View Full Version : Need help with possible virtumonde virus/trojan
eaglescout
2010-07-02, 07:51
This is my sister's PC...she goes off to Europe and leaves it behind for me to clean.
I think it may be infected with virtumonde, or whatever they are calling it these days.
Any help would be greatly appreciated. Let me know what else you may need.
Sincerely,
Eagle Scout
Here is the DDS log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 0:35:20.53 on Fri 07/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.123 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
C:\Program Files\SentryBay\sbupdate.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://hughhewitt.townhall.com/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Secure Browse: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\sentrybay\phishlock\plbho.dll
TB: {2C0A5F28-48D8-408B-9172-9C6121025BCE} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Suze Orman: {e7d4a654-4204-491a-8d4d-227d48fd3626} - c:\program files\sentrybay\secure browse\toolbar\ieext.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [gotnewupdate.exe] c:\documents and settings\owner.your-e7d118dc12\application data\15d194dc07a23c12133261f8491efb5d.bad\gotnewupdate.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Smifasic] rundll32.exe "c:\windows\azumagabobituyi.dll",Startup
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\2rtg5gsv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://hotair.com/
FF - component: c:\program files\sentrybay\phishlock\ffext\components\plext.dll
FF - component: c:\program files\sentrybay\secure browse\toolbar\ffext\components\registrationkey.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {ED59A1AE-6106-4BA1-B155-3EADCA9787BD} - c:\documents and settings\owner.your-e7d118dc12\local settings\application data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-25 11608]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-22 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-11-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-25 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-25 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-25 60936]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\suze orman\identity theft kit\agent\bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
R2 sbupdate;SentryBay Update Service;c:\program files\sentrybay\sbupdate.exe [2009-3-8 41272]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectDriver.sys [2007-10-18 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectFilter.sys [2007-10-18 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\suze orman\identity theft kit\agent\driver\platform_xp\SafeConnectShim.sys [2007-10-18 27312]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\suze orman\identity theft kit\agent\bin\SanaAgent.exe [2007-10-18 5218328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-24 38224]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-22 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-22 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-22 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-22 40552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 12872]
=============== Created Last 30 ================
2010-07-02 04:11:16 791393 ----a-w- C:\erunt-setup(2).exe
==================== Find3M ====================
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 18:29:18 40416 ----a-w- c:\docume~1\owner~1.you\applic~1\GDIPFONTCACHEV1.DAT
2010-04-24 15:23:38 2816 ----a-w- c:\docume~1\owner~1.you\applic~1\wklnhst.dat
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 19:11:13 36124 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 15:20:24 668672 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:20:18 81920 ----a-w- c:\windows\system32\ieencode.dll
============= FINISH: 0:36:16.75 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
eaglescout
2010-07-06, 19:21
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 12:17:30
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwClose [0xF889A870]
SSDT F8B60A2E ZwCreateKey
SSDT F8B60A24 ZwCreateThread
SSDT F8B60A33 ZwDeleteKey
SSDT F8B60A3D ZwDeleteValueKey
SSDT F8B60A42 ZwLoadKey
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwOpenProcess [0xF889A8A0]
SSDT F8B60A15 ZwOpenThread
SSDT F8B60A4C ZwReplaceKey
SSDT F8B60A47 ZwRestoreKey
SSDT F8B60A38 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA003620]
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwTerminateThread [0xF889A9F0]
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwWriteVirtualMemory [0xF889AA90]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )
---- EOF - GMER 1.0.15 ----
Hi,
Doesn't look like you ran it correctly, you need to have the sections tab checked, please run it again.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
eaglescout
2010-07-07, 00:41
Here is the MBAM log. Two infected objects were removed...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4284
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
7/6/2010 5:37:08 PM
mbam-log-2010-07-06 (17-37-08).txt
Scan type: Quick scan
Objects scanned: 156325
Time elapsed: 9 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here is a new GMER Log...this is the third run, it looks to be about the same as the first, posted earlier... The 2nd run gave me a strange windows warning message, and froze my PC, forcing me to do a hard restart.
By the way, really appreciate you taking the time ...thanks.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-06 17:23:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwClose [0xAA6C1870]
SSDT F8C32C0E ZwCreateKey
SSDT F8C32C04 ZwCreateThread
SSDT F8C32C13 ZwDeleteKey
SSDT F8C32C1D ZwDeleteValueKey
SSDT F8C32C22 ZwLoadKey
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwOpenProcess [0xAA6C18A0]
SSDT F8C32BF5 ZwOpenThread
SSDT F8C32C2C ZwReplaceKey
SSDT F8C32C27 ZwRestoreKey
SSDT F8C32C18 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA5BB620]
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwTerminateThread [0xAA6C19F0]
SSDT \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys (SafeConnect Application Activity Monitor Loader Driver./Sana Security, Inc. ) ZwWriteVirtualMemory [0xAA6C1A90]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SafeConnectFilter.sys (SafeConnect Application Activity Monitor Filter Driver./Sana Security, Inc. )
---- EOF - GMER 1.0.15 ----
OK, thanks for the logs :)
You need to be connected to the internet to run this tool
Random System Information Tool
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
eaglescout
2010-07-07, 01:10
Here is the log.txt file...
Logfile of random's system information tool 1.07 (written by random/random)
Run by Owner at 2010-07-06 18:03:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 73 GB (67%) free of 109 GB
Total RAM: 503 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:53 PM, on 7/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
C:\Program Files\SentryBay\sbupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hughhewitt.townhall.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Secure Browse - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files\SentryBay\PhishLock\plbho.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection
Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir
Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SanaSafeConnectAgent - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
O23 - Service: SanaSafeConnectWatcher - Sana Security - C:\Program Files\Suze Orman\Identity Theft
Kit\agent\Bin\SanaSafeConnectWatcher.exe
O23 - Service: SentryBay Update Service (sbupdate) - SentryBay - C:\Program Files\SentryBay\sbupdate.exe
--
End of file - 6186 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
[2008-12-30 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-04 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{ff507020-a257-4527-a222-b6f5732e55ee}]
Secure Browse - C:\Program Files\SentryBay\PhishLock\plbho.dll [2009-03-08 209208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C0A5F28-48D8-408B-9172-9C6121025BCE}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-02 2403568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\08288056785047268639960369600591]
C:\Program Files\A360\av360.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
C:\Program Files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe [2007-10-18 1731096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smifasic]
C:\WINDOWS\azumagabobituyi.dll,Startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Install Pending Files.LNK]
C:\PROGRA~1\SIFXINST\SIFXINST.EXE /ApplyPending []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplic
ations\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare
software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplicat
ions\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105fed0f-7bd7-11db-a61a-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14b1e81-7a86-11db-b123-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
2010-07-06 18:03:37 ----D---- C:\Program Files\trend micro
2010-07-06 18:03:36 ----D---- C:\rsit
2010-07-05 23:05:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
2010-07-05 22:56:48 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
2010-07-05 22:56:32 ----D---- C:\Program Files\K-Meleon
2010-07-05 14:36:52 ----D---- C:\Program Files\ERUNT
2010-07-03 14:08:34 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\tor
2010-07-03 13:35:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
2010-07-02 14:52:17 ----D---- C:\Program Files\Panda Security
2010-07-02 14:38:20 ----D---- C:\Program Files\ESET
2010-07-02 13:59:19 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
2010-07-02 13:57:56 ----D---- C:\Program Files\Auslogics
2010-07-02 13:27:22 ----D---- C:\Program Files\CCleaner
2010-07-02 13:26:34 ----D---- C:\Program Files\ToniArts
2010-07-02 00:13:06 ----D---- C:\WINDOWS\ERDNT
2010-07-02 00:11:16 ----A---- C:\erunt-setup(2).exe
2010-06-08 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-08 23:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-06-08 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-08 23:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-08 22:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-08 22:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-08 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-08 22:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
======List of files/folders modified in the last 1 months======
2010-07-06 18:03:44 ----D---- C:\WINDOWS\Prefetch
2010-07-06 18:03:37 ----D---- C:\Program Files
2010-07-06 17:24:21 ----D---- C:\Program Files\Mozilla Firefox
2010-07-06 16:14:35 ----D---- C:\WINDOWS\Help
2010-07-06 15:46:41 ----D---- C:\WINDOWS\Temp
2010-07-06 15:46:41 ----D---- C:\WINDOWS\system32\ias
2010-07-06 15:46:29 ----D---- C:\WINDOWS\Registration
2010-07-06 15:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-06 15:46:15 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-07-06 15:45:40 ----D---- C:\WINDOWS
2010-07-06 08:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-05 23:18:44 ----D---- C:\WINDOWS\system32\drivers
2010-07-05 18:03:00 ----SHD---- C:\WINDOWS\Installer
2010-07-05 18:02:59 ----SHD---- C:\Config.Msi
2010-07-05 16:25:46 ----ASH---- C:\boot.ini
2010-07-05 16:25:46 ----A---- C:\WINDOWS\win.ini
2010-07-05 16:25:46 ----A---- C:\WINDOWS\system.ini
2010-07-05 14:26:54 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-05 14:25:05 ----SHD---- C:\RECYCLER
2010-07-03 08:49:39 ----SHD---- C:\System Volume Information
2010-07-03 08:49:39 ----D---- C:\WINDOWS\system32\Restore
2010-07-03 08:38:54 ----D---- C:\WINDOWS\Debug
2010-07-03 08:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 23:35:53 ----D---- C:\Program Files\Common Files
2010-07-02 14:52:58 ----HD---- C:\WINDOWS\inf
2010-07-02 13:55:32 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-02 13:34:25 ----D---- C:\WINDOWS\Minidump
2010-07-02 13:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 04:11:49 ----RSD---- C:\WINDOWS\assembly
2010-07-02 04:11:32 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-02 04:07:38 ----D---- C:\WINDOWS\system32
2010-07-02 04:06:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-02 04:05:57 ----D---- C:\WINDOWS\WinSxS
2010-06-19 14:56:19 ----A---- C:\WINDOWS\LEXSTAT.INI
2010-06-15 23:07:50 ----A---- C:\WINDOWS\Sfc3ng.ini
2010-06-10 16:14:27 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Identities
2010-06-08 23:06:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-08 23:04:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-08 22:42:19 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-19 3965056]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26
81408]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver; \??\C:\Program Files\Suze Orman\Identity Theft
Kit\agent\driver\platform_XP\SafeConnectDriver.sys []
R3 SanaSafeConnectFilter;SanaSafeConnectFilter; \??\C:\Program Files\Suze Orman\Identity Theft
Kit\agent\driver\platform_XP\SafeConnectFilter.sys []
R3 SanaSafeConnectShim;SanaSafeConnectShim; \??\C:\Program Files\Suze Orman\Identity Theft
Kit\agent\driver\platform_XP\SafeConnectShim.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04
26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-22
20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
[2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 uxtdapow;uxtdapow; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys
[2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys
[2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18
113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-04 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher; C:\Program Files\Suze Orman\Identity Theft
Kit\agent\Bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
R2 sbupdate;SentryBay Update Service; C:\Program Files\SentryBay\sbupdate.exe [2009-03-08 41272]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18
913408]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
[2007-10-18 5218328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
[2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29
881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
eaglescout
2010-07-07, 01:11
info.txt logfile of random's system information tool
1.06 2010-07-06 18:03:58
======Uninstall list======
-->C:\Program Files\Common
Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection
DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe
/X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Adobe Flash Player 10
ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_
activeX.exe
Adobe Flash Player 10
Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_p
lugin.exe
Adobe Reader 7.1.0-->MsiExec.exe
/I{AC76BA86-7AD7-1033-7B44-A71000000002}
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program
Files\Common Files\AolCoach\en_en\AolCInUn.exe
-lang=en_en -ext=UDP
AOL You've Got Pictures Screensaver-->C:\Program
Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Application Support-->MsiExec.exe
/I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe
/I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe
/I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Funhouse-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setu
p.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Photo Book-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setu
p.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Scrapbook-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setu
p.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setu
p.exe" -l0x9 -1Slimline
Authentium AntiVirus SDK - 2-->MsiExec.exe
/I{2E753BE0-7F6F-4C31-AA84-E7F9CCDE3CA9}
Avira AntiVir Personal - Free Antivirus-->C:\Program
Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway
Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program
Files\BigFix\Uninst.isu" -c"C:\Program
Files\BigFix\Lib\UninstallHelper.dll"
Blackhawk Striker 2-->"C:\Program Files\Gateway
Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Gateway
Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe
/I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe
/I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compatibility Pack for the 2007 Office
system-->MsiExec.exe
/X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11
(KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spu
ninst\spuninst.exe"
Digital Media Reader-->C:\Program Files\Common
Files\InstallShield\Driver\8\Intel 32\IDriver.exe
/M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner
Dash\Uninstall.exe"
DVD Solution-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setu
p.exe" -uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET
Online Scanner\OnlineScannerUninstaller.exe
ESSBrwr-->MsiExec.exe
/I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe
/I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe
/I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe
/I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe
/I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe
/I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe
/I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe
/I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe
/I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EVEREST Home Edition v2.20-->"C:\Program
Files\Lavalys\EVEREST Home Edition\unins000.exe"
FATE-->"C:\Program Files\Gateway
Games\FATE\Uninstall.exe"
GradeQuick Web Plugin-->MsiExec.exe
/X{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}
Hotfix for Windows Media Format 11 SDK
(KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst
\spuninst.exe"
Hotfix for Windows Media Player 10
(KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst
\spuninst.exe"
Hotfix for Windows Media Player 11
(KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB914906)-->"C:\WINDOWS\$NtUninstallKB914906$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\sp
uninst\spuninst.exe"
Hotfix for Windows XP
(KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\sp
uninst\spuninst.exe"
Hotfix for Windows XP
(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\sp
uninst\spuninst.exe"
Hotfix for Windows XP
(KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\sp
uninst\spuninst.exe"
Hotfix for Windows XP
(KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst
\spuninst.exe"
Hotfix for Windows XP
(KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst
\spuninst.exe"
Intel(R) Graphics Media Accelerator
Driver-->RUNDLL32.EXE
C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID
PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iPod for Windows 2006-01-10-->C:\Program Files\Common
Files\InstallShield\Driver\8\Intel 32\IDriver.exe
/M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 16-->MsiExec.exe
/X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 2-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update
1-->MsiExec.exe
/I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kgchday-->MsiExec.exe
/I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe
/I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe
/I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe
/I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe
/I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe
/I{8A8664E1-84C8-4936-891C-BC1F07797549}
K-Meleon 1.5.4 en-US (remove only)-->C:\Program
Files\K-Meleon\uninstall.exe
KODAK Gallery Upload Software-->MsiExec.exe
/I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
Lexmark
X74-X75-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LX
BBUN5C.EXE -dLexmark X74-X75
Malwarebytes' Anti-Malware-->"C:\Program
Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Library Management Wizard-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 1.0 Hotfix
(KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst
\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix
(KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst
\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix
(KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst
\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix
(KB979904)-->"C:\WINDOWS\$NtUninstallKB979904$\spuninst
\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update
(KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4
322\Updates\hotfix.exe"
"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M
979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack
2-->MsiExec.exe
/I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack
2-->MsiExec.exe
/I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5
SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft
.NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows
XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu
ninst.exe"
Microsoft Digital Image Starter Edition
2006-->"C:\Program Files\Common Files\Microsoft
Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL
VERSION=11
Microsoft Internationalized Domain Names Mitigation
APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigation
APIs$\spuninst\spuninst.exe"
Microsoft Money 2003 System Pack-->MsiExec.exe
/I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2006-->"C:\Program Files\Microsoft
Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel
APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelM
apping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe
/X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack
1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni
nst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86
9.0.30729.4148-->MsiExec.exe
/X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.17-->MsiExec.exe
/X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.4148-->MsiExec.exe
/X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Word 2002-->MsiExec.exe
/I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0-->MsiExec.exe
/I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft
Word-->MsiExec.exe
/I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Microsoft Works-->MsiExec.exe
/I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mission: T.H.I.N.K.-->C:\WINDOWS\uninst.exe
-fC:\Tlcwin\Ssmwincd\uninstal\DeIsL1.isu
MobileMe Control Panel-->MsiExec.exe
/I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Movie Maker Background Music Files-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla
Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe
/Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe
/I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe
/I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe
/I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe
/I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
netbrdg-->MsiExec.exe
/I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe
/I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Panda ActiveScan 2.0-->C:\Program Files\Panda
Security\ActiveScan 2.0\as2uninst.exe
Penguins!-->"C:\Program Files\Gateway
Games\Penguins!\Uninstall.exe"
Personal License Update Wizard for Windows Media
Player-->RunDll32 advpack.dll,LaunchINFSection
C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Photo Story 3 for Windows-->MsiExec.exe
/I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Plus! MP3 Audio Converter LE-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Polar Bowler-->"C:\Program Files\Gateway Games\Polar
Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Gateway Games\Polar
Golfer\Uninstall.exe"
Power2Go 4.0-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setu
p.exe" -uninstall
PowerDVD-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dl
l,LaunchSetup "C:\Program Files\InstallShield
Installation
Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setu
p.exe" -uninstall
QuickTime-->MsiExec.exe
/I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common
Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\In
tel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation
Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setu
p.exe" -l0x9 -removeonly
SCRABBLE-->"C:\Program Files\Gateway
Games\SCRABBLE\Uninstall.exe"
Secure Browse-->C:\Program Files\SentryBay\Secure
Browse\uninstall.exe
Security Task Manager 1.7g-->C:\Program Files\Security
Task Manager\Uninstal.exe "C:\Documents and
Settings\All Users\Start Menu\Programs\Security Task
Manager"
Security Update for Windows Media Player
(KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst
\spuninst.exe"
Security Update for Windows Media Player
(KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spun
inst\spuninst.exe"
Security Update for Windows Media Player
(KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spun
inst\spuninst.exe"
Security Update for Windows Media Player
(KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spun
inst\spuninst.exe"
Security Update for Windows Media Player
(KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spu
ninst\spuninst.exe"
Security Update for Windows Media Player
(KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spun
inst\spuninst.exe"
Security Update for Windows Media Player 10
(KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst
\spuninst.exe"
Security Update for Windows Media Player 10
(KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\sp
uninst\spuninst.exe"
Security Update for Windows Media Player 11
(KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\sp
uninst\spuninst.exe"
Security Update for Windows Media Player 11
(KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spu
ninst\spuninst.exe"
Security Update for Windows Media Player 6.4
(KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\sp
uninst\spuninst.exe"
Security Update for Windows XP
(KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuins
t.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP
(KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\sp
uninst\spuninst.exe"
Security Update for Windows XP
(KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\sp
uninst\spuninst.exe"
Security Update for Windows XP
(KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst
\spuninst.exe"
Security Update for Windows XP
(KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst
\spuninst.exe"
SHASTA-->MsiExec.exe
/I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe
/I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
Soft Data Fax Modem with SmartCP-->C:\Program
Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_
200014F1\HXFSETUP.EXE -U -IPDBRYCM5K.inf
Sonic Encoders-->MsiExec.exe
/I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot -
Search & Destroy\unins000.exe"
Star Trek Starfleet Command
III-->C:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Unwise.exe /u
C:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Install.log
staticcr-->MsiExec.exe
/I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tradewinds-->"C:\Program Files\Gateway
Games\Tradewinds\Uninstall.exe"
Update for Windows Media Player 10
(KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst
\spuninst.exe"
Update for Windows Media Player 10
(KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst
\spuninst.exe"
Update for Windows Media Player 10
(KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst
\spuninst.exe"
Update for Windows XP
(KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst
\spuninst.exe"
Update for Windows XP
(KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst
\spuninst.exe"
Update for Windows XP
(KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst
\spuninst.exe"
Update for Windows XP
(KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst
\spuninst.exe"
Update for Windows XP
(KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst
\spuninst.exe"
Update for Windows XP
(KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst
\spuninst.exe"
Update for Windows XP
(KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst
\spuninst.exe"
Update for Windows XP
(KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst
\spuninst.exe"
Update for Windows XP
(KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst
\spuninst.exe"
Update for Windows XP
(KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst
\spuninst.exe"
Update for Windows XP
(KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst
\spuninst.exe"
Update for Windows XP
(KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst
\spuninst.exe"
Update for Windows XP
(KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst
\spuninst.exe"
Update for Windows XP
(KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\sp
uninst\spuninst.exe"
Update for Windows XP
(KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst
\spuninst.exe"
Update for Windows XP
(KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst
\spuninst.exe"
Update for Windows XP
(KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst
\spuninst.exe"
Update for Windows XP
(KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst
\spuninst.exe"
Update for Windows XP
(KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\sp
uninst\spuninst.exe"
Update for Windows XP
(KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst
\spuninst.exe"
Update for Windows XP
(KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst
\spuninst.exe"
Update for Windows XP
(KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst
\spuninst.exe"
Update for Windows XP
(KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst
\spuninst.exe"
Update for Windows XP
(KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst
\spuninst.exe"
Update for Windows XP
(KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst
\spuninst.exe"
Update for Windows XP
(KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst
\spuninst.exe"
Update for Windows XP
(KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst
\spuninst.exe"
Update for Windows XP
(KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst
\spuninst.exe"
Update for Windows XP
(KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst
\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition
2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spunin
st.exe
Viewpoint Media Player-->C:\Program
Files\Viewpoint\Viewpoint Experience
Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe
/I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wal-Mart Music Downloads Store-->MsiExec.exe
/I{A6A13E30-656F-4876-9B03-FBD4D712BB40}
Windows Imaging
Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuni
nst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program
Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11
runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\s
puninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows
Media Player\Setup_wm.exe" /Uninstall
Windows Media Player
11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.e
xe"
Windows Media Player Firefox Plugin-->MsiExec.exe
/I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Media Player Playlist Import to Excel
Wizard-->RunDll32 advpack.dll,LaunchINFSection
C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix -
KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\sp
uninst.exe
Windows XP Hotfix -
KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\sp
uninst.exe
Windows XP Media Center Edition 2005
KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\s
puninst.exe"
Windows XP Media Center Edition 2005
KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\s
puninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: YOUR-E7D118DC12
Event Code: 16
Message: Unable to Connect: Windows is unable to
connect to the automatic updates service and therefore
cannot download and install updates according to the
set schedule. Windows will continue to try to establish
a connection.
Record Number: 61480
Source Name: Windows Update Agent
Time Written: 20100527161908.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 20169
Message: Unable to contact a DHCP server. The Automatic
Private IP Address 169.254.107.51 will be
assigned to dial-in clients. Clients may be unable to
access resources on
the network.
Record Number: 61479
Source Name: RemoteAccess
Time Written: 20100527154436.000000-240
Event Type: warning
User:
Computer Name: YOUR-E7D118DC12
Event Code: 49
Message: Configuring the Page file for crash dump
failed. Make sure there is a page
file on the boot partition and that is large enough to
contain all physical
memory.
Record Number: 61457
Source Name: Ftdisk
Time Written: 20100527154131.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 45
Message: The system could not sucessfully load the
crash dump driver.
Record Number: 61456
Source Name: Ftdisk
Time Written: 20100527154131.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 20169
Message: Unable to contact a DHCP server. The Automatic
Private IP Address 169.254.104.21 will be
assigned to dial-in clients. Clients may be unable to
access resources on
the network.
Record Number: 61450
Source Name: RemoteAccess
Time Written: 20100527121618.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party
root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/updat
e/v3/static/trustedr/en/authrootseq.txt> with error: A
connection with the server could not be established
Record Number: 6034
Source Name: crypt32
Time Written: 20100403132957.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party
root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/updat
e/v3/static/trustedr/en/authrootseq.txt> with error: A
connection with the server could not be established
Record Number: 6029
Source Name: crypt32
Time Written: 20100403132514.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 1000
Message: Faulting application acrord32.exe, version
7.0.8.218, faulting module acrord32.dll, version
7.1.0.649, fault address 0x0006bf56.
Record Number: 6024
Source Name: Application Error
Time Written: 20100403131055.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party
root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/updat
e/v3/static/trustedr/en/authrootseq.txt> with error: A
connection with the server could not be established
Record Number: 6022
Source Name: crypt32
Time Written: 20100403072055.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party
root list sequence number from:
<http://www.download.windowsupdate.com/msdownload/updat
e/v3/static/trustedr/en/authrootseq.txt> with error: A
connection with the server could not be established
Record Number: 6018
Source Name: crypt32
Time Written: 20100402202620.000000-240
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\
System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping
4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.
WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program
Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Your logs are hard to read the way you posted them, they open in Notepad, up at the top click on Format and uncheck Wordwrap
eaglescout
2010-07-07, 02:02
Hope this is better...
info.txt logfile of random's system information tool 1.06 2010-07-06 18:03:58
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{2E753BE0-7F6F-4C31-AA84-E7F9CCDE3CA9}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bejeweled 2 Deluxe-->"C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blackhawk Striker 2-->"C:\Program Files\Gateway Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
Diner Dash-->"C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FATE-->"C:\Program Files\Gateway Games\FATE\Uninstall.exe"
GradeQuick Web Plugin-->MsiExec.exe /X{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914906)-->"C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
K-Meleon 1.5.4 en-US (remove only)-->C:\Program Files\K-Meleon\uninstall.exe
KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
Lexmark X74-X75-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB979904)-->"C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mission: T.H.I.N.K.-->C:\WINDOWS\uninst.exe -fC:\Tlcwin\Ssmwincd\uninstal\DeIsL1.isu
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Penguins!-->"C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Polar Bowler-->"C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
SCRABBLE-->"C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
Secure Browse-->C:\Program Files\SentryBay\Secure Browse\uninstall.exe
Security Task Manager 1.7g-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981350)-->"C:\WINDOWS\$NtUninstallKB981350$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCM5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Trek Starfleet Command III-->C:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Unwise.exe /u C:\PROGRA~1\ACTIVI~1\Sfc3\Uninstall\Install.log
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tradewinds-->"C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wal-Mart Music Downloads Store-->MsiExec.exe /I{A6A13E30-656F-4876-9B03-FBD4D712BB40}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: YOUR-E7D118DC12
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 61480
Source Name: Windows Update Agent
Time Written: 20100527161908.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 20169
Message: Unable to contact a DHCP server. The Automatic Private IP Address 169.254.107.51 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Record Number: 61479
Source Name: RemoteAccess
Time Written: 20100527154436.000000-240
Event Type: warning
User:
Computer Name: YOUR-E7D118DC12
Event Code: 49
Message: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
Record Number: 61457
Source Name: Ftdisk
Time Written: 20100527154131.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 45
Message: The system could not sucessfully load the crash dump driver.
Record Number: 61456
Source Name: Ftdisk
Time Written: 20100527154131.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 20169
Message: Unable to contact a DHCP server. The Automatic Private IP Address 169.254.104.21 will be
assigned to dial-in clients. Clients may be unable to access resources on
the network.
Record Number: 61450
Source Name: RemoteAccess
Time Written: 20100527121618.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Record Number: 6034
Source Name: crypt32
Time Written: 20100403132957.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Record Number: 6029
Source Name: crypt32
Time Written: 20100403132514.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 1000
Message: Faulting application acrord32.exe, version 7.0.8.218, faulting module acrord32.dll, version 7.1.0.649, fault address 0x0006bf56.
Record Number: 6024
Source Name: Application Error
Time Written: 20100403131055.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Record Number: 6022
Source Name: crypt32
Time Written: 20100403072055.000000-240
Event Type: error
User:
Computer Name: YOUR-E7D118DC12
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established
Record Number: 6018
Source Name: crypt32
Time Written: 20100402202620.000000-240
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
eaglescout
2010-07-07, 02:03
Logfile of random's system information tool 1.07 (written by random/random)
Run by Owner at 2010-07-06 18:03:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 73 GB (67%) free of 109 GB
Total RAM: 503 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:53 PM, on 7/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
C:\Program Files\SentryBay\sbupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hughhewitt.townhall.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Secure Browse - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files\SentryBay\PhishLock\plbho.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SanaSafeConnectAgent - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
O23 - Service: SanaSafeConnectWatcher - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
O23 - Service: SentryBay Update Service (sbupdate) - SentryBay - C:\Program Files\SentryBay\sbupdate.exe
--
End of file - 6186 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-30 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-04 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff507020-a257-4527-a222-b6f5732e55ee}]
Secure Browse - C:\Program Files\SentryBay\PhishLock\plbho.dll [2009-03-08 209208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C0A5F28-48D8-408B-9172-9C6121025BCE}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-02 2403568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\08288056785047268639960369600591]
C:\Program Files\A360\av360.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
C:\Program Files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe [2007-10-18 1731096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smifasic]
C:\WINDOWS\azumagabobituyi.dll,Startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
C:\PROGRA~1\SIFXINST\SIFXINST.EXE /ApplyPending []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105fed0f-7bd7-11db-a61a-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14b1e81-7a86-11db-b123-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
2010-07-06 18:03:37 ----D---- C:\Program Files\trend micro
2010-07-06 18:03:36 ----D---- C:\rsit
2010-07-05 23:05:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
2010-07-05 22:56:48 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
2010-07-05 22:56:32 ----D---- C:\Program Files\K-Meleon
2010-07-05 14:36:52 ----D---- C:\Program Files\ERUNT
2010-07-03 14:08:34 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\tor
2010-07-03 13:35:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
2010-07-02 14:52:17 ----D---- C:\Program Files\Panda Security
2010-07-02 14:38:20 ----D---- C:\Program Files\ESET
2010-07-02 13:59:19 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
2010-07-02 13:57:56 ----D---- C:\Program Files\Auslogics
2010-07-02 13:27:22 ----D---- C:\Program Files\CCleaner
2010-07-02 13:26:34 ----D---- C:\Program Files\ToniArts
2010-07-02 00:13:06 ----D---- C:\WINDOWS\ERDNT
2010-07-02 00:11:16 ----A---- C:\erunt-setup(2).exe
2010-06-08 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-08 23:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-06-08 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-08 23:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-08 22:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-08 22:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-08 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-08 22:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
======List of files/folders modified in the last 1 months======
2010-07-06 18:03:44 ----D---- C:\WINDOWS\Prefetch
2010-07-06 18:03:37 ----D---- C:\Program Files
2010-07-06 17:24:21 ----D---- C:\Program Files\Mozilla Firefox
2010-07-06 16:14:35 ----D---- C:\WINDOWS\Help
2010-07-06 15:46:41 ----D---- C:\WINDOWS\Temp
2010-07-06 15:46:41 ----D---- C:\WINDOWS\system32\ias
2010-07-06 15:46:29 ----D---- C:\WINDOWS\Registration
2010-07-06 15:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-06 15:46:15 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-07-06 15:45:40 ----D---- C:\WINDOWS
2010-07-06 08:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-05 23:18:44 ----D---- C:\WINDOWS\system32\drivers
2010-07-05 18:03:00 ----SHD---- C:\WINDOWS\Installer
2010-07-05 18:02:59 ----SHD---- C:\Config.Msi
2010-07-05 16:25:46 ----ASH---- C:\boot.ini
2010-07-05 16:25:46 ----A---- C:\WINDOWS\win.ini
2010-07-05 16:25:46 ----A---- C:\WINDOWS\system.ini
2010-07-05 14:26:54 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-05 14:25:05 ----SHD---- C:\RECYCLER
2010-07-03 08:49:39 ----SHD---- C:\System Volume Information
2010-07-03 08:49:39 ----D---- C:\WINDOWS\system32\Restore
2010-07-03 08:38:54 ----D---- C:\WINDOWS\Debug
2010-07-03 08:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 23:35:53 ----D---- C:\Program Files\Common Files
2010-07-02 14:52:58 ----HD---- C:\WINDOWS\inf
2010-07-02 13:55:32 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-02 13:34:25 ----D---- C:\WINDOWS\Minidump
2010-07-02 13:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 04:11:49 ----RSD---- C:\WINDOWS\assembly
2010-07-02 04:11:32 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-02 04:07:38 ----D---- C:\WINDOWS\system32
2010-07-02 04:06:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-02 04:05:57 ----D---- C:\WINDOWS\WinSxS
2010-06-19 14:56:19 ----A---- C:\WINDOWS\LEXSTAT.INI
2010-06-15 23:07:50 ----A---- C:\WINDOWS\Sfc3ng.ini
2010-06-10 16:14:27 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Identities
2010-06-08 23:06:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-08 23:04:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-08 22:42:19 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-19 3965056]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys []
R3 SanaSafeConnectFilter;SanaSafeConnectFilter; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys []
R3 SanaSafeConnectShim;SanaSafeConnectShim; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-22 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 uxtdapow;uxtdapow; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-04 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
R2 sbupdate;SentryBay Update Service; C:\Program Files\SentryBay\sbupdate.exe [2009-03-08 41272]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [2007-10-18 5218328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
eaglescout
2010-07-07, 02:06
I may have made a mistake and posted this as a new thread instead of a reply...
Here is a resend of log.txt...I will need to step away for a couple of hours, but I'll be back...thanks again...
Logfile of random's system information tool 1.07 (written by random/random)
Run by Owner at 2010-07-06 18:03:36
Microsoft Windows XP Professional Service Pack 2
System drive C: has 73 GB (67%) free of 109 GB
Total RAM: 503 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:53 PM, on 7/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
C:\Program Files\SentryBay\sbupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hughhewitt.townhall.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Secure Browse - {ff507020-a257-4527-a222-b6f5732e55ee} - C:\Program Files\SentryBay\PhishLock\plbho.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SanaSafeConnectAgent - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe
O23 - Service: SanaSafeConnectWatcher - Sana Security - C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe
O23 - Service: SentryBay Update Service (sbupdate) - SentryBay - C:\Program Files\SentryBay\sbupdate.exe
--
End of file - 6186 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-30 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-10-08 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-04 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff507020-a257-4527-a222-b6f5732e55ee}]
Secure Browse - C:\Program Files\SentryBay\PhishLock\plbho.dll [2009-03-08 209208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C0A5F28-48D8-408B-9172-9C6121025BCE}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-03-26 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-02 2403568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\08288056785047268639960369600591]
C:\Program Files\A360\av360.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-10-14 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2006-11-07 1121280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
C:\Program Files\Suze Orman\Identity Theft Kit\agent\bin\SanaSafeConnect.exe [2007-10-18 1731096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smifasic]
C:\WINDOWS\azumagabobituyi.dll,Startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-03-01 577536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
C:\PROGRA~1\BigFix\bigfix.exe [2005-10-11 2168360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
C:\PROGRA~1\SIFXINST\SIFXINST.EXE /ApplyPending []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\setup\rsrc\Autorun.exe
shell\dinstall\command - E:\Directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{105fed0f-7bd7-11db-a61a-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f14b1e81-7a86-11db-b123-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
2010-07-06 18:03:37 ----D---- C:\Program Files\trend micro
2010-07-06 18:03:36 ----D---- C:\rsit
2010-07-05 23:05:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
2010-07-05 22:56:48 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
2010-07-05 22:56:32 ----D---- C:\Program Files\K-Meleon
2010-07-05 14:36:52 ----D---- C:\Program Files\ERUNT
2010-07-03 14:08:34 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\tor
2010-07-03 13:35:57 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
2010-07-02 14:52:17 ----D---- C:\Program Files\Panda Security
2010-07-02 14:38:20 ----D---- C:\Program Files\ESET
2010-07-02 13:59:19 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
2010-07-02 13:57:56 ----D---- C:\Program Files\Auslogics
2010-07-02 13:27:22 ----D---- C:\Program Files\CCleaner
2010-07-02 13:26:34 ----D---- C:\Program Files\ToniArts
2010-07-02 00:13:06 ----D---- C:\WINDOWS\ERDNT
2010-07-02 00:11:16 ----A---- C:\erunt-setup(2).exe
2010-06-08 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-08 23:06:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979904$
2010-06-08 23:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-08 23:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-08 22:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-08 22:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-08 22:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-08 22:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
======List of files/folders modified in the last 1 months======
2010-07-06 18:03:44 ----D---- C:\WINDOWS\Prefetch
2010-07-06 18:03:37 ----D---- C:\Program Files
2010-07-06 17:24:21 ----D---- C:\Program Files\Mozilla Firefox
2010-07-06 16:14:35 ----D---- C:\WINDOWS\Help
2010-07-06 15:46:41 ----D---- C:\WINDOWS\Temp
2010-07-06 15:46:41 ----D---- C:\WINDOWS\system32\ias
2010-07-06 15:46:29 ----D---- C:\WINDOWS\Registration
2010-07-06 15:46:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-06 15:46:15 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2010-07-06 15:45:40 ----D---- C:\WINDOWS
2010-07-06 08:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-05 23:18:44 ----D---- C:\WINDOWS\system32\drivers
2010-07-05 18:03:00 ----SHD---- C:\WINDOWS\Installer
2010-07-05 18:02:59 ----SHD---- C:\Config.Msi
2010-07-05 16:25:46 ----ASH---- C:\boot.ini
2010-07-05 16:25:46 ----A---- C:\WINDOWS\win.ini
2010-07-05 16:25:46 ----A---- C:\WINDOWS\system.ini
2010-07-05 14:26:54 ----D---- C:\WINDOWS\system32\appmgmt
2010-07-05 14:25:05 ----SHD---- C:\RECYCLER
2010-07-03 08:49:39 ----SHD---- C:\System Volume Information
2010-07-03 08:49:39 ----D---- C:\WINDOWS\system32\Restore
2010-07-03 08:38:54 ----D---- C:\WINDOWS\Debug
2010-07-03 08:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 23:35:53 ----D---- C:\Program Files\Common Files
2010-07-02 14:52:58 ----HD---- C:\WINDOWS\inf
2010-07-02 13:55:32 ----D---- C:\Program Files\SUPERAntiSpyware
2010-07-02 13:34:25 ----D---- C:\WINDOWS\Minidump
2010-07-02 13:26:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-02 04:11:49 ----RSD---- C:\WINDOWS\assembly
2010-07-02 04:11:32 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-02 04:07:38 ----D---- C:\WINDOWS\system32
2010-07-02 04:06:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-02 04:05:57 ----D---- C:\WINDOWS\WinSxS
2010-06-19 14:56:19 ----A---- C:\WINDOWS\LEXSTAT.INI
2010-06-15 23:07:50 ----A---- C:\WINDOWS\Sfc3ng.ini
2010-06-10 16:14:27 ----D---- C:\Documents and Settings\Owner.YOUR-E7D118DC12\Application Data\Identities
2010-06-08 23:06:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-08 23:04:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-08 22:42:19 ----D---- C:\Program Files\Internet Explorer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-05-19 3965056]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-07-18 990592]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2006-07-18 256128]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-26 81408]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys []
R3 SanaSafeConnectFilter;SanaSafeConnectFilter; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys []
R3 SanaSafeConnectShim;SanaSafeConnectShim; \??\C:\Program Files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-11-22 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-07-18 728192]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-18 9600]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 uxtdapow;uxtdapow; \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\uxtdapow.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-04 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [2007-10-18 547352]
R2 sbupdate;SentryBay Update Service; C:\Program Files\SentryBay\sbupdate.exe [2009-03-08 41272]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent; C:\Program Files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [2007-10-18 5218328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Thats better , thank you, I am looking it over now
Hi,
It looks like your running Avira AV and may have had McAfee at one time, but McAfee is still trying to run on start up, can you clear this up for me .
Also, your Operating System and your Internet Explorer browser are very outdated leaving holes in your system to let this garbage in, but dont fix that yet, your system needs to be clean before we do any updating.
Your infected with a rogue program, lets do this
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
eaglescout
2010-07-07, 06:25
Okay, here is the combofix log...
ComboFix 10-07-06.02 - Owner 07/06/2010 23:07:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.128 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-E7D118DC12\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}
c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\chrome.manifest
c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\chrome\content\_cfg.js
c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\chrome\content\overlay.xul
c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\{ED59A1AE-6106-4BA1-B155-3EADCA9787BD}\install.rdf
c:\windows\system32\system
c:\windows\system32\Thumbs.db
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- c:\program files\trend micro
2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- C:\rsit
2010-07-06 03:05 . 2010-07-06 03:13 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
2010-07-06 02:57 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\K-Meleon
2010-07-06 02:56 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
2010-07-06 02:56 . 2010-07-06 02:56 -------- d-----w- c:\program files\K-Meleon
2010-07-05 18:36 . 2010-07-05 18:36 -------- d-----w- c:\program files\ERUNT
2010-07-03 18:08 . 2010-07-03 18:36 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\tor
2010-07-03 17:35 . 2010-07-03 18:09 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
2010-07-02 19:48 . 2010-07-02 19:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-02 19:48 . 2010-07-02 19:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-07-02 19:47 . 2010-07-02 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-02 18:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-02 18:52 . 2010-07-02 18:52 -------- d-----w- c:\program files\Panda Security
2010-07-02 18:38 . 2010-07-02 18:38 -------- d-----w- c:\program files\ESET
2010-07-02 17:59 . 2010-07-02 17:59 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
2010-07-02 17:57 . 2010-07-02 17:57 -------- d-----w- c:\program files\Auslogics
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\program files\CCleaner
2010-07-02 17:26 . 2010-07-02 17:26 -------- d-----w- c:\program files\ToniArts
2010-07-02 17:18 . 2010-07-02 17:18 63488 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-02 04:11 . 2010-07-02 04:11 791393 ----a-w- C:\erunt-setup(2).exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 02:58 . 2009-12-25 17:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-06 19:45 . 2009-05-11 01:56 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-03 15:54 . 2009-09-05 03:02 1 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-03 12:36 . 2010-05-19 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 17:26 . 2006-11-23 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 17:18 . 2009-12-25 17:27 117760 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 20:13 . 2009-02-17 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 21:33 . 2010-05-30 21:33 127 ----a-w- c:\documents and settings\Boss\Local Settings\Application Data\fusioncache.dat
2010-05-26 02:24 . 2010-05-22 02:30 117760 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-25 00:38 . 2010-05-25 00:38 -------- d-----w- c:\program files\Photo Story 3 for Windows
2010-05-23 13:18 . 2010-05-19 23:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 02:30 . 2010-05-22 02:30 63488 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-22 02:30 . 2010-05-22 02:30 52224 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-22 02:29 . 2010-05-22 02:29 -------- d-----w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com
2010-05-22 01:06 . 2010-05-22 01:06 -------- d-----w- c:\documents and settings\Boss\Application Data\Malwarebytes
2010-05-21 00:20 . 2007-01-20 19:26 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Apple Computer
2010-05-21 00:17 . 2007-07-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-20 00:11 . 2010-05-20 00:11 -------- d-----w- c:\documents and settings\Boss\Application Data\Avira
2010-05-18 15:23 . 2010-05-18 15:23 -------- d-----w- c:\documents and settings\Boss\Application Data\Skinux
2010-05-18 15:23 . 2010-05-18 15:22 -------- d-----w- c:\documents and settings\Boss\Application Data\ArcSoft
2010-05-18 00:29 . 2006-12-29 22:27 40416 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-17 02:52 . 2010-05-17 02:52 63488 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 02:52 . 2010-05-17 02:52 52224 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 02:52 . 2010-05-17 02:52 117760 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 02:52 . 2010-05-17 02:52 -------- d-----w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com
2010-05-14 21:57 . 2010-05-14 21:57 -------- d-----w- c:\documents and settings\Donna\Application Data\Avira
2010-05-14 21:57 . 2010-05-14 21:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Avira
2010-05-14 21:57 . 2010-05-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-14 21:47 . 2010-05-14 21:53 343906 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-05-14 21:33 . 2010-04-03 11:30 439816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Real\Update\setup3.10\setup.exe
2010-05-14 01:38 . 2010-05-14 01:38 -------- d-----w- c:\documents and settings\Donna\Application Data\Malwarebytes
2010-05-14 00:16 . 2010-05-14 00:16 -------- d-----w- c:\documents and settings\Donna\Application Data\Apple Computer
2010-05-14 00:16 . 2010-05-14 00:12 40416 ----a-w- c:\documents and settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 00:13 . 2006-11-23 00:19 -------- d-----w- c:\program files\Google
2010-05-14 00:13 . 2010-05-14 00:12 -------- d-----w- c:\documents and settings\Donna\Application Data\ArcSoft
2010-05-14 00:13 . 2010-05-14 00:13 -------- d-----w- c:\documents and settings\Donna\Application Data\Skinux
2010-05-05 22:04 . 2010-01-10 01:22 0 ----a-w- c:\windows\Ysizesux.bin
2010-05-02 14:29 . 2010-05-02 14:29 54016 ----a-w- c:\windows\system32\drivers\mgvpbuw.sys
2010-05-02 05:56 . 2006-06-17 09:23 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 12:06 . 2010-01-10 01:22 120 ----a-w- c:\windows\Qnaxejadazay.dat
2010-04-29 19:39 . 2009-12-24 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-24 15:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 15:23 . 2007-02-23 15:57 2816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\wklnhst.dat
2010-04-20 05:51 . 2006-06-17 09:23 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 19:11 . 2008-11-04 17:32 36124 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 15:20 . 2006-06-17 09:23 668672 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:20 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-15 04:28 . 2006-06-19 04:25 40416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-02 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
c:\documents and settings\Boss\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2010-7-2 783]
c:\documents and settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 05:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 05:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 05:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
2002-10-14 20:09 57344 ------w- c:\program files\Lexmark X74-X75\lxbbbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 19:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 02:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
2007-10-18 23:23 1731096 ----a-r- c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 00:22 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 23:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/2/2010 2:53 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/25/2009 1:19 PM 135336]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [10/18/2007 7:23 PM 547352]
R2 sbupdate;SentryBay Update Service;c:\program files\SentryBay\sbupdate.exe [3/8/2009 5:30 PM 41272]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys [10/18/2007 7:24 PM 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys [10/18/2007 7:24 PM 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys [10/18/2007 7:24 PM 27312]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [10/18/2007 7:23 PM 5218328]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
--- Other Services/Drivers In Memory ---
*Deregistered* - uxtdapow
.
Contents of the 'Scheduled Tasks' folder
2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hughhewitt.townhall.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Mozilla\Firefox\Profiles\2rtg5gsv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://hotair.com/
FF - component: c:\program files\SentryBay\PhishLock\ffext\components\plext.dll
FF - component: c:\program files\SentryBay\Secure Browse\toolbar\ffext\components\registrationkey.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
Notify-WgaLogon - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-08288056785047268639960369600591 - c:\program files\A360\av360.exe
MSConfigStartUp-CamMonitor - c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe
MSConfigStartUp-Smifasic - c:\windows\azumagabobituyi.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 23:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-07-06 23:20:59
ComboFix-quarantined-files.txt 2010-07-07 03:20
Pre-Run: 76,104,769,536 bytes free
Post-Run: 76,498,042,880 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP MCE" /noexecute=optin /fastdetect
- - End Of File - - 99313ABB0424FF72300F65BB3BD0E621
eaglescout
2010-07-07, 06:31
[QUOTE=ken545;376673]Hi,
It looks like your running Avira AV and may have had McAfee at one time, but McAfee is still trying to run on start up, can you clear this up for me .
This pc has a McAfee security suite offered by the ISP...obviously, it did not do it's job with this infection, so the owner tried to work with McAfee to disinfect, but they were of no help. So the owner disabled McAfee, and installed some other anti-malware, ie Spybot, MBAM, and Avira...all detected some malware, but were not able to completely clean it.
Also, your Operating System and your Internet Explorer browser are very outdated leaving holes in your system to let this garbage in, but dont fix that yet, your system needs to be clean before we do any updating.
I am using FF 3.5, as does the owner, but I can tell that someone has/is using IE as well.
Hope this helps...
Looking a lot better.
You need to go to the add remove programs in the control panel and uninstall Avira, having more than one AV is overkill and can hamper system performance, then re enable McAfee. I suspect because your system is so outdated is why this garbage snuck in, McAfee blocks viruses and this was malware not a virus.
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again
c:\windows\system32\drivers\mgvpbuw.sys <--This file
If the site is busy you can try this one
http://virusscan.jotti.org/en
eaglescout
2010-07-07, 16:32
Okay,
Uninstalled Avira.
Submitted the file to VirusTotal, four of the scanners showed it as a trojan or high-risk malware.
Here is the link...
http://www.virustotal.com/analisis/3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516-1278509110
Also, what do you mean when you say that the system is outdated...just old, or not updated?
HI,
Your running Windows XP Professional SP2, you need to use windows updates and install SP3 ( Service Pack 3 ) .
Your also using Internet Explorer 6 which is very insecure, you need to upgrade to Internet Explorer 8
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::
File::
c:\windows\system32\drivers\mgvpbuw.sys
Driver::
mgvpbuw
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
eaglescout
2010-07-07, 20:28
After dropping cfscript.txt onto combofix.exe, I get a message saying
"there's a newer version of ComboFix available. Would you like to update Combofix? Yes of No.
Should I update?
Why dont you drag CF to the trash and download a fresh copy.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
eaglescout
2010-07-07, 23:04
Sorry for the delay, didn't see your reply on page 3...here is the latest combofix log...
ComboFix 10-07-06.05 - Owner 07/07/2010 15:50:00.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.163 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-E7D118DC12\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.YOUR-E7D118DC12\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\drivers\mgvpbuw.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\mgvpbuw.sys
.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.
2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- c:\program files\trend micro
2010-07-06 22:03 . 2010-07-06 22:03 -------- d-----w- C:\rsit
2010-07-06 03:05 . 2010-07-06 03:13 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\QuickScan
2010-07-06 02:57 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\K-Meleon
2010-07-06 02:56 . 2010-07-06 02:57 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\K-Meleon
2010-07-06 02:56 . 2010-07-06 02:56 -------- d-----w- c:\program files\K-Meleon
2010-07-05 18:36 . 2010-07-05 18:36 -------- d-----w- c:\program files\ERUNT
2010-07-03 18:08 . 2010-07-03 18:36 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\tor
2010-07-03 17:35 . 2010-07-03 18:09 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Vidalia
2010-07-02 19:47 . 2010-07-02 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-07-02 18:53 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-07-02 18:52 . 2010-07-02 18:52 -------- d-----w- c:\program files\Panda Security
2010-07-02 18:38 . 2010-07-02 18:38 -------- d-----w- c:\program files\ESET
2010-07-02 17:59 . 2010-07-02 17:59 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Auslogics
2010-07-02 17:57 . 2010-07-02 17:57 -------- d-----w- c:\program files\Auslogics
2010-07-02 17:27 . 2010-07-02 17:27 -------- d-----w- c:\program files\CCleaner
2010-07-02 17:26 . 2010-07-02 17:26 -------- d-----w- c:\program files\ToniArts
2010-07-02 04:11 . 2010-07-02 04:11 791393 ----a-w- C:\erunt-setup(2).exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 14:25 . 2009-05-11 01:56 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-07-07 02:58 . 2009-12-25 17:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-03 15:54 . 2009-09-05 03:02 1 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-03 12:36 . 2010-05-19 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-02 19:48 . 2010-07-02 19:48 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-02 17:26 . 2006-11-23 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 17:18 . 2010-07-02 17:18 63488 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-02 17:18 . 2009-12-25 17:27 117760 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 20:13 . 2009-02-17 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-30 21:33 . 2010-05-30 21:33 127 ----a-w- c:\documents and settings\Boss\Local Settings\Application Data\fusioncache.dat
2010-05-26 02:24 . 2010-05-22 02:30 117760 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-25 00:38 . 2010-05-25 00:38 -------- d-----w- c:\program files\Photo Story 3 for Windows
2010-05-23 13:18 . 2010-05-19 23:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-22 02:30 . 2010-05-22 02:30 63488 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-22 02:30 . 2010-05-22 02:30 52224 ----a-w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-22 02:29 . 2010-05-22 02:29 -------- d-----w- c:\documents and settings\Boss\Application Data\SUPERAntiSpyware.com
2010-05-22 01:06 . 2010-05-22 01:06 -------- d-----w- c:\documents and settings\Boss\Application Data\Malwarebytes
2010-05-21 00:20 . 2007-01-20 19:26 -------- d-----w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Apple Computer
2010-05-21 00:17 . 2007-07-03 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-18 15:23 . 2010-05-18 15:23 -------- d-----w- c:\documents and settings\Boss\Application Data\Skinux
2010-05-18 15:23 . 2010-05-18 15:22 -------- d-----w- c:\documents and settings\Boss\Application Data\ArcSoft
2010-05-18 00:29 . 2006-12-29 22:27 40416 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-17 02:52 . 2010-05-17 02:52 63488 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-17 02:52 . 2010-05-17 02:52 52224 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-17 02:52 . 2010-05-17 02:52 117760 ----a-w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-17 02:52 . 2010-05-17 02:52 -------- d-----w- c:\documents and settings\Donna\Application Data\SUPERAntiSpyware.com
2010-05-14 21:57 . 2010-05-05 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-14 21:47 . 2010-05-14 21:53 343906 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-05-14 21:33 . 2010-04-03 11:30 439816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Real\Update\setup3.10\setup.exe
2010-05-14 01:38 . 2010-05-14 01:38 -------- d-----w- c:\documents and settings\Donna\Application Data\Malwarebytes
2010-05-14 00:16 . 2010-05-14 00:16 -------- d-----w- c:\documents and settings\Donna\Application Data\Apple Computer
2010-05-14 00:16 . 2010-05-14 00:12 40416 ----a-w- c:\documents and settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 00:13 . 2006-11-23 00:19 -------- d-----w- c:\program files\Google
2010-05-14 00:13 . 2010-05-14 00:12 -------- d-----w- c:\documents and settings\Donna\Application Data\ArcSoft
2010-05-14 00:13 . 2010-05-14 00:13 -------- d-----w- c:\documents and settings\Donna\Application Data\Skinux
2010-05-05 22:04 . 2010-01-10 01:22 0 ----a-w- c:\windows\Ysizesux.bin
2010-05-02 05:56 . 2006-06-17 09:23 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 12:06 . 2010-01-10 01:22 120 ----a-w- c:\windows\Qnaxejadazay.dat
2010-04-29 19:39 . 2009-12-24 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-12-24 15:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-24 15:23 . 2007-02-23 15:57 2816 ----a-w- c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\wklnhst.dat
2010-04-20 05:51 . 2006-06-17 09:23 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 19:11 . 2008-11-04 17:32 36124 ---ha-w- c:\windows\system32\mlfcache.dat
2010-04-16 15:20 . 2006-06-17 09:23 668672 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:20 . 2006-06-17 09:23 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-04-15 04:28 . 2006-06-19 04:25 40416 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-07-07_03.16.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-07 14:25 . 2010-07-07 14:25 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2010-07-07 13:16 . 2010-07-07 13:16 249856 c:\windows\ERDNT\AutoBackup\7-7-2010\Users\00000002\UsrClass.dat
+ 2010-07-07 13:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-7-2010\ERDNT.EXE
+ 2010-07-07 13:16 . 2010-07-07 13:16 9551872 c:\windows\ERDNT\AutoBackup\7-7-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-02 2403568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
c:\documents and settings\Boss\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2010-7-2 783]
c:\documents and settings\Owner.YOUR-E7D118DC12\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=c:\windows\pss\Install Pending Files.LNKCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 19:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 03:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-23 05:13 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-23 05:17 118784 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-03-23 05:17 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
2002-10-14 20:09 57344 ------w- c:\program files\Lexmark X74-X75\lxbbbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2006-11-07 19:49 1121280 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 23:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 02:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SanaSafeConnect]
2007-10-18 23:23 1731096 ----a-r- c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-02 00:22 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-05 23:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/2/2010 2:53 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 9:43 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 9:43 AM 67656]
R2 SanaSafeConnectWatcher;SanaSafeConnectWatcher;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaSafeConnectWatcher.exe [10/18/2007 7:23 PM 547352]
R2 sbupdate;SentryBay Update Service;c:\program files\SentryBay\sbupdate.exe [3/8/2009 5:30 PM 41272]
R3 SanaSafeConnectDriver;SanaSafeConnectDriver;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectDriver.sys [10/18/2007 7:24 PM 160280]
R3 SanaSafeConnectFilter;SanaSafeConnectFilter;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectFilter.sys [10/18/2007 7:24 PM 30232]
R3 SanaSafeConnectShim;SanaSafeConnectShim;c:\program files\Suze Orman\Identity Theft Kit\agent\driver\platform_XP\SafeConnectShim.sys [10/18/2007 7:24 PM 27312]
S2 SanaSafeConnectAgent;SanaSafeConnectAgent;c:\program files\Suze Orman\Identity Theft Kit\agent\Bin\SanaAgent.exe [10/18/2007 7:23 PM 5218328]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 9:43 AM 12872]
.
Contents of the 'Scheduled Tasks' folder
2010-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hughhewitt.townhall.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Owner.YOUR-E7D118DC12\Application Data\Mozilla\Firefox\Profiles\2rtg5gsv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://hotair.com/
FF - component: c:\program files\SentryBay\PhishLock\ffext\components\plext.dll
FF - component: c:\program files\SentryBay\Secure Browse\toolbar\ffext\components\registrationkey.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 15:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-07-07 16:02:47
ComboFix-quarantined-files.txt 2010-07-07 20:02
ComboFix2.txt 2010-07-07 03:20
Pre-Run: 76,622,987,264 bytes free
Post-Run: 76,602,650,624 bytes free
- - End Of File - - A4B8BEAE3F49FF561C3E372821B3AB04
Looking good :bigthumb:
c:\windows\Qnaxejadazay.dat <--You can delete this manually
How are things running now ?
eaglescout
2010-07-08, 01:12
Things were running well, and I just got this popup from Windows Security Alert, and this popup:
Also getting popups about virus infections, do I want to scan, and getting a porn popup.
Some programs will not execute (MS Paint, trying to send you a screen shot)...
Was able to delete the file that you wanted deleted, though.
Lets check a bit deeper.
Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log
eaglescout
2010-07-08, 01:21
Can't seem to run ANY .exe files. Also, a new icon in taskbar about antivirus software alert. (A green shield, with a white checkmark in it...I know it is bogus)
Please download and run the following tool to help allow other programs to run. (Thanks to Grinler of BleepingComputer.com)
RKill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
RKill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
RKill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
RKill.pif (http://download.bleepingcomputer.com/grinler/rkill.pif)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
You will know one ran when a box opens up with a report
You have Malwarebytes installed, open it, check for updates and run the quick scan and post the log please
eaglescout
2010-07-08, 01:44
Downloaded the first 3 and tried to run, but program was terminated, followed by a message saying that the file was infected with a virus...
The fourth program just produced an error 404 on the link.
Thats the infection telling you the file is infected, its not.
Try running Malwarebytes in Safemode
eaglescout
2010-07-08, 02:08
I do not see an option for MBAM safemode.
Do you mean restart windows in safe mode and run it? I am worried that I may not be able to restart FF, as every .exe file I try to open is terminated by the infection.
Please specify.
Thanks
Yes, restart windows in Safemode and run MBAM
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
eaglescout
2010-07-08, 02:17
Got it...
eaglescout
2010-07-08, 02:37
MBAM found 9 infections...
Here is the log...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4284
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180
7/7/2010 7:32:48 PM
mbam-log-2010-07-07 (19-32-48).txt
Scan type: Quick scan
Objects scanned: 153472
Time elapsed: 10 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rwgrfojd (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Application Data\urscmrdno\ecfktcdtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\temp\6B.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\temp\gxuDmWmzvV.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\temp\VxPoEqQKZG.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Temporary Internet Files\Content.IE5\0O9XKPSV\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Temporary Internet Files\Content.IE5\CDERGXQ7\setup[2].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-E7D118DC12\Local Settings\Temporary Internet Files\Content.IE5\URU9QLGP\setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\sortct.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
ok, now run TDSSkiller
Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log
eaglescout
2010-07-08, 21:03
ken454,
Thanks for all of your help...I think you can close this thread, as I am in the process of reinstalling WinXP.
Last night, after I ran MBAM, it asked to reboot, and when I did, WinXP would reach the logo screen, and then reboot itself, stating that it noticed a problem, possibly a hardware issue, and was shutting down.
After several hours of trying to get winXP to start, I gave up, and decided just to salvage the data, and reinstall.
Again, thanks for all you great help. I'm sticking with my linux box from now on...ha!
Well, sometimes a re install is a good option, lets hope this fixes it and its not a hardware issue.
I will keep this thread open for you for a few days, post back and let me know how it went.
If you need help with the format and reinstall let me know and I can link you to a great windows support site that can guide you through it
Ken :)
eaglescout
2010-07-09, 16:57
Although I have done many reinstalls before, please send me the link you refer to...I'm always looking for new tips, help, etc.
Thanks again...
Hi,
You can post here at our sister site, like Safer its free but you will need to register.
http://forums.whatthetech.com/index.php?showforum=119
Good Luck with your reinstall
Ken :)