Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Virtumonde

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    7

    Default Virtumonde

    For the past few days ads have been continually popping up on my computer and Microsoft’s automatic updates were disabled for a while. Found Virtumonde after performing scans with the following programs:

    -Norton Antivirus 2009
    -Webroot’s Spysweeper
    -Spybot S&D
    - Malwarebytes' Anti-Malware

    I first tried to remove the Trojan using the fixes that these programs recommended but that didn’t help. Also followed Symantec’s instructions for using their Vundo fix tool but that didn’t help either.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:52:06 AM, on 12/30/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - AppInit_DLLs: jrrvgq.dll
    O20 - Winlogon Notify: tuvSkjJD - tuvSkjJD.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 8872 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi hpcf28

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    7

    Default

    Thanks for your reply. I appreciate your assistance.

    I have a quick question: When I first discovered the Trojan, I was logged into the computer under a user account, and when I post logs I'm posting them from under that same user account. But I was wondering if I should be logged into the administer/owner account when I'm posting these logs. Does it matter which account I'm logged into?

    *FYI: I'm posting the logs as two separate posts because I received an error message saying the text was too long when I tried to post them together.

    log.txt

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Natasha at 2009-01-03 07:32:14
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 27 GB (36%) free of 76 GB
    Total RAM: 510 MB (33% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:32:37 AM, on 1/3/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Ahead\Nero\nero.exe
    C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Natasha\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Natasha.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - AppInit_DLLs: jrrvgq.dll
    O20 - Winlogon Notify: tuvSkjJD - tuvSkjJD.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 9135 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\wrSpySweeper_LA0C5EAE948844A45B4AEFA0781F05B81.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-12-27 107896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-30 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-10 652784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-30 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
    "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
    "PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-30 136600]
    "Lexmark 5200 series"=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2004-08-04 10752]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-08 185896]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
    "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 6273400]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856]
    "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-01-19 4670968]

    C:\Documents and Settings\Natasha\Start Menu\Programs\Startup
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="jrrvgq.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvSkjJD]
    tuvSkjJD.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\academic\iss2\iss.exe"="C:\academic\iss2\iss.exe:*:Enabled:Sybase Inc. Product File"
    "C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\BitTorrent_DNA\dna.exe"="C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Documents and Settings\Natasha\Desktop\utorrent.exe"="C:\Documents and Settings\Natasha\Desktop\utorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe"="C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe:*:Enabled:eBook Library"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0daaca9-da94-11dc-a703-000d56fafd61}]
    shell\AutoRun\command - F:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-01-03 07:32:14 ----D---- C:\rsit
    2009-01-01 11:53:28 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-01 11:43:57 ----D---- C:\Documents and Settings\Natasha\Application Data\Ahead
    2008-12-30 07:15:54 ----D---- C:\Program Files\Trend Micro
    2008-12-30 06:42:17 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-30 06:42:17 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-30 06:42:16 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-30 06:42:16 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-28 10:28:00 ----D---- C:\Documents and Settings\Natasha\Application Data\Malwarebytes
    2008-12-28 10:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-12-28 10:27:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-28 07:29:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-28 07:22:40 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-12-28 07:11:44 ----D---- C:\Documents and Settings\Natasha\Application Data\calibre
    2008-12-28 07:10:29 ----HD---- C:\Program Files\InstallJammer Registry
    2008-12-28 04:39:39 ----A---- C:\WINDOWS\system32\nhlaiypx.dll
    2008-12-28 04:39:39 ----A---- C:\WINDOWS\system32\jrrvgq.dll
    2008-12-27 07:12:47 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
    2008-12-27 07:11:41 ----D---- C:\Program Files\Windows Sidebar
    2008-12-27 06:48:22 ----D---- C:\Program Files\NortonInstaller
    2008-12-27 01:49:34 ----A---- C:\WINDOWS\isRS-000.tmp
    2008-12-27 01:47:58 ----D---- C:\Binaries
    2008-12-27 01:47:10 ----D---- C:\Documents and Settings\Natasha\Application Data\Webroot
    2008-12-27 01:47:10 ----A---- C:\WINDOWS\WRSetup.dll
    2008-12-27 01:47:09 ----D---- C:\Program Files\Webroot
    2008-12-27 01:47:09 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-12-27 01:30:22 ----A---- C:\WINDOWS\system32\yzjcuc.dll
    2008-12-27 01:30:21 ----A---- C:\WINDOWS\system32\uiprjbfs.dll
    2008-12-27 01:29:11 ----A---- C:\WINDOWS\system32\5fbc1e09-.txt
    2008-12-18 05:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2008-12-12 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 09:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 09:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2008-12-12 09:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 09:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

    ======List of files/folders modified in the last 1 months======

    2009-01-03 07:32:16 ----D---- C:\WINDOWS\Prefetch
    2009-01-03 07:28:54 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-03 07:28:39 ----D---- C:\WINDOWS\Temp
    2009-01-02 09:18:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-01-01 11:53:28 ----D---- C:\WINDOWS
    2009-01-01 07:49:45 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-31 19:21:59 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-12-31 18:50:01 ----SHD---- C:\WINDOWS\Installer
    2008-12-31 18:49:55 ----SHD---- C:\Config.Msi
    2008-12-31 18:49:09 ----D---- C:\Program Files\Google
    2008-12-31 18:38:07 ----D---- C:\Program Files\GIMP-2.0
    2008-12-31 18:33:25 ----RD---- C:\Program Files
    2008-12-30 11:28:48 ----D---- C:\Program Files\PeerGuardian2
    2008-12-30 10:40:05 ----D---- C:\WINDOWS\WinSxS
    2008-12-30 10:39:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-12-30 10:38:41 ----D---- C:\Program Files\Common Files\Adobe
    2008-12-30 10:38:40 ----D---- C:\Program Files\Adobe
    2008-12-30 10:30:11 ----D---- C:\WINDOWS\system32
    2008-12-30 10:21:25 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-12-30 06:38:24 ----D---- C:\Program Files\Java
    2008-12-30 03:32:05 ----D---- C:\WINDOWS\Debug
    2008-12-28 11:06:26 ----D---- C:\WINDOWS\system32\drivers
    2008-12-28 07:09:35 ----D---- C:\Program Files\calibre
    2008-12-28 06:30:29 ----SHD---- C:\System Volume Information
    2008-12-28 06:30:29 ----D---- C:\WINDOWS\system32\Restore
    2008-12-27 18:51:13 ----D---- C:\Program Files\CCleaner
    2008-12-27 14:51:14 ----HD---- C:\WINDOWS\inf
    2008-12-27 14:47:08 ----D---- C:\Documents and Settings
    2008-12-27 07:12:48 ----D---- C:\Program Files\Symantec
    2008-12-27 07:12:47 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-12-27 07:11:42 ----D---- C:\Program Files\Norton AntiVirus
    2008-12-27 07:11:41 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
    2008-12-27 06:24:51 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-12-27 02:03:09 ----SD---- C:\WINDOWS\Tasks
    2008-12-27 01:23:36 ----D---- C:\WINDOWS\Registration
    2008-12-23 03:14:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-12-22 10:03:38 ----D---- C:\Documents and Settings\Natasha\Application Data\com.zipeg
    2008-12-18 05:29:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-18 05:28:08 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-12 12:27:54 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 09:58:08 ----D---- C:\Program Files\Internet Explorer
    2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-07 21:22:36 ----D---- C:\WINDOWS\Minidump

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
    R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-27 362544]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
    R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
    R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R3 ABVPN2K;Net Firewall Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2003-01-20 171476]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090102.025\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090102.025\NAVEX15.SYS []
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
    R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-11 34608]
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-11 37424]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
    S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-30 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-01-05 315392]
    R2 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2003-02-19 98304]
    R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-15 1245064]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2008-11-12 3667312]
    R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-13 1086840]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
    S2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-13 311296]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
    S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
    S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2008-04-25 73728]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------

  4. #4
    Junior Member
    Join Date
    Dec 2008
    Posts
    7

    Default

    info.txt

    info.txt logfile of random's system information tool 1.05 2009-01-03 07:32:41

    ======Uninstall list======

    -->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ActiveState ActivePython 2.5.2.2-->MsiExec.exe /I{A2E24BD9-085B-410F-AAD0-5EB5FA5D73D2}
    Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    All My Books 1.1 GAOTD-->"C:\Program Files\AllMyBooks\unins000.exe"
    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    AT&T Global Network Client-->C:\Program Files\AT&T Global Network Client\NetUN.exe
    Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
    calibre -- E-book management software-->C:\Program Files\calibre\Uninstall.exe
    calibre-->C:\Program Files\calibre\uninstall.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
    ConvertLIT Graphical User Interface 2.0-->C:\Program Files\ConvertLIT GUI\uninst.exe
    Cucusoft DVD to iPod + iPod Video Converter Suite 6.2.5.16-->"C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
    Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
    Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    eBook Library by Sony-->MsiExec.exe /X{A0EAB3BE-AC3F-4F9F-ACC0-ED1809B607E3}
    FTP Surfer-->MsiExec.exe /I{E518C80C-C549-40E1-844C-669ED64195D3}
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
    J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
    Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Lexmark 5200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
    Mobipocket Creator 4.2-->MsiExec.exe /I{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}
    Mobipocket Reader 6.0-->MsiExec.exe /I{ED386A62-2BA2-4544-A723-5DFFDC283F6A}
    Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
    MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
    Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
    Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.2.0.7\InstStub.exe /X
    oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
    OverDrive Media Console-->MsiExec.exe /I{16D9439B-DF3D-43D1-A727-4B335300D07A}
    Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
    PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
    Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
    Spy Sweeper-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
    Symantec Technical Support Web Controls-->MsiExec.exe /X{A0E27BA8-353A-4288-AB60-5DE8EDA18E16}
    TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
    TurboTax Home & Business 2006-->C:\Program Files\TurboTax\Home & Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2006\Uninstall.log" -NoGui
    TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
    Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
    Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
    Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
    Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
    Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
    WD FAT32 Formatter-->MsiExec.exe /I{A0D85877-DC09-4F08-9164-BE8381CB8E27}
    WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
    Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\PRSUSB_0200B6D60DA90847167AFB40E87ADFDB0591D0A1\PRSUSB.inf
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
    WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    WM Converter 2.0-->C:\Program Files\WM Converter\Uninstal.exe
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    ZIP Reader 8.00.0018-->MsiExec.exe /I{856C155E-4A74-4041-B026-04F96FFD1BCD}
    Zipeg-->"C:\Program Files\Zipeg\zipeg.exe" -uninstall

    ======Security center information======

    AV: Norton AntiVirus
    FW: Norton AntiVirus
    FW: Webroot Internet Security Essentials (disabled)

    System event log

    Computer Name: NATASHA
    Event Code: 4
    Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

    Record Number: 5310
    Source Name: bcm4sbxp
    Time Written: 20081227053356.000000-300
    Event Type: warning
    User:

    Computer Name: NATASHA
    Event Code: 7006
    Message: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.


    Record Number: 5309
    Source Name: Service Control Manager
    Time Written: 20081227053330.000000-300
    Event Type: error
    User:

    Computer Name: NATASHA
    Event Code: 7006
    Message: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.


    Record Number: 5308
    Source Name: Service Control Manager
    Time Written: 20081227053258.000000-300
    Event Type: error
    User:

    Computer Name: NATASHA
    Event Code: 7006
    Message: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.


    Record Number: 5307
    Source Name: Service Control Manager
    Time Written: 20081227053226.000000-300
    Event Type: error
    User:

    Computer Name: NATASHA
    Event Code: 7006
    Message: The ScRegSetValueExW call failed for Start with the following error:
    Access is denied.


    Record Number: 5306
    Source Name: Service Control Manager
    Time Written: 20081227053154.000000-300
    Event Type: error
    User:

    Application event log

    Computer Name: NATASHA
    Event Code: 101
    Message: Information Level: success

    Automatic LiveUpdate has been scheduled to execute in 15 minutes.

    Record Number: 20306
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081031143253.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: NATASHA
    Event Code: 101
    Message: Information Level: success

    The next run has been scheduled to occur at approximately 1:07 PM.

    Record Number: 20305
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081031090334.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: NATASHA
    Event Code: 101
    Message: Information Level: success

    Automatic LiveUpdate has terminated.

    Record Number: 20304
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081031090334.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: NATASHA
    Event Code: 101
    Message: Information Level: success

    Scheduler launched Automatic LiveUpdate.

    Record Number: 20303
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081031090140.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: NATASHA
    Event Code: 101
    Message: Information Level: success

    The next run has been scheduled to occur at approximately 9:01 AM.

    Record Number: 20302
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20081031084636.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=1
    "OS"=Windows_NT
    "Path"=C:\Perl\site\bin;C:\Perl\bin;C:\Python25\;C:\academic\orawin95\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;c:\Python25\Tools\Scripts;C:\Program Files\calibre;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.py;.pyw
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_REVISION"=0209
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

    -----------------EOF-----------------

  5. #5
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Uninstall these:

    J2SE Runtime Environment 5.0 Update 11
    Java(TM) 6 Update 2

    Go to Start > Run
    Type regedit and click OK.

    • On the leftside, click to highlight My Computer at the top.
    • Go up to "File > Export"
      • Make sure in that window there is a tick next to "All" under Export Branch.
      • Leave the "Save As Type" as \Registration Files".
      • Under "Filename" put backup
    • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
    • Click Save and then go to File > Exit.


    Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :files
      C:\Program Files\BitTorrent_DNA
      C:\Program Files\BitTorrent
      C:\Program Files\DNA\
      C:\Documents and Settings\Natasha\Desktop\utorrent.exe
      C:\WINDOWS\system32\nhlaiypx.dll
      C:\WINDOWS\system32\jrrvgq.dll
      C:\WINDOWS\system32\yzjcuc.dll
      C:\WINDOWS\system32\uiprjbfs.dll
      C:\WINDOWS\system32\5fbc1e09-.txt
      
      :reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLS"=-
      
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvSkjJD]
      
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "C:\Program Files\BitTorrent_DNA\dna.exe"=-
      "C:\Program Files\BitTorrent\bittorrent.exe"-
      "C:\Program Files\DNA\btdna.exe"=-
      "C:\Documents and Settings\Natasha\Desktop\utorrent.exe"=-
      
      :commands
      [EmptyTemp]
      [reboot]
    • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Re-run rsit.

    Post:

    - a fresh rsit log (only log.txt will appear this time)
    - otmoveit3 log
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #6
    Junior Member
    Join Date
    Dec 2008
    Posts
    7

    Default

    I was able to follow all the directions until I got to OTMoveIt3.

    I copied and pasted the posted files under the yellow header as directed, then hit "MoveIt!" But each time the OTMoveIt3 results come up, the program becomes unresponsive and completely freezes so that I can't copy and paste the results. I tried checking the C:\_OTMoveIt\MovedFiles folder to see if maybe a copy saved there but I'm not seeing a log file. Just an empty txt file and some dll files. Is there something I'm doing wrong?

    I went ahead and ran a fresh rsit log though:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Natasha at 2009-01-03 09:41:36
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 27 GB (36%) free of 76 GB
    Total RAM: 510 MB (31% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:41:59 AM, on 1/3/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Natasha\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Natasha.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 9075 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\wrSpySweeper_LA0C5EAE948844A45B4AEFA0781F05B81.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-12-27 107896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-30 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-10 652784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-30 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
    "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
    "PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "Lexmark 5200 series"=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2004-08-04 10752]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-08 185896]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
    "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-30 136600]
    "SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 6273400]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856]
    "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-01-19 4670968]

    C:\Documents and Settings\Natasha\Start Menu\Programs\Startup
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\academic\iss2\iss.exe"="C:\academic\iss2\iss.exe:*:Enabled:Sybase Inc. Product File"
    "C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Documents and Settings\Natasha\Desktop\utorrent.exe"="C:\Documents and Settings\Natasha\Desktop\utorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe"="C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe:*:Enabled:eBook Library"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0daaca9-da94-11dc-a703-000d56fafd61}]
    shell\AutoRun\command - F:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-01-03 09:05:25 ----D---- C:\_OTMoveIt
    2009-01-03 08:57:42 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-01-03 08:57:42 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-01-03 08:57:42 ----A---- C:\WINDOWS\system32\java.exe
    2009-01-03 07:32:14 ----D---- C:\rsit
    2009-01-01 11:53:28 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-01 11:43:57 ----D---- C:\Documents and Settings\Natasha\Application Data\Ahead
    2008-12-30 07:15:54 ----D---- C:\Program Files\Trend Micro
    2008-12-30 06:42:17 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-28 10:28:00 ----D---- C:\Documents and Settings\Natasha\Application Data\Malwarebytes
    2008-12-28 10:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-12-28 10:27:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-28 07:29:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-28 07:22:40 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-12-28 07:11:44 ----D---- C:\Documents and Settings\Natasha\Application Data\calibre
    2008-12-28 07:10:29 ----HD---- C:\Program Files\InstallJammer Registry
    2008-12-27 07:12:47 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
    2008-12-27 07:11:41 ----D---- C:\Program Files\Windows Sidebar
    2008-12-27 06:48:22 ----D---- C:\Program Files\NortonInstaller
    2008-12-27 01:49:34 ----A---- C:\WINDOWS\isRS-000.tmp
    2008-12-27 01:47:58 ----D---- C:\Binaries
    2008-12-27 01:47:10 ----D---- C:\Documents and Settings\Natasha\Application Data\Webroot
    2008-12-27 01:47:10 ----A---- C:\WINDOWS\WRSetup.dll
    2008-12-27 01:47:09 ----D---- C:\Program Files\Webroot
    2008-12-27 01:47:09 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-12-18 05:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2008-12-12 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 09:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 09:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2008-12-12 09:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 09:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

    ======List of files/folders modified in the last 1 months======

    2009-01-03 09:39:12 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-03 09:22:11 ----D---- C:\WINDOWS\Temp
    2009-01-03 09:13:22 ----D---- C:\WINDOWS\Prefetch
    2009-01-03 09:05:27 ----D---- C:\WINDOWS\system32
    2009-01-03 09:00:26 ----SHD---- C:\WINDOWS\Installer
    2009-01-03 09:00:26 ----SHD---- C:\Config.Msi
    2009-01-03 09:00:13 ----D---- C:\Program Files\Common Files
    2009-01-03 08:58:22 ----D---- C:\Program Files\Java
    2009-01-03 08:16:41 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-02 09:18:32 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-01-01 11:53:28 ----D---- C:\WINDOWS
    2009-01-01 07:49:45 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-31 18:49:09 ----D---- C:\Program Files\Google
    2008-12-31 18:38:07 ----D---- C:\Program Files\GIMP-2.0
    2008-12-31 18:33:25 ----RD---- C:\Program Files
    2008-12-30 11:28:48 ----D---- C:\Program Files\PeerGuardian2
    2008-12-30 10:40:05 ----D---- C:\WINDOWS\WinSxS
    2008-12-30 10:39:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-12-30 10:38:41 ----D---- C:\Program Files\Common Files\Adobe
    2008-12-30 10:38:40 ----D---- C:\Program Files\Adobe
    2008-12-30 10:21:25 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-12-30 03:32:05 ----D---- C:\WINDOWS\Debug
    2008-12-28 11:06:26 ----D---- C:\WINDOWS\system32\drivers
    2008-12-28 07:09:35 ----D---- C:\Program Files\calibre
    2008-12-28 06:30:29 ----SHD---- C:\System Volume Information
    2008-12-28 06:30:29 ----D---- C:\WINDOWS\system32\Restore
    2008-12-27 18:51:13 ----D---- C:\Program Files\CCleaner
    2008-12-27 14:51:14 ----HD---- C:\WINDOWS\inf
    2008-12-27 14:47:08 ----D---- C:\Documents and Settings
    2008-12-27 07:12:48 ----D---- C:\Program Files\Symantec
    2008-12-27 07:12:47 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-12-27 07:11:42 ----D---- C:\Program Files\Norton AntiVirus
    2008-12-27 07:11:41 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
    2008-12-27 06:24:51 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-12-27 02:03:09 ----SD---- C:\WINDOWS\Tasks
    2008-12-27 01:23:36 ----D---- C:\WINDOWS\Registration
    2008-12-23 03:14:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-12-22 10:03:38 ----D---- C:\Documents and Settings\Natasha\Application Data\com.zipeg
    2008-12-18 05:29:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-18 05:28:08 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-12 12:27:54 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 09:58:08 ----D---- C:\Program Files\Internet Explorer
    2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-07 21:22:36 ----D---- C:\WINDOWS\Minidump

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
    R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-27 362544]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
    R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
    R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R3 ABVPN2K;Net Firewall Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2003-01-20 171476]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090102.041\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090102.041\NAVEX15.SYS []
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
    R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-11 34608]
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-11 37424]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
    S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-30 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-01-05 315392]
    R2 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2003-02-19 98304]
    R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-15 1245064]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2008-11-12 3667312]
    R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-13 1086840]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
    S2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-13 311296]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
    S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
    S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2008-04-25 73728]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Let's try it again

    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :reg
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "C:\Program Files\BitTorrent\bittorrent.exe"=-
      "C:\Program Files\DNA\btdna.exe"=-
      "C:\Documents and Settings\Natasha\Desktop\utorrent.exe"=-
      
      :commands
      [EmptyTemp]
      [reboot]
    • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

    Re-run rsit.

    Post:

    - a fresh rsit log (only log.txt will appear this time)
    - otmoveit3 log
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Junior Member
    Join Date
    Dec 2008
    Posts
    7

    Default

    Okay, it worked this time.

    rsit log

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Natasha at 2009-01-03 11:22:38
    Microsoft Windows XP Home Edition Service Pack 2
    System drive C: has 28 GB (37%) free of 76 GB
    Total RAM: 510 MB (19% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:23:05 AM, on 1/3/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
    C:\Documents and Settings\Natasha\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Natasha.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 9198 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\wrSpySweeper_LA0C5EAE948844A45B4AEFA0781F05B81.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-12-27 107896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-30 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-10 652784]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-30 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-30 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]
    "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
    "PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "Lexmark 5200 series"=C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe [2004-06-04 57344]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep.exe [2004-08-04 10752]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-08 185896]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
    "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-30 136600]
    "SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 6273400]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-03-31 68856]
    "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-01-19 4670968]

    C:\Documents and Settings\Natasha\Start Menu\Programs\Startup
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\academic\iss2\iss.exe"="C:\academic\iss2\iss.exe:*:Enabled:Sybase Inc. Product File"
    "C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
    "C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
    "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
    "C:\Program Files\AT&T Global Network Client\NetClient.exe"="C:\Program Files\AT&T Global Network Client\NetClient.exe:*:Enabled:Network access client"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe"="C:\Program Files\Sony\Reader\Data\bin\eBook Library.exe:*:Enabled:eBook Library"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0daaca9-da94-11dc-a703-000d56fafd61}]
    shell\AutoRun\command - F:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2009-01-03 09:05:25 ----D---- C:\_OTMoveIt
    2009-01-03 08:57:42 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-01-03 08:57:42 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-01-03 08:57:42 ----A---- C:\WINDOWS\system32\java.exe
    2009-01-03 07:32:14 ----D---- C:\rsit
    2009-01-01 11:53:28 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-01-01 11:43:57 ----D---- C:\Documents and Settings\Natasha\Application Data\Ahead
    2008-12-30 07:15:54 ----D---- C:\Program Files\Trend Micro
    2008-12-30 06:42:17 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-28 10:28:00 ----D---- C:\Documents and Settings\Natasha\Application Data\Malwarebytes
    2008-12-28 10:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-12-28 10:27:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-12-28 07:29:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-28 07:22:40 ----D---- C:\Program Files\Spybot - Search & Destroy
    2008-12-28 07:11:44 ----D---- C:\Documents and Settings\Natasha\Application Data\calibre
    2008-12-28 07:10:29 ----HD---- C:\Program Files\InstallJammer Registry
    2008-12-27 07:12:47 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
    2008-12-27 07:11:41 ----D---- C:\Program Files\Windows Sidebar
    2008-12-27 06:48:22 ----D---- C:\Program Files\NortonInstaller
    2008-12-27 01:49:34 ----A---- C:\WINDOWS\isRS-000.tmp
    2008-12-27 01:47:58 ----D---- C:\Binaries
    2008-12-27 01:47:10 ----D---- C:\Documents and Settings\Natasha\Application Data\Webroot
    2008-12-27 01:47:10 ----A---- C:\WINDOWS\WRSetup.dll
    2008-12-27 01:47:09 ----D---- C:\Program Files\Webroot
    2008-12-27 01:47:09 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
    2008-12-18 05:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
    2008-12-12 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 09:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 09:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
    2008-12-12 09:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 09:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

    ======List of files/folders modified in the last 1 months======

    2009-01-03 11:22:12 ----D---- C:\WINDOWS\Temp
    2009-01-03 11:21:47 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-03 10:44:03 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-03 10:44:01 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-01-03 10:25:29 ----D---- C:\WINDOWS\Prefetch
    2009-01-03 10:18:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
    2009-01-03 09:05:27 ----D---- C:\WINDOWS\system32
    2009-01-03 09:00:26 ----SHD---- C:\WINDOWS\Installer
    2009-01-03 09:00:26 ----SHD---- C:\Config.Msi
    2009-01-03 09:00:13 ----D---- C:\Program Files\Common Files
    2009-01-03 08:58:22 ----D---- C:\Program Files\Java
    2009-01-01 11:53:28 ----D---- C:\WINDOWS
    2008-12-31 18:49:09 ----D---- C:\Program Files\Google
    2008-12-31 18:38:07 ----D---- C:\Program Files\GIMP-2.0
    2008-12-31 18:33:25 ----RD---- C:\Program Files
    2008-12-30 11:28:48 ----D---- C:\Program Files\PeerGuardian2
    2008-12-30 10:40:05 ----D---- C:\WINDOWS\WinSxS
    2008-12-30 10:39:58 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-12-30 10:38:41 ----D---- C:\Program Files\Common Files\Adobe
    2008-12-30 10:38:40 ----D---- C:\Program Files\Adobe
    2008-12-30 10:21:25 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-12-30 03:32:05 ----D---- C:\WINDOWS\Debug
    2008-12-28 11:06:26 ----D---- C:\WINDOWS\system32\drivers
    2008-12-28 07:09:35 ----D---- C:\Program Files\calibre
    2008-12-28 06:30:29 ----SHD---- C:\System Volume Information
    2008-12-28 06:30:29 ----D---- C:\WINDOWS\system32\Restore
    2008-12-27 18:51:13 ----D---- C:\Program Files\CCleaner
    2008-12-27 14:51:14 ----HD---- C:\WINDOWS\inf
    2008-12-27 14:47:08 ----D---- C:\Documents and Settings
    2008-12-27 07:12:48 ----D---- C:\Program Files\Symantec
    2008-12-27 07:12:47 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-12-27 07:11:42 ----D---- C:\Program Files\Norton AntiVirus
    2008-12-27 07:11:41 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
    2008-12-27 06:24:51 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    2008-12-27 02:03:09 ----SD---- C:\WINDOWS\Tasks
    2008-12-27 01:23:36 ----D---- C:\WINDOWS\Registration
    2008-12-23 03:14:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-12-22 10:03:38 ----D---- C:\Documents and Settings\Natasha\Application Data\com.zipeg
    2008-12-18 05:29:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-12-18 05:28:08 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-12 12:27:54 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 09:58:08 ----D---- C:\Program Files\Internet Explorer
    2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-07 21:22:36 ----D---- C:\WINDOWS\Minidump

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
    R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-27 362544]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081220.001\IDSxpx86.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
    R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
    R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
    R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
    R3 ABVPN2K;Net Firewall Miniport Interface; C:\WINDOWS\system32\DRIVERS\abvpn2k.sys [2003-01-20 171476]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-06-30 43136]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
    R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
    R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090102.041\NAVENG.SYS []
    R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090102.041\NAVEX15.SYS []
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-11-18 591808]
    R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
    R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-11 34608]
    R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-11 37424]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
    S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
    R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-30 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
    R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2002-01-05 315392]
    R2 NetCfgSvr;Network Configuration Service; C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE [2003-02-19 98304]
    R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
    R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-05-15 1245064]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2008-11-12 3667312]
    R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-13 1086840]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
    S2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-01-13 311296]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
    S3 lxbt_device;lxbt_device; C:\WINDOWS\system32\lxbtcoms.exe [2004-02-20 421888]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-04-16 91184]
    S3 Sony SCSI Helper Service;Sony SCSI Helper Service; C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [2008-04-25 73728]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------

    otmoveit3 log

    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\DNA\btdna.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\Natasha\Desktop\utorrent.exe deleted successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0382506E-8FEB-4463-907B-EE7455B22069.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS03938D09-0F4C-4219-9623-2A7A544EAD4F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0506935D-7222-4EF8-87CE-BB95C6792861.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS055B8C66-39C3-4ECB-9345-1AAAE2FD5CA2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0781493E-DDA9-4FC1-9255-961E1013DDB8.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS08A78B0C-8516-4768-AB38-281A9F78D600.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS0F66BB61-FB18-488A-9DA3-66EA52538EF5.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS10513C51-2292-4850-8CF2-65CE3DC29A02.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS114389AC-528B-409E-82A5-D9DF258867CA.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS13B3A59F-196E-4F06-9A3E-6DBBC027D45F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS14E91F7C-CF63-40C9-8936-47B20ECF146A.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS154D3BB6-ACCB-492A-9872-869FF0AA10A9.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1636BBB0-4529-43D5-A613-5DED49627830.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS194FC845-53F9-4BFA-BC72-CDD052DE3B93.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1B513544-7826-4EF8-889B-61778F2E13EB.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1DA0BE37-7A98-4B63-86AD-F81D4F5AAA37.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2080A03B-C9DB-4DA8-91D7-47829166D97C.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2268F9A2-8B82-439A-8EBF-B3FC977EA964.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS24952AE5-4DA4-47B7-AC9C-B34F101CF42B.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS253316A9-D8C4-4641-8548-49C545B9F126.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS278CC987-D27B-455C-AF60-967645FCE52F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2858612A-9D48-4B94-A8D5-2E05825D3454.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2B33BA27-3814-44E0-A0F5-49BD0D2A2A76.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2FCB0684-972A-49B6-9BC9-7BEF2CBCB753.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2FD6D344-64A7-42C8-9A56-16E9664FC3FA.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS30272DDA-12A4-4783-8165-DCEDCF9F63BB.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS342CECA5-A2B7-413A-BD90-034EC3B91FB7.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3A7C69EC-2F91-4198-BD63-4E55B2E990C1.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS43EE4DB0-97F3-498A-B1CC-79390C1655E6.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS446338F0-418A-43F1-8A76-B89B8DDF414E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4541FA9E-A166-493A-A655-800A3A1D6A1B.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS45F347DF-B077-4AF5-B8FC-CD5C8A5C9372.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS48030B4F-E0BC-4257-93E6-F7F85E9F2848.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4B10574A-2104-4A6D-842A-01194FE7E372.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS500CFFCD-444F-414D-8568-65A8DA9E4E6E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS520B3A5B-38E9-4AC6-9D52-A4CA1D4E8856.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS53F2D623-4BDC-414D-AC28-D42E725BC74E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS56E208E2-7B73-4264-AA8A-1BF11D049EEF.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5989CC58-06BC-4EE5-A529-4C0369451C23.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS59CB7FB8-6523-4F90-9FBC-40D39B5D94F2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5B1A3B11-7953-4B82-8335-E77307D06DC4.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5CA267A8-2229-4200-BBF1-584028E7FFA5.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5D208C61-0944-4FD3-B6AE-7F9D9D4E920E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS66146E44-E470-4D0C-985F-900982D6E2E6.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS68DE8973-2FE7-4331-9E79-9243288E6E7A.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS68F7C117-C105-41B9-B22E-98FD8507C52D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS69E98CE6-7403-4A24-B5EB-91210D9C9999.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6C622F42-179E-4F04-8967-540DBEC73401.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS710FCBB6-220B-4CEE-989A-03F7F602EC05.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS74379630-2FA8-4D11-8D5A-7713D39F4959.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS757FE708-BAE7-4868-BADC-5C7A4902E24F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS765496D0-53E6-40BF-89E5-E4E995AF0C98.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7753FB32-24F8-4182-8ECE-7A6410CC5A68.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7AD79C2B-EF29-4D53-A4C3-64B2E95E92B2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7B935D94-5D28-407E-94E3-9865A14E6A8D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7CBDEC25-4EF5-423C-878A-06E7407C8910.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS82B2E1E2-DD9D-4402-8BA6-33F116486A0D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS83081291-31EA-48DC-A687-FA8DC62B30E9.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS84C5ADDB-1FED-4C9D-AFEF-F46A4AE02DB3.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS85C2E19E-C89A-4D17-8F7D-874B1B62ECC9.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS889E3BD8-A427-4853-90FD-4685E1F59F32.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8A5762C8-94FB-4918-912C-D73AF3EF7FE3.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8B80247B-2408-49A9-AD7E-8CD0AC837692.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8F0C3C91-9FA5-4D33-9560-3EB40ECE2D4D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS935A9C48-76E1-41B6-9FA7-6091FB9E17AD.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS943930BB-121E-4A17-A84E-BE270CE350BF.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS95FC59C7-D9AF-4042-9D8C-8EAC93924E05.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS96F7CD78-F44A-4BEB-A056-2598D3A20463.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9A6EDE1E-730A-42A2-BC45-EBA40D88B709.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9E2BD88C-B489-4774-B887-0C1B1D7D709F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9EE0010F-71B2-4B1D-8E85-FEB7A23081C4.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMS9F4E65EC-003D-4BE0-B74F-23585CA62B63.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA624B6AF-8F54-4012-BF9C-B728FCEA5E9C.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA68D9B60-F8BD-4420-8591-5E703F797905.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA9259E2C-F160-40C3-BBED-C4E6E34ECD28.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA9268C6E-F6AA-488F-8CDF-0925F4C3CC0F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAB6FCE7A-022E-4A56-ABFD-2C4FD9FD082D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSABCFD312-C263-4ED2-962F-7B30E272E97C.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSAD3E4DCA-362A-4C71-9600-7C2656FDD463.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB0149AA3-F741-4A26-9810-DFDE0DAD2EC2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB4287C46-7A23-4729-A056-A9C9D006DE74.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB4361F11-61FB-4BB3-A1F7-3597B3B5AC21.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB4ED5E61-0911-4A00-9DE4-9239259C1889.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB684025E-E27F-4804-9FE8-9D89C4E710E4.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBB66FF6C-7D50-4DE3-801B-0C572092E06D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBF12792D-E8D7-4AC6-8462-FD872C71DDDE.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC2061391-A082-40AB-BEF0-8DC5330140FD.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC545D8D2-CF4B-48F2-80C6-F58FB8471E90.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD37C63C1-662D-4C42-ACF8-239544BFE76A.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD48C6D77-F1CA-4EBF-AE31-CDF6E63BEA35.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDA5164CF-384C-4812-9FBE-B0F06E25D2D7.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDB4D8E92-E4C6-4961-A2D2-37A2DD9B542E.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDBA26344-C6E3-4F1A-B5A7-EADFC75A71EE.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDD2AD8B7-5C0A-492B-B0CD-85AAEFC215C2.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE6263845-5073-499E-8FB5-D95BC430271A.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE6CEBA39-02A3-4C15-A5E5-40C4AE40D84B.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF13951AF-7277-4B69-A34F-531114BD7D28.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF2F64F8C-FDC2-4382-B9C9-322F5A3B2A46.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF53CDC7B-0283-4611-A71B-41A16AF9A66F.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF69DBDCF-C296-4B3F-B97E-6D1E5265F50B.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF87914F3-A005-4FBD-B24D-4F31B01B2B55.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFA63A686-2DC2-4C5C-AB5A-D55F7F7980FA.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFD3AB11E-FA5E-4C58-B73E-3ACAD2D2490D.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFD986E48-480F-4ADB-9B88-EBB6636A026B.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\JETFE26.tmp scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 01032009_104315

    Files moved on Reboot...
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
    File C:\WINDOWS\temp\wrstemp\SSMS0382506E-8FEB-4463-907B-EE7455B22069.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS03938D09-0F4C-4219-9623-2A7A544EAD4F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS0506935D-7222-4EF8-87CE-BB95C6792861.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS055B8C66-39C3-4ECB-9345-1AAAE2FD5CA2.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS0781493E-DDA9-4FC1-9255-961E1013DDB8.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS08A78B0C-8516-4768-AB38-281A9F78D600.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS0F66BB61-FB18-488A-9DA3-66EA52538EF5.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS10513C51-2292-4850-8CF2-65CE3DC29A02.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS114389AC-528B-409E-82A5-D9DF258867CA.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS13B3A59F-196E-4F06-9A3E-6DBBC027D45F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS14E91F7C-CF63-40C9-8936-47B20ECF146A.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS154D3BB6-ACCB-492A-9872-869FF0AA10A9.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS1636BBB0-4529-43D5-A613-5DED49627830.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS194FC845-53F9-4BFA-BC72-CDD052DE3B93.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS1B513544-7826-4EF8-889B-61778F2E13EB.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS1DA0BE37-7A98-4B63-86AD-F81D4F5AAA37.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS2080A03B-C9DB-4DA8-91D7-47829166D97C.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS2268F9A2-8B82-439A-8EBF-B3FC977EA964.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS24952AE5-4DA4-47B7-AC9C-B34F101CF42B.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS253316A9-D8C4-4641-8548-49C545B9F126.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS278CC987-D27B-455C-AF60-967645FCE52F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS2858612A-9D48-4B94-A8D5-2E05825D3454.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS2B33BA27-3814-44E0-A0F5-49BD0D2A2A76.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS2FCB0684-972A-49B6-9BC9-7BEF2CBCB753.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS2FD6D344-64A7-42C8-9A56-16E9664FC3FA.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS30272DDA-12A4-4783-8165-DCEDCF9F63BB.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS342CECA5-A2B7-413A-BD90-034EC3B91FB7.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS3A7C69EC-2F91-4198-BD63-4E55B2E990C1.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS43EE4DB0-97F3-498A-B1CC-79390C1655E6.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS446338F0-418A-43F1-8A76-B89B8DDF414E.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS4541FA9E-A166-493A-A655-800A3A1D6A1B.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS45F347DF-B077-4AF5-B8FC-CD5C8A5C9372.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS48030B4F-E0BC-4257-93E6-F7F85E9F2848.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS4B10574A-2104-4A6D-842A-01194FE7E372.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS500CFFCD-444F-414D-8568-65A8DA9E4E6E.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS520B3A5B-38E9-4AC6-9D52-A4CA1D4E8856.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS53F2D623-4BDC-414D-AC28-D42E725BC74E.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS56E208E2-7B73-4264-AA8A-1BF11D049EEF.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS5989CC58-06BC-4EE5-A529-4C0369451C23.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS59CB7FB8-6523-4F90-9FBC-40D39B5D94F2.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS5B1A3B11-7953-4B82-8335-E77307D06DC4.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS5CA267A8-2229-4200-BBF1-584028E7FFA5.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS5D208C61-0944-4FD3-B6AE-7F9D9D4E920E.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS66146E44-E470-4D0C-985F-900982D6E2E6.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS68DE8973-2FE7-4331-9E79-9243288E6E7A.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS68F7C117-C105-41B9-B22E-98FD8507C52D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS69E98CE6-7403-4A24-B5EB-91210D9C9999.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS6C622F42-179E-4F04-8967-540DBEC73401.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS710FCBB6-220B-4CEE-989A-03F7F602EC05.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS74379630-2FA8-4D11-8D5A-7713D39F4959.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS757FE708-BAE7-4868-BADC-5C7A4902E24F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS765496D0-53E6-40BF-89E5-E4E995AF0C98.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS7753FB32-24F8-4182-8ECE-7A6410CC5A68.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS7AD79C2B-EF29-4D53-A4C3-64B2E95E92B2.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS7B935D94-5D28-407E-94E3-9865A14E6A8D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS7CBDEC25-4EF5-423C-878A-06E7407C8910.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS82B2E1E2-DD9D-4402-8BA6-33F116486A0D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS83081291-31EA-48DC-A687-FA8DC62B30E9.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS84C5ADDB-1FED-4C9D-AFEF-F46A4AE02DB3.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS85C2E19E-C89A-4D17-8F7D-874B1B62ECC9.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS889E3BD8-A427-4853-90FD-4685E1F59F32.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS8A5762C8-94FB-4918-912C-D73AF3EF7FE3.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS8B80247B-2408-49A9-AD7E-8CD0AC837692.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS8F0C3C91-9FA5-4D33-9560-3EB40ECE2D4D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS935A9C48-76E1-41B6-9FA7-6091FB9E17AD.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS943930BB-121E-4A17-A84E-BE270CE350BF.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS95FC59C7-D9AF-4042-9D8C-8EAC93924E05.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS96F7CD78-F44A-4BEB-A056-2598D3A20463.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS9A6EDE1E-730A-42A2-BC45-EBA40D88B709.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS9E2BD88C-B489-4774-B887-0C1B1D7D709F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS9EE0010F-71B2-4B1D-8E85-FEB7A23081C4.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMS9F4E65EC-003D-4BE0-B74F-23585CA62B63.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSA624B6AF-8F54-4012-BF9C-B728FCEA5E9C.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSA68D9B60-F8BD-4420-8591-5E703F797905.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSA9259E2C-F160-40C3-BBED-C4E6E34ECD28.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSA9268C6E-F6AA-488F-8CDF-0925F4C3CC0F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSAB6FCE7A-022E-4A56-ABFD-2C4FD9FD082D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSABCFD312-C263-4ED2-962F-7B30E272E97C.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSAD3E4DCA-362A-4C71-9600-7C2656FDD463.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSB0149AA3-F741-4A26-9810-DFDE0DAD2EC2.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSB4287C46-7A23-4729-A056-A9C9D006DE74.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSB4361F11-61FB-4BB3-A1F7-3597B3B5AC21.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSB4ED5E61-0911-4A00-9DE4-9239259C1889.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSB684025E-E27F-4804-9FE8-9D89C4E710E4.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSBB66FF6C-7D50-4DE3-801B-0C572092E06D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSBF12792D-E8D7-4AC6-8462-FD872C71DDDE.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSC2061391-A082-40AB-BEF0-8DC5330140FD.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSC545D8D2-CF4B-48F2-80C6-F58FB8471E90.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSD37C63C1-662D-4C42-ACF8-239544BFE76A.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSD48C6D77-F1CA-4EBF-AE31-CDF6E63BEA35.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSDA5164CF-384C-4812-9FBE-B0F06E25D2D7.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSDB4D8E92-E4C6-4961-A2D2-37A2DD9B542E.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSDBA26344-C6E3-4F1A-B5A7-EADFC75A71EE.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSDD2AD8B7-5C0A-492B-B0CD-85AAEFC215C2.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSE6263845-5073-499E-8FB5-D95BC430271A.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSE6CEBA39-02A3-4C15-A5E5-40C4AE40D84B.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSF13951AF-7277-4B69-A34F-531114BD7D28.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSF2F64F8C-FDC2-4382-B9C9-322F5A3B2A46.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSF53CDC7B-0283-4611-A71B-41A16AF9A66F.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSF69DBDCF-C296-4B3F-B97E-6D1E5265F50B.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSF87914F3-A005-4FBD-B24D-4F31B01B2B55.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSFA63A686-2DC2-4C5C-AB5A-D55F7F7980FA.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSFD3AB11E-FA5E-4C58-B73E-3ACAD2D2490D.tmp not found!
    File C:\WINDOWS\temp\wrstemp\SSMSFD986E48-480F-4ADB-9B88-EBB6636A026B.tmp not found!
    File C:\WINDOWS\temp\JETFE26.tmp not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat not found!

  9. #9
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Please go to Kaspersky website and perform an online antivirus scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
    5. Click on My Computer under Scan.
    6. Once the scan is complete, it will display the results. Click on View Scan Report.
    7. You will see a list of infected items there. Click on Save Report As....
    8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    9. Please post this log in your next reply along with a fresh HijackThis log.


    If you need a tutorial, see here
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  10. #10
    Junior Member
    Join Date
    Dec 2008
    Posts
    7

    Default

    Kaspersky Online Scanner 7 Report

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Saturday, January 3, 2009
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Saturday, January 03, 2009 16:49:04
    Records in database: 1554307
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan statistics:
    Files scanned: 81938
    Threat name: 4
    Infected objects: 4
    Suspicious objects: 0
    Duration of the scan: 02:27:56


    File name / Threat name / Threats count
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1697726C.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\169A1C68.tmp Infected: Trojan.Java.ClassLoader.au 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E276F01 Infected: Backdoor.Win32.UltimateDefender.r 1
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AEF04A0.tmp Infected: Trojan-Downloader.Java.Agent.a 1

    The selected area was scanned.


    HijackThis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:00:18 PM, on 1/3/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
    O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -u
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
    O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
    O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

    --
    End of file - 9075 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •