
2009-09-16 08:52 . 2009-09-16 08:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-14 10:54 . 2009-10-13 04:00 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2009-09-14 10:48 . 2009-10-13 04:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2009-09-14 09:42 . 2009-09-14 09:42 -------- d-----w- c:\program files\Common Files\Skype
2009-09-14 09:42 . 2009-09-14 09:45 -------- d-----r- c:\program files\Skype
2009-09-14 09:42 . 2009-09-14 09:42 -------- d-----w- c:\programdata\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 15:40 . 2008-01-31 12:45 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-12 10:46 . 2007-11-14 13:20 -------- d-----w- c:\programdata\NVIDIA
2009-10-12 04:30 . 2007-10-01 01:44 -------- d-----w- c:\programdata\Google Updater
2009-10-10 14:38 . 2009-04-25 14:04 -------- d-----w- c:\program files\iWin.com
2009-10-10 12:53 . 2008-11-22 13:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Alawar
2009-10-10 11:53 . 2007-06-09 06:35 110472 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-09 14:31 . 2007-06-13 08:48 -------- d-----w- c:\program files\LimeWire
2009-10-09 14:04 . 2008-06-21 14:23 -------- d-----w- c:\users\Owner\AppData\Roaming\Playrix Entertainment
2009-10-08 08:19 . 2008-03-14 12:51 -------- d-----w- c:\users\Owner\AppData\Roaming\PlayFirst
2009-10-08 08:19 . 2008-03-14 12:51 -------- d-----w- c:\programdata\PlayFirst
2009-10-03 12:58 . 2008-11-09 07:34 -------- d-----w- c:\programdata\Flood Light Games
2009-10-03 12:58 . 2008-11-09 07:34 -------- d-----w- c:\users\Owner\AppData\Roaming\Flood Light Games
2009-10-01 14:33 . 2007-11-14 11:19 -------- d-----w- c:\program files\IncrediGames
2009-10-01 14:33 . 2007-10-13 15:21 -------- d-----w- c:\program files\Oberon Media
2009-10-01 12:42 . 2009-06-29 10:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Apple Computer
2009-09-29 16:55 . 2008-12-27 04:16 -------- d-----w- c:\program files\NCH Software
2009-09-28 08:08 . 2009-06-29 10:00 -------- d-----w- c:\program files\Common Files\Apple
2009-09-27 13:09 . 2008-11-21 15:09 -------- d-----w- c:\program files\bfgclient
2009-09-25 15:33 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-25 15:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-25 15:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-25 15:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-25 15:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-25 15:32 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-25 14:50 . 2009-08-22 15:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Princess Isabella
2009-09-23 06:04 . 2009-03-20 12:45 -------- d-----w- c:\program files\McAfee
2009-09-16 09:04 . 2007-08-29 05:11 -------- d-----w- c:\program files\MSN Messenger
2009-09-14 10:54 . 2009-09-14 10:54 48 ---ha-w- c:\programdata\ezsidmv.dat
2009-09-14 09:48 . 2007-07-01 03:08 -------- d-----w- c:\program files\Google
2009-09-11 12:28 . 2009-09-11 12:28 -------- d-----w- c:\program files\Codemasters
2009-09-10 15:54 . 2008-04-16 14:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-05 12:05 . 2008-07-26 11:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Big Fish Games
2009-09-04 11:51 . 2009-09-02 14:31 -------- d-----w- c:\users\Owner\AppData\Roaming\Aveyond 3
2009-09-04 09:44 . 2009-10-10 11:52 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 09:44 . 2009-10-10 11:52 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 09:44 . 2009-10-10 11:52 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 09:29 . 2009-10-10 11:52 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 09:29 . 2009-10-10 11:52 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 09:29 . 2009-10-10 11:52 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 09:29 . 2009-10-10 11:52 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 09:29 . 2009-10-10 11:52 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-03 13:44 . 2009-09-03 13:38 -------- d-----w- c:\programdata\Aveyond I
2009-08-31 15:51 . 2009-08-31 15:51 -------- d-----w- c:\users\Owner\AppData\Roaming\HdO Adventure
2009-08-29 00:27 . 2009-09-03 03:04 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 03:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 11:42 . 2009-08-28 11:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 11:42 . 2009-08-28 11:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 14:13 . 2009-08-20 05:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-26 15:15 . 2009-08-26 15:15 -------- d-----w- c:\programdata\Fitn17
2009-08-26 15:03 . 2009-08-26 15:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Magic Seeds
2009-08-25 05:05 . 2008-12-26 13:19 -------- d-----w- c:\program files\Vuze
2009-08-24 16:04 . 2008-12-27 04:15 -------- d-----w- c:\program files\NCH Swift Sound
2009-08-24 16:02 . 2008-04-17 16:04 -------- d-----w- c:\program files\RealArcade
2009-08-24 09:32 . 2009-07-29 06:05 -------- d-----w- c:\program files\Safari
2009-08-22 14:44 . 2009-08-22 14:43 -------- d-----w- c:\users\Owner\AppData\Roaming\MA
2009-08-21 12:24 . 2008-10-16 14:51 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-21 09:47 . 2008-10-20 14:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-18 15:31 . 2009-08-18 15:31 -------- d-----w- c:\users\Owner\AppData\Roaming\Batovi
2009-08-18 14:26 . 2009-08-18 14:26 -------- d-----w- c:\users\Owner\AppData\Roaming\PoBros
2009-08-18 14:26 . 2009-08-18 14:26 -------- d-----w- c:\programdata\PoBros
2009-08-17 14:53 . 2009-08-17 14:53 -------- d-----w- c:\programdata\Gogii
2009-08-15 16:21 . 2009-08-15 15:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Babylonia
2009-08-14 16:27 . 2009-09-10 05:21 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 05:21 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 05:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 05:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 05:21 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 05:21 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 05:21 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 05:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 05:21 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 05:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 05:21 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 07:07 . 2009-08-03 07:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 07:07 . 2009-08-03 07:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 07:07 . 2009-08-03 07:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-30 08:16 . 2009-07-30 08:16 983936 ----a-w- c:\users\Public\MyWebTattoo.exe
2009-07-26 08:44 . 2009-07-26 08:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-08-21 11:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-21 11:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-21 11:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-21 11:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-13 04:57 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-16 04:32 . 2009-03-20 12:46 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 12:40 . 2009-08-13 04:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-13 04:56 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-13 04:56 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-13 04:56 7680 ----a-w- c:\windows\system32\spwmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3D362E88-A9A9-4A3C-BF75-0EB26A8D39B6}"= "c:\windows\system32\5c78.dll" [2009-09-23 729088]

[HKEY_CLASSES_ROOT\clsid\{3d362e88-a9a9-4a3c-bf75-0eb26a8d39b6}]
[HKEY_CLASSES_ROOT\TypeLib\{0B7F1A3B-ED51-4B80-BB20-1B5F2BCE573A}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-04-13 604704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):b8,f5,54,43,f6,3d,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C30FBFB8-3685-4E83-AC2E-897281307202}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E5B57C0A-5176-48CE-B168-E4CAABC6E176}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{37002D92-2AA5-48E6-9BE8-5FD555B43DB1}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{284E6304-C7CC-4593-A444-FAAD551190F8}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{A0B4BC25-9B77-4BE5-99FC-66B8237B8ABC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FBCD67B7-3AF7-4D01-985F-E71BB1954C32}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A20A036B-4E76-4C9F-8627-9196615F15AA}"= UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{02E39CEF-8482-4674-9175-B088F1FFA4AB}"= TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{E6901D12-8F72-4E15-8F7A-3A6B820ECC66}"= UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{9DC3F611-4FFF-4E99-9FED-7AFE999906CC}"= TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{66B18C69-86EB-46FB-AE17-90C073786B48}"= UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{5976E077-0283-469E-9667-33F093A6504D}"= TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{D9185540-964B-40B0-A7FD-97135A3CBE18}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{968F2EE6-E774-4FE8-8AE1-F6B70D73D8AE}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"TCP Query User{978C49B6-296F-4FED-8323-4D4738DA1405}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{9119B045-B60A-4E89-9EA1-A735F997F8CD}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{AA1F177A-7234-419E-95CB-D105C5627D56}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E35082E5-C3F5-4130-B4FC-7917FAD4CA13}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A3A0414D-A862-443F-9F1E-0B31A1682C14}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{6BD2E1C5-F054-405B-B50E-918F97F17CA0}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{67535D28-2414-4A3B-A5BB-B337D0FCB00A}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo 2
"{53B864D5-BE49-4F71-BF11-F59D28984FD0}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqw.exe:Enemy Territory - QUAKE Wars(TM) Demo 2
"{2E0E3D65-1528-41ED-91B6-724F3F5DC112}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqwded.exe:etqwded.exe
"{3095804A-B42B-490C-84CB-D57B7DE9A284}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars Demo 2\etqwded.exe:etqwded.exe
"{0AA51B35-D7DC-4CB9-A5B0-A6FC3B286AC7}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6E3EB57B-47C5-4766-9C0E-A51ED78161AD}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4561CC24-5927-4704-93C9-68136B4FF4E3}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{8E9D99F9-4B13-4D6F-BFA7-CAFA269B5C7E}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{F1BBDC30-B9FF-476A-B043-1F054FFAE189}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{8AD3268B-F9A0-4EAC-A4AB-1E9F0B0BA964}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{A4641738-8431-4AE1-B3F7-806D485245F1}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{1CD389FE-92BD-4E8A-8A34-821A10B28722}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{1B7A7B9A-0BD0-4B64-A2FA-63382C08C8D6}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{2F1361D2-5BE5-4D13-B1F8-3BB8E7790DDF}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{2C42BE9F-DF30-4944-B45D-90E8900245D9}"= Disabled:UDP:c:\users\Owner\AppData\Local\Temp\ImInstaller\FreeSkin_Installer.exe:IncrediMail Installer
"{C850D70D-2AE6-418B-8C09-9358481A563A}"= Disabled:TCP:c:\users\Owner\AppData\Local\Temp\ImInstaller\FreeSkin_Installer.exe:IncrediMail Installer
"{98378C93-4EC2-4BB1-ACDC-9D7E5B7C670D}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C32D680B-39A2-4920-AAD2-125056EBB548}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{30C40425-67EE-4F9D-BA6F-DE52F8C143C5}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B066B0A8-95C1-46A9-B416-C65B4C79BE6E}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C9D7FB9D-EE6A-41F0-9B05-429329A3CA7E}"= UDP:c:\users\Owner\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{24B3B6C4-EECD-49B4-BA4C-A764F0A47435}"= TCP:c:\users\Owner\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{3929C9E2-80F9-4F24-8C03-11415D6A609F}"= Disabled:UDP:c:\users\Owner\AppData\Local\Temp\ImInstaller\FreeEcardMovies_Installer.exe:IncrediMail Installer
"{7ADD8CBD-577D-48D2-997E-136536EA9CB2}"= Disabled:TCP:c:\users\Owner\AppData\Local\Temp\ImInstaller\FreeEcardMovies_Installer.exe:IncrediMail Installer
"TCP Query User{1A4B8B02-AAE1-494C-A06C-679334D3083F}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1AF3166C-26AC-4E9D-AB9E-1829CDC65CAB}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{0B2E09EA-FDB8-4251-9524-7C747E2B0F7E}"= TCP:8000:Express Talk RTP Incoming Audio (UDP)
"{2B32E31E-3739-41E3-992B-4A3BBDB1AFFD}"= TCP:8001:Express Talk RTP Incoming Audio (UDP)
"{FB68CE1E-1B81-4844-8608-1196857A0189}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{EB7A9154-75AC-407E-9593-76222DAB0093}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncrediMail_Install.exe:IncrediMail Installer
"{056973AB-1AA5-4779-98C0-0C81CAB5C14A}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncrediMail_Install.exe:IncrediMail Installer
"{61B72059-80E2-41B5-A3B8-3A1F8E7A05C3}"= Disabled:UDP:c:\users\Owner\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{6134BE51-DBF6-440B-82D8-1126C6BDDA45}"= Disabled:TCP:c:\users\Owner\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{8DD051A9-D140-4867-A1EA-F3BB6B227D0A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E60E5DB0-0FCC-47E5-BB24-A057E9253EBC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{59BC564F-F4AE-44C5-82BC-4F3FB442B87E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C02042A4-55BD-4765-AB59-A9C4FCCC189B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5ED2F1B6-8D18-4DC6-91BB-45D9A354CADC}"= Disabled:UDP:c:\users\Owner\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe:IncrediMail Installer
"{3D083E92-5643-4A62-A664-AB017B978E5E}"= Disabled:TCP:c:\users\Owner\AppData\Local\Temp\ImInstaller\3d_magic_installer.exe:IncrediMail Installer
"{9BC3C13D-A4D8-4321-B8A0-002B1832878E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{47AA979E-45B6-48D0-BC2E-A05E7CBB9541}"= UDP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{9F8C2A9F-30DE-4140-9ECE-D5D24E8F414F}"= TCP:c:\program files\iWin Games\iWinGames.exe:iWin Games application.
"{7270B2A6-0027-4A96-A2BA-22CCF5D34DC0}"= UDP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{A8138E40-3DC7-4A51-A7AE-F7D89DFBD480}"= TCP:c:\program files\iWin Games\WebUpdater.exe:iWin Games updater.
"{0B0DFEC7-9850-4E8E-9687-1B0A8EA3B95F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9B81D88E-08A4-452B-9AD8-5F590FB0AC62}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [3/09/2009 1:30 AM 78104]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [20/03/2009 8:49 PM 210216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/08/2009 1:50 PM 1153368]
S2 Findbasic Service;Findbasic Service;c:\programdata\Findbasic\findbasic125.exe [23/09/2009 10:41 PM 54776]
S2 gupdate1ca352042073a72;Google Update Service (gupdate1ca352042073a72);c:\program files\Google\Update\GoogleUpdate.exe [14/09/2009 5:46 PM 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [24/08/2007 6:34 PM 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-02 02:52]

2009-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-14 09:45]

2009-06-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-22 13:26]

2009-09-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-22 13:26]

2009-10-13 c:\windows\Tasks\User_Feed_Synchronization-{9B855E8D-610D-473F-A0DC-00A6900276B0}.job
- c:\windows\system32\msfeedssync.exe [2009-08-21 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredigames.com/
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZKxdm220YYAU
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7g00b80.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredigames.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredigames.com/?loc=FF_Incredigame_AddressBar&search=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\components\PremiereAdvertisingPlatform.dll
FF - component: c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7g00b80.default\extensions\{39124730-0779-11de-8c30-0800200c9a66}\components\daff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DealAssistant - c:\users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
HKCU-Run-SfKg6wIPuSpdcduD7 - c:\users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-WinAce Archiver - c:\program files\WinAce\SXUNINST.EXE
AddRemove-DealAssistant - c:\users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 13:09
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-2490314987-2349913300-1285092130-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{042C5BB1-BFFE-758E-047C-E8844F13A2CE}*]
"bbjhgfdgmiebohkekhgngfibghdiombbeink"=hex:61,62,6e,68,66,62,6e,66,61,6e,6f,6c,
61,69,65,63,65,6e,68,69,6c,66,70,6e,69,66,69,67,66,62,6b,65,67,69,00,70
"abjhgfdgmiebohkekhbpdhjggjoalpmjfb"=hex:6b,62,67,6a,6e,61,69,6d,69,70,69,62,
63,6c,6b,64,66,6a,6b,6c,6d,64,63,6f,68,62,6e,70,6e,67,6e,6d,6b,6d,6c,70,66,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-13 13:16
ComboFix-quarantined-files.txt 2009-10-13 05:16

Pre-Run: 47,391,477,760 bytes free
Post-Run: 47,412,101,120 bytes free

514 --- E O F --- 2009-10-13 04:08

toladogold
2009-10-13, 08:34
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:51 PM, on 9/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PremiereAdvertisingPlatform - {547395D9-934A-CED6-B851-F238C86079E5} - C:\Program Files\PremiereAdvertisingPlatform\PremiereAdvertisingPlatform.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Owner\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - HKCU\..\Run: [SfKg6wIPuSpdcduD7] C:\Users\Owner\AppData\Roaming\Microsoft\Windows\oulwsv.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic125.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 13386 bytes

Shaba
2009-10-13, 08:43
Looks better :)

Are you now able to run kaspersky?

toladogold
2009-10-13, 14:11
Will give it a try, thanks

toladogold
2009-10-13, 14:21
No, I'm still getting the same message.

Shaba
2009-10-13, 17:53
Then we try some other online scanner.

Please go to ESET Online Scanner (http://www.eset.eu/online-scanner) - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
Check the box next to "YES, I accept the Terms of Use."
Click "Start"
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options: Remove found threats is UNCHECKED
Scan unwanted applications is CHECKED
Click "Scan"
Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply.

toladogold
2009-10-15, 18:08
Have tried to run the scan 4 times and each time it stops working on 18% which was BigFishGames

Shaba
2009-10-15, 21:50
Download to the desktop: Dr.Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe)

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

toladogold
2009-10-18, 08:21
Ok, Did express scan, then got confused about the next bit. Couldn't find "all drives" etc, so just did "complete scan", but removed Heuristic analysis. Wow, it took over 24hrs. Cured what I could, moved what couldn't be cured. Not sure if I did the right thing. Here is a report list, but not sure if this is what you want. Hope its ok.

FreeMyEmoticons.exe\data001;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\Jesse\FreeMyEmoticons.exe;Adware.SaveNow;;
FreeMyEmoticons.exe;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\Jesse;Container contains infected objects;Moved.;
wfallsfree.exe/wfalls.exe\BSAVEINST.EXE;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\Jesse\wfallsfree.exe/wfalls.exe;Adware.SaveNow;;
wfallsfree.exe/wfalls.exe\3 8 02 MINIBUG.EXE;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\Jesse\wfallsfree.exe/wfalls.exe;Adware.Minibug;;
wfalls.exe;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\Jesse;Archive contains infected objects;;
wfallsfree.exe;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\Jesse;Archive contains infected objects;Moved.;
toolbar.dll;C:\Documents and Settings\Owner\Desktop\Susan\My Documents\My Received Files\My Email Emoticons Toolbar;Adware.Softomate.origin;;
FreeMyEmoticons.exe\data001;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\FreeMyEmoticons.exe;Adware.SaveNow;;
FreeMyEmoticons.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Container contains infected objects;Moved.;
wfallsfree.exe/wfalls.exe\BSAVEINST.EXE;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\wfallsfree.exe/wfalls.exe;Adware.SaveNow;;
wfallsfree.exe/wfalls.exe\3 8 02 MINIBUG.EXE;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\wfallsfree.exe/wfalls.exe;Adware.Minibug;;
wfalls.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Archive contains infected objects;;
wfallsfree.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
Preview-T-5882462-passing through mark erelli.au;C:\Documents and Settings\Owner\Incomplete;Trojan.WMALoader;Cured.;
T-5009937-weres my money tc the new unreleased single.mp3;C:\Documents and Settings\Owner\Incomplete;Trojan.WMALoader;Cured.;
T-5882462-passing through mark erelli.au;C:\Documents and Settings\Owner\Incomplete;Trojan.WMALoader;Cured.;
PremiereAdvertisingPlatform.dll;C:\Program Files\Mozilla Firefox\extensions\PremiereAdvertisingPlatform@PremiereAdvertisingPlatform\components;Trojan.Click.26468;Deleted.;
msimg32.dll;C:\Program Files\MSN Messenger;Adware.MyWebSearch.6;;
riched20.dll;C:\Program Files\MSN Messenger;Adware.MyWebSearch.8;;
toolbar.dll;C:\Users\Owner\Desktop\Susan\My Documents\My Received Files\My Email Emoticons Toolbar;Adware.Softomate.origin;;
upgrade.exe\data002;C:\Windows\Temp\FIN77D4.tmp\upgrade.exe;Adware.Seekser.1;;
upgrade.exe\data004;C:\Windows\Temp\FIN77D4.tmp\upgrade.exe;Adware.Seekser.3;;
upgrade.exe;C:\Windows\Temp\FIN77D4.tmp;Archive contains infected objects;Moved.;

toladogold
2009-10-18, 08:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:55 PM, on 18/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredigames.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.box10.com/moto-x-freestyle.html"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm220YYAU
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/The%20Enchanting%20Islands/Images/stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-au/wlscctrl2.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Tropix%202%20-%20Quest%20for%20the%20Golden%20Banana/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca352042073a72) (gupdate1ca352042073a72) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11930 bytes

Shaba
2009-10-18, 13:05
That looks good :)

Still problems?

toladogold
2009-10-18, 16:51
Don't seem to have any problems with DealAssistant anymore but have MyStart by Incredigames comes up as my default search and can't get rid of it. By the way, you're an angel. Thanks so much for spending so much time helping me with this.

toladogold
2009-10-18, 18:16
Well I did a bit of fiddling around, and I seem to have managed to get rid of MyStart..... so far. So thank you so much for all the help you have given me. Cheers

Shaba
2009-10-18, 19:46
So is everything fine now? :)

toladogold
2009-10-21, 02:18
Thank you so much. Everything is great. You're an angel.

Shaba
2009-10-21, 13:02
Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)

Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Shaba
2009-10-25, 13:16
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.