View Full Version : Please help on Malware
WeskerVII
2009-11-23, 22:48
A couple of days ago I was on the internet and something closed my browser and the HDD/CPU light was going crazy. I even unplug the internet and nothing stop it. I ran malware and it said it found a rootkit. I threw it away but my computer still seems slow. Any help will be much appreicated.
Logfile of HijackThis v1.99.1
Scan saved at 3:37:33 PM, on 11/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Compaq_Owner\Desktop\Wesker\Apps\hijackthis_sfx\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck Control) - https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
Thank you for your time.
Hello and :welcome: to Safer Networking
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.
Looking over your log it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
Avira AntiVir Personal (http://www.free-av.de/en/download/1/avira_antivir_personal__free_antivirus.html)- Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.download-avg-anti-virus-free-edition#tba2) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.
1 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
2 - Status Check
Please reply with
I would like to view the last Malwarebytes' Anti-Malware Log if available please. It can be found here(if present):
Launch/Start the application
Click on the Logs radio tab.
Post the contents of mbam-log-yyyy-mm-dd (tt-tt-tt).txt
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
WeskerVII
2009-11-25, 08:15
Hello Peku006. Thank you so much for your time and patience. About the anti-virus programs... really dont like using them. I feel they just use up alot of RAM and really dont stop virus or trojans from entering. Here are the three reports you asked for. But, I was wondering if you could be kind and answer this question I have. The main reason why I asked for help was I had a rootkit found by Malwarebytes. Think I got rid of it. What concerns me is that when I enter my c drive to view files. There is a icon of my computer that is labeled Combo-fix 9344c. When I click on that it just loops back to the viewing of the C files. (Strange). Any idea what that icon or file is. Thanks for any info.
Logfile of random's system information tool 1.06
(written by random/random)
Run by Compaq_Owner at 2009-11-25 00:55:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 23 GB (34%) free of 69 GB
Total RAM: 702 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:52 AM, on 11/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft
ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and
Settings\Compaq_Owner\Desktop\Wesker\Apps\RSIT.e
xe
C:\Program Files\trend micro\Compaq_Owner.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iese
arch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/
msgr8/*http://www.yahoo.com/ext/search/search.ht
ml
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet
Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/
msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dl
l
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dl
l
O2 - BHO: AcroIEHelperStub -
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dl
l
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware
(reboot)] "C:\Program Files\Malwarebytes'
Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent]
"C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe (User
'Default user')
O4 - S-1-5-18 Startup: Pin.lnk =
C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk =
C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk =
C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English
Word - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of
Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/30
00
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page
into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary
- file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -
file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile
Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search &
Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help -
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-P
ackard,L=Cupertino,S=Ca,C=US\IEButton\support.ht
m
O9 - Extra 'Tools' menuitem: Connection Help -
{E2D4D26B-0180-43a4-B05F-462D6D54C789} -
C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-P
ackard,L=Cupertino,S=Ca,C=US\IEButton\support.ht
m
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_
unicode.cab
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF:
{1E54D648-B804-468d-BC78-4AFFED8E262E} (System
Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
(Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF:
{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish
Activia) -
http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF:
{483EB14D-AF1C-4951-81B0-4E2B41829FF6} (QOLCheck
Control) -
https://www.select2perform.com/cabs/QOLCheck.ocx
O16 - DPF:
{48DD0448-9209-4F81-9F6D-D83562940134} (MySpace
Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader10
06.cab
O16 - DPF:
{55027008-315F-4F45-BBC3-8BE119764741} (Slide
Image Uploader Control) -
http://www.slide.com/uploader/SlideImageUploader
.cab
O16 - DPF:
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System
Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab2.
cab
O16 - DPF:
{8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook
Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v
5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF:
{95D88B35-A521-472B-A182-BB1A98356421} (Pearson
Installation Assistant 2) -
http://asp.mathxl.com/books/_Players/PearsonInst
allAsst2.cab
O16 - DPF:
{9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace
Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader2.
cab
O16 - DPF:
{BE833F39-1E0C-468C-BA70-25AAEE55775E} (System
Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab.c
ab
O16 - DPF:
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98}
(Measurement Services Client v.3.11) -
http://gameadvisor.futuremark.com/global/msc311.
cab
O16 - DPF:
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/
gp.cab
O16 - DPF:
{E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson
MathXL Player) -
http://asp.mathxl.com/books/_Players/MathPlayer.
cab
O23 - Service: Apple Mobile Device - Apple Inc.
- C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. -
C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark
International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic
Solutions - C:\Program Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic
Solutions - C:\Program Files\Roxio\Digital Home
9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9
(RoxLiveShare9) - Sonic Solutions - C:\Program
Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions -
C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9
(RoxWatch9) - Sonic Solutions - C:\Program
Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 9578 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{05F7
988F-14F6-4D24-ADA1-C2805A2CFEB2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Explorer\Browser Helper
Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dl
l [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Explorer\Browser Helper
Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\Explorer\Browser Helper
Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26
1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!
Toolbar -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dl
l [2008-05-15 817936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C
urrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=C:\Program
Files\Malwarebytes' Anti-Malware\mbam.exe
[2009-09-10 1312080]
"QuickTime Task"=C:\Program
Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program
Files\iTunes\iTunesHelper.exe [2009-11-12
141600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"H/PC Connection Agent"=C:\Program
Files\Microsoft ActiveSync\wcescomm.exe
[2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Adobe Reader Speed
Launcher]
C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\BgMonitor_{79662E04-7C
6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common
Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21
94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec
Shared\ccApp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04
15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft
ActiveSync\Wcescomm.exe [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software
Update\HPwuSchd2.exe [2005-02-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot
Optimizer\HPBootOp.exe [2005-09-21 1605740]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet
Security\cfgwiz.exe /GUID
{257BBC47-1B26-432e-9F84-188603799DD3} /MODE
CfgWiz /CMDLINE REBOOT []
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[2009-11-12 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\Browser Mouse\Browser
Mouse\1.0\lwbwheel.exe [2001-03-25 429568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe
[2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[2008-04-17 9117696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common
Files\Ahead\Lib\NeroCheck.exe [2006-01-12
155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[2009-11-10 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe
[2007-04-23 228088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe
[2008-02-22 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\TotalRecorderScheduler
]
C:\Program
Files\HighCriteria\TotalRecorder\TotRecSched.exe
[2006-12-05 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7
-reboot 1 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\URLLSTCK.exe]
c:\Program Files\Norton Internet
Security\UrlLstCk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\XboxStat]
c:\Program Files\Microsoft Xbox 360
Accessories\XboxStat.exe [2007-09-26 734264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and
Settings^Administrator^Start
Menu^Programs^Startup^Pin.lnk]
C:\hp\bin\CLOAKER.EXE [1999-11-07 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and
Settings^All Users^Start
Menu^Programs^Startup^Adobe Reader Speed
Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and
Settings^All Users^Start
Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EX
E [2005-11-09 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and
Settings^All Users^Start
Menu^Programs^Startup^Kodak EasyShare
software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE
[2005-11-04 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Documents and
Settings^All Users^Start
Menu^Programs^Startup^Run Nintendo Wi-Fi USB
Connector Registration Tool.lnk]
C:\PROGRA~1\WIFICO~1\NINTEN~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\services]
"SPBBCSvc"=3
"SNDSrvc"=3
"SAVScan"=3
"ose"=3
"KodakCCS"=3
"ISSVC"=3
"IDriverT"=3
"ccPwdSvc"=3
"SymWSC"=2
"navapsvc"=2
"MDM"=2
"iPod Service"=3
"ccSetMgr"=2
"ccProxy"=2
"ccEvtMgr"=2
"Ati HotKey Poller"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13
46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-02
402736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\C
urrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj -
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
[2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C
urrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu
rrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\C
urrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\ser
vices\sharedaccess\parameters\firewallpolicy\sta
ndardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system
32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq
Connections\5577497\Program\Compaq
Connections.exe"="C:\Program Files\Compaq
Connections\5577497\Program\Compaq
Connections.exe:*:Enabled:Compaq Connections"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:E
nabled:LimeWire swarmed installer"
"C:\Program
Files\LimeWire\LimeWire.exe"="C:\Program
Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN
Messenger\msnmsgr.exe"="C:\Program Files\MSN
Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
7.5"
"C:\Program
Files\Yahoo!\Messenger\YServer.exe"="C:\Program
Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yah
oo! FT Server"
"C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe"="C:\Program
Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program
Files\uTorrent\uTorrent.exe"="C:\Program
Files\uTorrent\uTorrent.exe:*:Enabled:Torrent"
"%windir%\Network
Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll
,-20000"
"C:\Program
Files\MySpace\IM\MySpaceIM.exe"="C:\Program
Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace
IM"
"C:\Program Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe"="C:\Program
Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRend
erer9"
"C:\Program Files\Sony\Media Manager for
PSP\MediaManager.exe"="C:\Program
Files\Sony\Media Manager for
PSP\MediaManager.exe:*:Enabled:Media Manager for
PSP 3.0"
"C:\Program Files\Microsoft
ActiveSync\rapimgr.exe"="C:\Program
Files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0
:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"="C:\Program
Files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.
0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft
ActiveSync\WCESMgr.exe"="C:\Program
Files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0
:Enabled:ActiveSync Application"
"C:\Program
Files\Bonjour\mDNSResponder.exe"="C:\Program
Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjou
r"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program
Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\ser
vices\sharedaccess\parameters\firewallpolicy\dom
ainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system
32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq
Connections\5577497\Program\Compaq
Connections.exe"="C:\Program Files\Compaq
Connections\5577497\Program\Compaq
Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\MSN
Messenger\msnmsgr.exe"="C:\Program Files\MSN
Messenger\msnmsgr.exe:*:Enabled:MSN Messenger
7.5"
"%windir%\Network
Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll
,-20000"
"C:\Program Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe"="C:\Program
Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRend
erer9"
"C:\Program Files\Microsoft
ActiveSync\rapimgr.exe"="C:\Program
Files\Microsoft
ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0
:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft
ActiveSync\wcescomm.exe"="C:\Program
Files\Microsoft
ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.
0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft
ActiveSync\WCESMgr.exe"="C:\Program
Files\Microsoft
ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0
:Enabled:ActiveSync Application"
======List of files/folders created in the last
1 months======
2009-11-25 00:55:27 ----D---- C:\Program
Files\trend micro
2009-11-25 00:55:26 ----D---- C:\rsit
2009-11-23 13:16:29 ----D---- C:\Program
Files\ERUNT
2009-11-13 17:11:52 ----SD---- C:\Combo-Fix9344C
2009-11-13 06:36:59 ----D---- C:\WINDOWS\temp
2009-11-13 06:36:56 ----A---- C:\ComboFix.txt
2009-11-13 00:11:24 ----HDC----
C:\WINDOWS\$NtUninstallKB969947$
======List of files/folders modified in the last
1 months======
2009-11-25 00:55:27 ----D---- C:\Program Files
2009-11-25 00:55:05 ----D----
C:\WINDOWS\Prefetch
2009-11-25 00:31:50 ----D---- C:\Documents and
Settings\Compaq_Owner\Application Data\uTorrent
2009-11-24 23:42:54 ----D----
C:\WINDOWS\system32\CatRoot2
2009-11-24 15:29:42 ----SHD----
C:\WINDOWS\Installer
2009-11-24 15:29:03 ----D---- C:\Program
Files\iTunes
2009-11-24 15:28:25 ----D---- C:\Program
Files\iPod
2009-11-24 15:28:24 ----D---- C:\Program
Files\Common Files\Apple
2009-11-24 15:25:20 ----D---- C:\Program
Files\QuickTime
2009-11-24 15:25:05 ----D----
C:\WINDOWS\system32
2009-11-24 15:23:08 ----D---- C:\WINDOWS\WinSxS
2009-11-23 13:17:34 ----D---- C:\WINDOWS\erdnt
2009-11-23 00:35:39 ----D----
C:\WINDOWS\system32\FxsTmp
2009-11-22 15:45:24 ----A----
C:\WINDOWS\SchedLgU.Txt
2009-11-21 09:20:43 ----A----
C:\WINDOWS\LEXSTAT.INI
2009-11-15 02:31:00 ----D---- C:\Documents and
Settings\Compaq_Owner\Application Data\Move
Networks
2009-11-13 17:12:30 ----SHD---- C:\System Volume
Information
2009-11-13 17:12:30 ----D----
C:\WINDOWS\system32\Restore
2009-11-13 17:12:13 ----D---- C:\WINDOWS
2009-11-13 06:30:13 ----A----
C:\WINDOWS\system.ini
2009-11-13 06:27:52 ----D----
C:\WINDOWS\system32\drivers
2009-11-13 06:27:52 ----D----
C:\WINDOWS\AppPatch
2009-11-13 06:27:43 ----D---- C:\Program
Files\Common Files
2009-11-13 00:11:34 ----HD---- C:\WINDOWS\inf
2009-11-13 00:11:29 ----D----
C:\WINDOWS\system32\dllcache
2009-11-13 00:10:21 ----D---- C:\Program
Files\Spybot - Search & Destroy
2009-11-12 12:25:56 ----HD----
C:\WINDOWS\$hf_mig$
2009-11-06 21:58:11 ----A----
C:\WINDOWS\NeroDigital.ini
2009-11-05 11:36:21 ----A----
C:\WINDOWS\system32\MRT.exe
2009-11-04 17:33:44 ----D----
C:\WINDOWS\Downloaded Program Files
2009-11-04 09:48:51 ----A----
C:\WINDOWS\ntbtlog.txt
2009-11-03 11:32:50 ----A----
C:\WINDOWS\imsins.BAK
2009-11-02 17:44:33 ----AC----
C:\WINDOWS\system32\PerfStringBackup.INI
======List of drivers (R=Running, S=Stopped,
0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======
R1 AmdK8;AMD Processor Driver;
C:\WINDOWS\system32\DRIVERS\AmdK8.sys
[2005-03-09 36352]
R2 mdmxsdk;mdmxsdk;
C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
[2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM);
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
[2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol;
C:\WINDOWS\system32\DRIVERS\arp1394.sys
[2004-08-04 60800]
R3 ati2mtag;ati2mtag;
C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
[2005-08-13 1313792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
[2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver;
C:\WINDOWS\system32\DRIVERS\hidusb.sys
[2001-08-17 9600]
R3 HSF_DP;HSF_DP;
C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
[2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2;
C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
[2004-12-15 220928]
R3 mouhid;Mouse HID Driver;
C:\WINDOWS\system32\DRIVERS\mouhid.sys
[2001-08-17 12160]
R3 NIC1394;1394 Net Driver;
C:\WINDOWS\system32\DRIVERS\nic1394.sys
[2004-08-04 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2;
C:\WINDOWS\system32\DRIVERS\RimSerial.sys
[2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver;
C:\WINDOWS\System32\Drivers\RootMdm.sys
[2004-08-04 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all
in one NDIS XP Driver;
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
[2005-03-04 74496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host
Controller Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbehci.sys
[2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub;
C:\WINDOWS\system32\DRIVERS\usbhub.sys
[2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller
Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbohci.sys
[2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class;
C:\WINDOWS\system32\DRIVERS\usbprint.sys
[2004-08-03 25856]
R3 winachsf;winachsf;
C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
[2004-12-15 703232]
S3 catchme;catchme;
\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.s
ys []
S3 ENTECH;ENTECH;
\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 motmodem;Motorola USB CDC ACM Driver;
C:\WINDOWS\system32\DRIVERS\motmodem.sys
[2007-02-27 21504]
S3 RimUsb;BlackBerry Device;
C:\WINDOWS\System32\Drivers\RimUsb.sys
[2006-11-07 22272]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector
Service;
C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
[2005-10-24 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast
Ethernet Adapter NT Driver;
C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
[2004-08-03 20992]
S3 usb_rndisx;USB RNDIS Adapter;
C:\WINDOWS\system32\DRIVERS\usb8023x.sys
[2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver;
C:\WINDOWS\System32\Drivers\usbaapl.sys
[2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver;
C:\WINDOWS\system32\DRIVERS\usbccgp.sys
[2004-08-03 31616]
S3 usbscan;USB Scanner Driver;
C:\WINDOWS\system32\DRIVERS\usbscan.sys
[2004-08-03 15104]
S3 usbser;Motorola USB Modem Driver;
C:\WINDOWS\system32\DRIVERS\usbser.sys
[2004-08-03 25600]
S3 usbsermpt;Motorola USB Modem Driver for MPT;
C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
[2006-07-06 22768]
S3 usbstor;USB Mass Storage Driver;
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
[2004-08-04 26496]
S3 usbuhci;Microsoft USB Universal Host
Controller Miniport Driver;
C:\WINDOWS\system32\DRIVERS\usbuhci.sys
[2004-08-04 20480]
S3 wceusbsh;Windows CE USB Serial Host Driver;
C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
[2006-11-06 28672]
S3 Wdf01000;Wdf01000;
C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
[2006-11-02 492000]
S3 WpdUsb;WpdUsb;
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
[2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode
Driver Framework Reflector;
C:\WINDOWS\system32\DRIVERS\wudfrd.sys
[2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows
Driver Service;
C:\WINDOWS\system32\DRIVERS\xnacc.sys
[2005-09-15 476672]
S3 xusb21;Xbox 360 Wireless Receiver Driver
Service 21;
C:\WINDOWS\system32\DRIVERS\xusb21.sys
[2007-08-28 55808]
S4 intelppm;Intel Processor Driver;
C:\WINDOWS\system32\DRIVERS\intelppm.sys []
======List of services (R=Running, S=Stopped,
0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device;
C:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
[2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program
Files\Bonjour\mDNSResponder.exe [2008-12-12
238888]
R2 LexBceS;LexBce Server;
C:\WINDOWS\system32\LEXBCES.EXE [2004-05-24
311296]
R2 WudfSvc;Windows Driver Foundation - User-mode
Driver Framework;
C:\WINDOWS\system32\svchost.exe [2004-08-04
14336]
R3 iPod Service;iPod Service; C:\Program
Files\iPod\bin\iPodService.exe [2009-11-12
545568]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9;
C:\Program Files\Roxio\Digital Home
9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9;
C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxLiveShare9.exe
[2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9;
C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23
166648]
S3 aspnet_state;ASP.NET State Service;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\as
pnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime
Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ms
corsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe
[2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation
Foundation Font Cache 3.0.0.0;
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Pres
entationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace;
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\infocard.exe
[2006-10-30 741376]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9;
C:\Program Files\Roxio\Digital Home
9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program
Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23
1010424]
S4 Ati HotKey Poller;Ati HotKey Poller;
C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13
376832]
S4 IDriverT;InstallDriver Table Manager;
C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe [2004-10-22 73728]
S4 KodakCCS;Kodak Camera Connection Software;
C:\WINDOWS\system32\drivers\KodakCCS.exe []
S4 MDM;Machine Debug Manager; C:\Program
Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing
Service;
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\SMSvcHost.exe
[2006-10-30 122880]
S4 ose;Office Source Engine; C:\Program
Files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
WeskerVII
2009-11-25, 08:16
info.txt logfile of random's system information tool 1.06 2009-11-25 00:55:56
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Active@ Password Changer Professional-->C:\PROGRA~1\ACTIVE~1\ACTIVE~1\UNWISE.EXE C:\PROGRA~1\ACTIVE~1\ACTIVE~1\INSTALL.LOG
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Mouse Browser Mouse 1.0-->C:\Program Files\Browser Mouse\Browser Mouse\1.0\unins001.EXE
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
EZ AVI TO WMV Converter 3.00-->"C:\Program Files\ezvideotools.com\EZ AVI TO WMV Converter\unins000.exe"
FitDay PC version 1.0-->"C:\Program Files\FitDay\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
Globo Bar-->regsvr32 /u /s "C:\WINDOWS\system32\globobar.ocx"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Support Overview-->"C:\WINDOWS\unins000.exe"
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Reset Utility-->MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_85a541\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Kyodai Mahjongg 2006 v1.42-->"C:\Program Files\Kyodai Mahjongg 2006\unins000.exe"
Lexmark 640 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Go-->MsiExec.exe /X{5178758D-BAF8-40BE-BC10-8D9EAE57273F}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
Motorola Driver Installation-->MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Moyea FLV to Video Converter Pro 2 version: 2.0.2.0-->"C:\Program Files\Moyea\FLV to Video Converter Pro 2\unins000.exe"
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Nero 7 Demo-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PCDADDIN-->MsiExec.exe /I{65D85050-5610-4A91-A3B1-D5C744291AD4}
PCDHELP-->MsiExec.exe /I{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PlayStation(R)Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation(R)Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PSP Video 9 1.74-->C:\Program Files\pspvideo9\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Rockstar Custom Tracks 1.0-->C:\Program Files\Rockstar Custom Tracks\uninst.exe
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins001.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Total Recorder 6.1-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======System event log======
Computer Name: DAZARY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 71747
Source Name: Service Control Manager
Time Written: 20090815151447.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 71744
Source Name: Service Control Manager
Time Written: 20090815151447.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 71741
Source Name: Service Control Manager
Time Written: 20090815151447.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 71738
Source Name: Service Control Manager
Time Written: 20090815151447.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 71735
Source Name: Service Control Manager
Time Written: 20090815151447.000000-300
Event Type: error
User:
=====Application event log=====
Computer Name: DAZARY
Event Code: 10000
Message:
Record Number: 7645
Source Name: RIMDeviceFileAccess
Time Written: 20080711004714.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 10000
Message:
Record Number: 7644
Source Name: RIMDeviceFileAccess
Time Written: 20080711004714.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 10000
Message:
Record Number: 7643
Source Name: RIMDeviceFileAccess
Time Written: 20080711004714.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 10000
Message:
Record Number: 7642
Source Name: RIMDeviceFileAccess
Time Written: 20080711004714.000000-300
Event Type: error
User:
Computer Name: DAZARY
Event Code: 10000
Message:
Record Number: 7641
Source Name: RIMDeviceFileAccess
Time Written: 20080711004714.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
-----------------EOF-----------------
Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 5.1.2600 Service Pack 2
11/13/2009 6:13:23 AM
mbam-log-2009-11-13 (06-13-23).txt
Scan type: Full Scan (C:\|)
Objects scanned: 205280
Time elapsed: 1 hour(s), 52 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP238\A0008195.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP308\A0010073.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP318\A0010313.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Once again thank you for your time.
Hi WeskerVII
Using P2P programs without the antivirus program :nono:
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I had a rootkit found by Malwarebytes.
it's not active it is in system restore
There is a icon of my computer that is labeled Combo-fix 9344c
it belongs to combofix.
ComboFix SHOULD NOT be used unless requested by a forum helper,it is not a toy and not for everyday use.
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
LimeWire
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
I would like to view the last Combofix Log
It can be found here:
C:\ComboFix.txt
Thanks peku006
WeskerVII
2009-11-26, 07:43
Hello again. Im more then happy to uninstall limewire, but I've been using uTorrent with a trust website for 5 years. Have never got any spyware/virus/trojans on that website with the program. With uTorrent the rewards out weight the risks too much. I do appreciate the concern. Here is the lastest Combofix log that I did.
ComboFix 09-11-13.04 - Compaq_Owner 11/13/2009 6:19.19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.396 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\Combo-Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.
2009-11-04 15:50 . 2009-11-04 15:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 06:10 . 2006-02-10 22:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-13 05:52 . 2008-01-30 20:12 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2009-11-10 06:05 . 2006-02-02 06:10 11614 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-10-03 06:14 . 2009-10-03 06:14 126970 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\uninstall.exe
2009-10-03 06:14 . 2008-12-10 00:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2009-10-03 06:14 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-03 06:14 . 2009-10-03 06:14 1407680 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-09-24 06:59 . 2009-09-24 06:59 44028 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-24 06:34 . 2008-01-07 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-24 06:30 . 2006-02-05 18:50 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2009-09-24 06:24 . 2009-09-24 06:23 -------- d-----w- c:\program files\iTunes
2009-09-24 06:24 . 2009-09-24 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-24 06:23 . 2006-02-05 18:48 -------- d-----w- c:\program files\iPod
2009-09-24 06:23 . 2008-01-07 20:12 -------- d-----w- c:\program files\Common Files\Apple
2009-09-24 06:22 . 2009-09-24 06:22 -------- d-----w- c:\program files\Bonjour
2009-09-24 06:21 . 2006-02-05 18:49 -------- d-----w- c:\program files\QuickTime
2009-09-24 06:16 . 2009-09-24 06:16 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-20 20:22 . 2008-05-08 00:17 256 ----a-w- c:\windows\system32\pool.bin
2009-09-19 08:02 . 2008-06-17 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 08:02 . 2008-09-23 06:20 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:33 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2008-09-23 06:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-06-17 00:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:45 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-09-24 06:18 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 00:42 . 2008-12-28 05:28 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-04_05.58.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-25 23:25 . 2009-11-02 23:44 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-25 23:25 . 2009-11-04 06:22 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2005-06-25 05:42 . 2009-11-13 06:16 215264 c:\windows\system32\FNTCACHE.DAT
- 2005-06-25 05:42 . 2009-06-11 15:14 215264 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2009-08-14 12:19 1850112 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-04 22:48 . 2009-11-05 17:36 26768832 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-9 27136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Pin.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Pin.lnk
backup=c:\windows\pss\Pin.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk
backup=c:\windows\pss\Run Nintendo Wi-Fi USB Connector Registration Tool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"KodakCCS"=3 (0x3)
"ISSVC"=3 (0x3)
"IDriverT"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"SymWSC"=2 (0x2)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[�־`=v%S8>grl>*�\�=�۱"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2009-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]
2009-11-12 c:\windows\Tasks\User_Feed_Synchronization-{05F7988F-14F6-4D24-ADA1-C2805A2CFEB2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 06:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-875415002-657145399-296918874-1009\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="TxidMdoF/YG2lIZU1Rlool+FcqgzOvqSp8Jy3VONOp3SJ+1Jh5bkhw=="
"PLCK"="9MECsIH24mjrTpngAfvISLVz75GGR7m6"
"Percents"="0 0.1141 0.2971 0.5782 0.7604 0.8727 0.8859 "
"Increment"=".003759"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-13 06:36
ComboFix-quarantined-files.txt 2009-11-13 12:35
ComboFix2.txt 2009-11-13 07:29
ComboFix3.txt 2009-11-04 06:02
ComboFix4.txt 2009-08-20 22:07
Pre-Run: 14,534,070,272 bytes free
Post-Run: 14,475,530,240 bytes free
- - End Of File - - 7499A3BABC5C9F7500246DFDD48805EE
Hi WeskerVII
I'm sorry but I can not help you any more because you do not follow the rules P2P
Our new policy:
If such programs are on your computer you will be asked to uninstall them and help withdrawn should you not agree.
peku006
Due to a lack of response, this topic is now closed
If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)