Exploit.Java.CVE-2009, Antimalware Doctor, FakeAlert, and others

**orleans_rob** · 2010-05-15, 06:33

Since the blue screen was up i restarted the computer in safemode.

I opened as administrator and through "my computer" went to my desktop and copy/pasted combo on the administrator's desktop.

i then ran combo.

it seemed to be taking a lot of time on the 3rd layer of testing so i went to get something to drink.

what happened next, i have no idea becasue when i came back to the computer it had rebooted into normal mode and was waiting for me to login.

i restarted it in safemode and went in as administrator.
the dos combo window opened up right away and told me:
"Preparing Log Report.
don't run any programs until ComboFix has finished"

20 minutes later the computer blinked and asked me if i wanted to go into safemode (though i already was)

another 10 minutes later the following log popped up.
i hope this is normal operating procedure!

i see at the bottom of the report:
"Completion time: 2010-05-14 23:20:19 - machine was rebooted"

so i guess it is, scared the heck out of me

here's the report:

ComboFix 10-05-14.06 - Administrator 05/14/2010 22:47:42.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.672 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\cbo\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robert\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\bszip.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 )))))))))))))))))))))))))))))))
.

2010-05-15 03:43 . 2010-05-15 03:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-14 23:07 . 2010-05-15 01:02 -------- d-----w- C:\rsit
2010-05-10 02:43 . 2010-05-10 02:43 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 02:41 . 2010-05-10 02:41 -------- d-----w- c:\program files\Java
2010-05-09 05:47 . 2010-05-10 02:41 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 22:02 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-05-02 21:58 . 2010-05-02 21:59 -------- d-----w- c:\program files\Windows Defender
2010-05-01 23:13 . 2010-05-01 23:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 17:12 . 2010-05-01 17:12 -------- d-----w- c:\documents and settings\Robert\Application Data\Malwarebytes
2010-05-01 17:12 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 17:12 . 2010-05-01 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-01 17:12 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 17:12 . 2010-05-01 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 04:35 . 2010-05-08 08:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-25 04:34 . 2010-04-25 04:34 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Roxio
2010-04-25 04:34 . 2010-04-25 04:34 -------- d-----w- c:\documents and settings\Robert\Application Data\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-14 23:47 . 2006-11-05 20:09 -------- d-----w- c:\program files\Trend Micro
2010-05-11 00:10 . 2009-04-07 04:01 256 ----a-w- c:\windows\system32\pool.bin
2010-05-10 01:54 . 2008-08-10 04:10 -------- d-----w- c:\program files\Roxio
2010-05-08 04:29 . 2008-09-21 16:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-08 04:09 . 2008-09-21 16:57 -------- d-----w- c:\program files\SpywareBlaster
2010-05-03 22:03 . 2005-10-28 02:58 107704 ----a-w- c:\documents and settings\Happy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-28 22:43 . 2009-05-31 19:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-21 16:01 . 2010-04-14 04:42 817200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-20 23:32 . 2005-10-29 01:32 107704 ----a-w- c:\documents and settings\Robert\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 15:12 . 2009-04-07 03:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-04-17 15:09 . 2009-04-07 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-04-03 17:10 . 2008-08-12 03:46 -------- d-----w- c:\program files\McAfee
2010-04-01 23:15 . 2008-09-12 20:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-10 06:15 . 2008-08-11 23:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-08-11 23:48 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 02:15 . 2009-10-31 04:14 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-17 14:10 . 2008-08-11 23:48 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-08-11 23:48 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 05:29 . 2010-02-01 02:58 256 ----a-w- c:\documents and settings\Robert\pool.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 21:13 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-19 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-05-01 834248]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-11 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Robert\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]
Microsoft Greetings Reminders.lnk - c:\documents and settings\All Users\Microsoft Home Publishing\MHPRMIND.EXE [1998-8-13 40960]
Microsoft Works Calendar Reminders.lnk - c:\documents and settings\All Users\Application Data\MSWorks\Calendar\WKCALREM.EXE [1998-7-21 68368]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-9 24576]
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2005-11-9 237568]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/31/2009 1:21 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1285864]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 10:35 AM 93320]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe [4/27/2009 10:27 AM 232576]
S3 cpuz128;cpuz128;\??\c:\docume~1\Robert\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Robert\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [4/27/2009 10:26 AM 22552]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [4/27/2009 10:25 AM 27160]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [4/27/2009 10:26 AM 79896]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [4/27/2009 10:27 AM 25112]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:13]

2010-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-12 17:22]

2010-05-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-08-12 17:22]

2010-05-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-05-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-09-12 21:31]

2010-05-09 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-09-12 21:31]

2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{97465611-51A7-4A27-BBCC-D5DE1ECEE541}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ReimageFTP - c:\program files\Reimage\Reimage Repair\ReiFTPWatchDog.exe
AddRemove-HijackThis - c:\documents and settings\Robert\Desktop\orleans\HijackThis.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-14 23:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-05-14 23:20:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-15 04:20

Pre-Run: 5,627,301,888 bytes free
Post-Run: 5,497,147,392 bytes free

- - End Of File - - AE85B025E0B0704F3B7E85DF17B20F39

**ken545** · 2010-05-15, 13:38

Hi,

Open notepad and then copy and paste the bolded lines below into Notepad.
Go to File > save as and name the file fixes.bat.
Change the Save as type to all files and save it to your desktop.

@echo off
sc stop cpuz128
sc delete cpuz128

Double-click on fixes.bat file to execute it.

Reboot and post a new RSIT log.

Please run this free online virus scanner from ESET

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

**orleans_rob** · 2010-05-15, 16:25

I am still in safemode under admiinistrator.

Should I run the first part in safemode or reboot?

If the first part should be done in safemode, when I run the RSIT scan after the reboot - what mode should I be in?

**ken545** · 2010-05-15, 19:34

You can run the fix in Safemode or Normal windows, but after you reboot run ESET in Normal windows

**orleans_rob** · 2010-05-15, 19:41

just ran fixes

about to run RSIT in normal

will post and then run ESET

(REMINDER: i'm communicating with you on my wife's laptop)

**orleans_rob** · 2010-05-15, 19:59

about to post RSIT - ran very quickly this time

question: i assume i need to turn McAfee back on since i have to connect to internet to run ESET

**orleans_rob** · 2010-05-15, 20:00

info.txt logfile of random's system information tool 1.06 2010-05-15 12:47:24

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware Email Scanner for Outlook-->MsiExec.exe /I{338F08AB-C262-42C7-B000-34DE1A475273}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
ArcSoft Software Suite-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
Aventail Connect-->MsiExec.exe /I{A2A78788-2792-49BF-AF22-5E9296E568F3}
Aventail Web Proxy Agent-->MsiExec.exe /X{9B0B46B3-10DF-4ADA-9501-0129D784563D}
Aventail Webifiers-->MsiExec.exe /X{54D44AD1-A083-48B9-BD6F-AFD517B7C775}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{205A5182-EFC8-4C25-B61D-C164F8FF4048}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{205A5182-EFC8-4C25-B61D-C164F8FF4048}
BlackBerry Device Software v5.0.0 for the BlackBerry 8530 smartphone-->MsiExec.exe /X{8D55AC33-2CB4-4A4D-93A9-F5C76124BBC3}
BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}
Carbonite-->C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cox Online Support Controls-->"C:\Program Files\SupportSoft\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crosstrainer 6-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D837BFF0-7EC2-4242-8750-E26EFE59A6F6}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DMX Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE8913B7-B2C4-48BE-8A26-84390FF4F231}\setup.exe" -l0x9 -L0x9 /SMAINT
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Juniper Installer Service-->MsiExec.exe /I{D8AB148C-3182-4B41-8CBC-565104358386}
Kick N Rush-->"C:\Program Files\MSN Games\Kick N Rush\Uninstall.exe" "C:\Program Files\MSN Games\Kick N Rush\install.log"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Greetings-->C:\Documents and Settings\All Users\Microsoft Home Publishing\Setup\mhpstp.exe /m
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 99-->C:\Documents and Settings\All Users\Microsoft Money\setup\setup.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works Calendar 1.0-->C:\Documents and Settings\All Users\Application Data\MSWorks\Calendar\SETUP\setup.exe
Microsoft Works Setup Launcher-->C:\Program Files\Microsoft Works Suite 99\Setup\Launcher.exe D:\
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Program 1.5-->"C:\Program Files\Love Clock - Tonight's The Night\unins000.exe"
MyWay Search Assistant-->MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
QuickBooks Pro Edition 2003-->C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Roxio Media Manager-->MsiExec.exe /X{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}
ScrewDrivers Client v4-->C:\PROGRA~1\triCerat\SIMPLI~1\SCREWD~2\UNWISE.EXE C:\PROGRA~1\triCerat\SIMPLI~1\SCREWD~2\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WebEx-->C:\WINDOWS\Downlo~1\atcliun.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Security center information======

AV: McAfee VirusScan (disabled)
FW: McAfee Personal Firewall

======System event log======

Computer Name: DHRXN81
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service CarboniteService with arguments ""
in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}

Record Number: 15494
Source Name: DCOM
Time Written: 20100514224318.000000-300
Event Type: error
User: DHRXN81\Administrator

Computer Name: DHRXN81
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service CarboniteService with arguments ""
in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}

Record Number: 15493
Source Name: DCOM
Time Written: 20100514224318.000000-300
Event Type: error
User: DHRXN81\Administrator

Computer Name: DHRXN81
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service CarboniteService with arguments ""
in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}

Record Number: 15492
Source Name: DCOM
Time Written: 20100514224318.000000-300
Event Type: error
User: DHRXN81\Administrator

Computer Name: DHRXN81
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service CarboniteService with arguments ""
in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}

Record Number: 15491
Source Name: DCOM
Time Written: 20100514224318.000000-300
Event Type: error
User: DHRXN81\Administrator

Computer Name: DHRXN81
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service CarboniteService with arguments ""
in order to run the server:
{36471C67-6A93-4434-92CC-4C614CD06666}

Record Number: 15490
Source Name: DCOM
Time Written: 20100514224318.000000-300
Event Type: error
User: DHRXN81\Administrator

=====Application event log=====

Computer Name: DHRXN81
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 2265
Source Name: MsiInstaller
Time Written: 20090616092917.000000-300
Event Type: warning
User: DHRXN81\Robert

Computer Name: DHRXN81
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 2264
Source Name: MsiInstaller
Time Written: 20090616092916.000000-300
Event Type: warning
User: DHRXN81\Robert

Computer Name: DHRXN81
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Record Number: 2262
Source Name: LoadPerf
Time Written: 20090616092723.000000-300
Event Type: error
User:

Computer Name: DHRXN81
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Record Number: 2261
Source Name: LoadPerf
Time Written: 20090616092723.000000-300
Event Type: error
User:

Computer Name: DHRXN81
Event Code: 1001
Message: Fault bucket 1180947459.

Record Number: 2256
Source Name: Application Hang
Time Written: 20090616090721.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

**orleans_rob** · 2010-05-15, 20:01

Logfile of random's system information tool 1.07 (written by random/random)
Run by Robert at 2010-05-15 12:47:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 5 GB (7%) free of 73 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:47:20 PM, on 5/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Documents and Settings\All Users\Microsoft Home Publishing\MHPRMIND.EXE
C:\Documents and Settings\All Users\Application Data\MSWorks\Calendar\WKCALREM.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Documents and Settings\Robert\Desktop\hjt\rsit\RSIT.exe
C:\Program Files\trend micro\Robert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Documents and Settings\All Users\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Documents and Settings\All Users\Application Data\MSWorks\Calendar\WKCALREM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://www.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://i2.morkee.com/workplace/webifiers/wficat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1130646214381
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1131227148718
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D} (SodaAgt Class) - https://i2.morkee.com/postauthACC/SodaAgent.CAB
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12077 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{97465611-51A7-4A27-BBCC-D5DE1ECEE541}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2008-10-24 206112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2008-10-24 79136]
"ADUserMon"=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [2002-09-24 147456]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2006-01-17 53248]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-10-29 1218008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-10-19 98304]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2009-01-09 669840]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-04-30 834248]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-10 648536]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Documents and Settings\Robert\Start Menu\Programs\Startup
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
Microsoft Greetings Reminders.lnk - C:\Documents and Settings\All Users\Microsoft Home Publishing\MHPRMIND.EXE
Microsoft Works Calendar Reminders.lnk - C:\Documents and Settings\All Users\Application Data\MSWorks\Calendar\WKCALREM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-05-14 23:20:19 ----A---- C:\ComboFix.txt
2010-05-14 21:06:28 ----A---- C:\Boot.bak
2010-05-14 21:06:19 ----RASHD---- C:\cmdcons
2010-05-14 20:57:21 ----A---- C:\WINDOWS\zip.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\SWSC.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\SWREG.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\sed.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\PEV.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\MBR.exe
2010-05-14 20:57:21 ----A---- C:\WINDOWS\grep.exe
2010-05-14 20:56:44 ----D---- C:\WINDOWS\ERDNT
2010-05-14 20:56:12 ----D---- C:\Qoobox
2010-05-14 18:07:36 ----D---- C:\rsit
2010-05-09 21:43:48 ----D---- C:\Program Files\Common Files\Java
2010-05-09 21:43:07 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-09 21:43:07 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-09 21:43:07 ----A---- C:\WINDOWS\system32\java.exe
2010-05-09 21:41:41 ----D---- C:\Program Files\Java
2010-05-09 00:49:51 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-05-09 00:47:42 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-02 17:02:49 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-05-02 16:58:58 ----D---- C:\Program Files\Windows Defender
2010-05-01 12:12:30 ----D---- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2010-05-01 12:12:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-05-01 12:12:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-27 22:09:29 ----D---- C:\Program Files\Mozilla Firefox
2010-04-24 23:34:24 ----D---- C:\Documents and Settings\Robert\Application Data\Roxio
2010-04-14 19:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 19:18:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 19:15:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 19:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 09:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 09:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 13:01:54 ----A---- C:\mbam-error.txt
2010-03-10 01:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-02-23 20:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-20 20:35:59 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

======List of files/folders modified in the last 3 months======

2010-05-15 12:47:06 ----D---- C:\Program Files\Trend Micro
2010-05-15 12:47:05 ----D---- C:\WINDOWS\Prefetch
2010-05-15 12:45:31 ----D---- C:\WINDOWS\Temp
2010-05-15 12:44:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-15 12:44:44 ----SD---- C:\WINDOWS\Tasks
2010-05-15 12:39:38 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2010-05-15 12:39:32 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2010-05-15 12:38:58 ----D---- C:\WINDOWS
2010-05-15 12:34:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-14 23:07:02 ----A---- C:\WINDOWS\system.ini
2010-05-14 23:03:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-14 23:01:46 ----D---- C:\WINDOWS\system32\drivers
2010-05-14 23:00:42 ----D---- C:\WINDOWS\system32\config
2010-05-14 22:57:52 ----D---- C:\WINDOWS\system32
2010-05-14 22:57:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-14 22:55:48 ----D---- C:\WINDOWS\AppPatch
2010-05-14 22:55:45 ----D---- C:\Program Files\Common Files
2010-05-14 21:06:28 ----RASH---- C:\boot.ini
2010-05-14 05:53:19 ----SHD---- C:\System Volume Information
2010-05-11 05:34:04 ----D---- C:\WINDOWS\Registration
2010-05-09 21:43:51 ----SHD---- C:\WINDOWS\Installer
2010-05-09 21:43:50 ----D---- C:\Config.Msi
2010-05-09 21:41:41 ----RD---- C:\Program Files
2010-05-09 20:54:12 ----HD---- C:\WINDOWS\inf
2010-05-09 20:54:12 ----D---- C:\Program Files\Roxio
2010-05-09 20:39:43 ----D---- C:\WINDOWS\system32\Macromed
2010-05-09 20:39:18 ----D---- C:\WINDOWS\WinSxS
2010-05-09 20:38:31 ----D---- C:\Program Files\Adobe
2010-05-09 20:38:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-05-08 17:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-05-07 23:29:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-05-07 23:09:26 ----D---- C:\Program Files\SpywareBlaster
2010-05-02 23:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-05-02 16:58:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-29 23:22:07 ----D---- C:\WINDOWS\Provisioning
2010-04-28 23:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-04-28 17:43:09 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-04-25 05:35:52 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-17 10:12:33 ----D---- C:\Program Files\Common Files\Roxio Shared
2010-04-17 10:12:13 ----RSD---- C:\WINDOWS\Fonts
2010-04-17 10:09:05 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2010-04-14 19:18:47 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-04-14 19:18:32 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 19:18:29 ----A---- C:\WINDOWS\imsins.BAK
2010-04-06 12:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-03 12:10:42 ----D---- C:\Program Files\McAfee
2010-04-01 18:15:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-31 09:19:39 ----D---- C:\Program Files\Internet Explorer
2010-03-25 22:40:10 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-03-19 00:36:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-10 01:15:52 ----A---- C:\WINDOWS\system32\vbscript.dll
2010-03-10 01:03:24 ----D---- C:\Program Files\Movie Maker
2010-02-25 11:54:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\occache.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\mstime.dll
2010-02-25 01:24:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-02-25 01:24:34 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2010-02-24 04:54:25 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2010-02-20 20:36:14 ----D---- C:\Program Files\Lavasoft
2010-02-17 09:10:28 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 21:30:20 ----D---- C:\Program Files\Common Files\Research In Motion
2010-02-16 08:25:04 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NgLog;Aventail VPN Logging; C:\WINDOWS\system32\DRIVERS\nglog.sys [2009-04-27 27160]
R3 NgVpn;Aventail VPN Adapter; C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2009-04-27 79896]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 NgFilter;Aventail VPN Filter; C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2009-04-27 22552]
S3 NgWfp;Aventail VPN Callout; C:\WINDOWS\system32\DRIVERS\ngwfp.sys [2009-04-27 25112]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2009-01-09 1951376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-09 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 NgVpnMgr;Aventail VPN Client; C:\WINDOWS\system32\ngvpnmgr.exe [2009-04-27 232576]
R2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-30 1285864]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE [2007-09-12 2999664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S3 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 202544]
S4 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-09-24 151552]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-09-04 73728]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

**ken545** · 2010-05-15, 22:33

Yes, tun McAfee back on. Waiting for the ESET report

**orleans_rob** · 2010-05-15, 23:12

2 hours and 54 minutes later and still have 7% of scan to go

so far it has found one infected file and 1 threat
- threat = Win32/Bagle.gen.zip worm

will post official report when completed
est time completed = 4:30 pm central time

Thread: Exploit.Java.CVE-2009, Antimalware Doctor, FakeAlert, and others

Thread Tools

Display

Posting Permissions