can't get rid of dnschanger no matter what I do

oldskooldw · Nov 26, 2008

because of dnschanger I can't update windows using windows updater and I am at a loss as how to remove it.....

here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:30 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [birdfree] C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1\about peak.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19483 bytes

please help

Blade81 · Nov 27, 2008

Hi

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

oldskooldw · Nov 27, 2008

RSIT Logs part 1

I'll have to put each log in a separate reply, here is the first log...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Habitat Productions at 2008-11-27 15:28:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 453 GB (48%) free of 949 GB
Total RAM: 2045 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:48 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Habitat Productions\My Documents\Comics\New Folder\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Habitat Productions.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [birdfree] C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1\about peak.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19569 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\82E372E29D5CE662.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\SpyHunter Scanner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-18 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9}]
MorpheusToolbar BHO - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL [2007-05-10 237568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-08-06 111912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-01 5759816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - Morpheus Toolbar - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL [2007-05-10 237568]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-11-01 5759816]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2008-03-07 1090912]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-03-02 18944]
"NVRaidService"=C:\WINDOWS\system32\nvraidservice.exe [2006-08-03 137216]
"DMXLauncher"=C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2007-08-14 113136]
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-10-14 122880]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-09-14 157592]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-01-26 57393]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-01-26 40960]
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-06-15 307200]
"dlcqmon.exe"=C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe [2006-06-20 286720]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 966\memcard.exe [2006-06-27 299008]
"DLCQCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll []
"ante wait camp memo"=C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe []
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-07-23 341232]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [2007-08-24 240112]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-07-18 185896]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"ShaPlus Bandwidth Meter"=C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter /s []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2008-10-28 681256]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2007-11-30 1164576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-25 136600]
"Corel Photo Downloader"=C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2007-08-28 531272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"=C:\Program Files\Microsoft Location Finder\LocationFinder.exe [2006-11-14 121640]
"birdfree"=C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1\about peak.exe []
"SkinClock"=C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [2007-02-16 1724416]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"bandmon"=C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe [2008-06-01 1529856]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bitmeter2.lnk - C:\Program Files\Codebox\BitMeter\BitMeter2.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

C:\Documents and Settings\Habitat Productions\Start Menu\Programs\Accessories\Startup
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled

MSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\WINDOWS\system32\dlcqcoms.exe"="C:\WINDOWS\system32\dlcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\utorrent.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\emulev0.47a-MorphXTv8.9-bin\emule\emule.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\emulev0.47a-MorphXTv8.9-bin\emule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp"="C:\Program Files\Kazaa Lite Resurrection\kazaalite.kpp:*:Enabled:kazaalite"
"C:\Program Files\K-Lite\kazaa.core"="C:\Program Files\K-Lite\kazaa.core:*:Enabled:Kazaa"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Documents and Settings\Habitat Productions\Local Settings\Temp\ElectronicArts_Patcher_000.exe"="C:\Documents and Settings\Habitat Productions\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat"="C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\Morpheus Ultra\Morpheus.exe"="C:\Program Files\Morpheus Ultra\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\BearFlix\bearflix.exe"="C:\Program Files\BearFlix\bearflix.exe:*:Enabled:BearFlix"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Documents and Settings\Habitat Productions\My Documents\Comics\wowclient-downloader.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Comics\wowclient-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Habitat Productions\My Documents\Comics\WoW-BurningCrusade-enUS-Installer-downloader.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Comics\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Sega\Universe At War Earth Assault (DEMO)\UAWEA.exe"="C:\Program Files\Sega\Universe At War Earth Assault (DEMO)\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled

CPlusPlus"
"C:\Program Files\MusicBrainz Picard\picard.exe"="C:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled

icard"
"C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\ONWIND\ZU-ONLINE\BT_Update.exe"="C:\Program Files\ONWIND\ZU-ONLINE\BT_Update.exe:*:Enabled:BT_Update"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe"="C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled

ando Application"
"C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\Chocolate Ball 2007\New 2008\CabalTemp\ESTSetupLoader.exe"="C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\Chocolate Ball 2007\New 2008\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled

MSRegisterFile"
"C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaManager\PMSManager.exe:*:Enabled

MSManager"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\InterVideo\DVD8\WinDVD.exe"="C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Dreamlords\dreamlords.exe"="C:\Program Files\Dreamlords\dreamlords.exe:*:Enabled

reamlords Game Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe"="C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Enabled

andoRest Application Name"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:CurseClient"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled

xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-27 15:26:15 ----D---- C:\rsit
2008-11-26 14:38:11 ----D---- C:\WINDOWS\system32\zh_temp
2008-11-26 11:57:18 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\java.exe
2008-11-25 22:21:21 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-25 22:13:23 ----D---- C:\Program Files\AskBarDis
2008-11-25 22:13:14 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\Foxit
2008-11-25 22:13:13 ----D---- C:\Program Files\Foxit Software
2008-11-25 21:56:09 ----D---- C:\Program Files\Trend Micro
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\o4Patch.exe
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\IEDFix.exe
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2008-11-25 19:20:28 ----A---- C:\WINDOWS\system32\404Fix.exe
2008-11-25 18:21:27 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-11-25 18:19:43 ----D---- C:\Program Files\McAfee.com
2008-11-25 18:19:39 ----D---- C:\Program Files\Common Files\McAfee
2008-11-25 18:19:33 ----D---- C:\Program Files\McAfee
2008-11-25 17:38:27 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\Sunbelt
2008-11-25 17:38:23 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2008-11-25 17:38:11 ----D---- C:\Program Files\Sunbelt Software
2008-11-24 17:07:18 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-11-24 17:07:17 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-24 17:07:17 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-24 17:07:17 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-24 11:28:55 ----D---- C:\Program Files\SiteAdvisor
2008-11-24 11:28:54 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\SiteAdvisor
2008-11-23 13:01:08 ----D---- C:\Documents and Settings\All Users\Application Data\PCSettings
2008-11-23 12:59:46 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-11-23 12:59:42 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-23 12:09:09 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-11-11 18:29:25 ----D---- C:\Program Files\World of Warcraft
2008-11-08 12:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-08 12:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-08 12:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-08 12:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-08 12:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-08 12:47:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-08 12:46:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-08 12:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-08 12:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954156_WM9L$
2008-11-08 12:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-08 12:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-08 12:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-08 12:38:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-08 12:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-08 12:37:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-08 10:13:44 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-28 16:28:12 ----A---- C:\WINDOWS\system32\sbbd.exe

======List of files/folders modified in the last 1 months======

2008-11-27 15:25:26 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 15:00:00 ----A---- C:\Documents and Settings\Habitat Productions\Application Data\alarms.ini
2008-11-27 14:43:42 ----A---- C:\Documents and Settings\Habitat Productions\Application Data\AtomicAlarmClock.ini
2008-11-27 12:29:07 ----D---- C:\WINDOWS\Temp
2008-11-27 12:02:01 ----D---- C:\Program Files\DC++
2008-11-27 10:53:35 ----D---- C:\WINDOWS\Prefetch
2008-11-27 10:40:00 ----D---- C:\WINDOWS
2008-11-27 10:39:50 ----D---- C:\Program Files\dl_cats
2008-11-26 19:16:21 ----D---- C:\WINDOWS\system32
2008-11-26 19:16:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 19:06:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 19:06:03 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 14:24:44 ----SHD---- C:\System Volume Information
2008-11-26 14:24:44 ----D---- C:\WINDOWS\system32\Restore
2008-11-26 12:24:59 ----RD---- C:\Program Files
2008-11-26 12:11:03 ----RSH---- C:\boot.ini
2008-11-26 12:11:03 ----A---- C:\WINDOWS\win.ini
2008-11-26 12:11:02 ----A---- C:\WINDOWS\system.ini
2008-11-25 22:21:27 ----SHD---- C:\WINDOWS\Installer
2008-11-25 22:21:26 ----HD---- C:\Config.Msi
2008-11-25 22:21:03 ----D---- C:\Program Files\Java
2008-11-25 22:12:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-25 22:12:22 ----D---- C:\Program Files\Common Files\Adobe
2008-11-25 19:28:16 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-25 19:23:12 ----A---- C:\rapport.txt
2008-11-25 19:21:09 ----D---- C:\Program Files\Google
2008-11-25 19:21:06 ----A---- C:\WINDOWS\system32\tmp.txt
2008-11-25 19:01:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-25 19:01:06 ----HD---- C:\WINDOWS\inf
2008-11-25 18:27:21 ----D---- C:\Program Files\Common Files
2008-11-25 18:22:36 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-25 18:21:04 ----D---- C:\WINDOWS\system32\drivers
2008-11-25 18:20:02 ----SD---- C:\WINDOWS\Tasks
2008-11-25 17:34:56 ----D---- C:\Program Files\LimeWire
2008-11-24 12:42:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 19:44:39 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\uTorrent
2008-11-23 17:32:06 ----D---- C:\Program Files\Trillian
2008-11-23 12:28:38 ----D---- C:\WINDOWS\system32\dllcache
2008-11-22 20:29:02 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\LimeWire
2008-11-22 20:25:43 ----D---- C:\Program Files\Folder Lock
2008-11-16 18:07:03 ----D---- C:\WINDOWS\Help
2008-11-11 21:05:03 ----D---- C:\Documents and Settings\Habitat Productions\Application Data\GetRightToGo
2008-11-11 18:30:54 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-08 12:59:15 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-08 12:48:12 ----A---- C:\WINDOWS\imsins.BAK
2008-11-08 12:48:11 ----D---- C:\Program Files\Messenger
2008-11-08 12:48:08 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-08 12:42:34 ----RSD---- C:\WINDOWS\assembly
2008-11-08 12:41:41 ----RSD---- C:\WINDOWS\Fonts
2008-11-08 12:41:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-08 12:38:42 ----D---- C:\WINDOWS\WinSxS
2008-11-08 10:13:44 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2008-09-12 13360]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2008-09-12 69168]
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-02-23 11264]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-04 143872]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-11-08 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-11-08 439680]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-11-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-11-08 143360]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-11-08 77824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-15 1096192]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-02-18 96256]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-11-08 114688]
R3 pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-12 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ai0gksy8;ai0gksy8; C:\WINDOWS\system32\drivers\ai0gksy8.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 CW100;CW100 Device; C:\WINDOWS\system32\DRIVERS\CW100.sys [2002-05-24 24092]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WideUSB;WideUSB Generic USB Bulk driver; C:\WINDOWS\System32\Drivers\WideUSB.sys [2005-11-18 18720]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-09-25 574808]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 dlcq_device;dlcq_device; C:\WINDOWS\system32\dlcqcoms.exe [2006-07-13 528384]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-25 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-12-11 358224]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 OpenCASE Media Agent;OpenCASE Media Agent; C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-29 835208]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SiteAdvisor Service;SiteAdvisor Service; C:\Program Files\SiteAdvisor\6172\SAService.exe [2008-11-24 341280]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 0044291227655211mcinstcleanup;McAfee Application Installer Cleanup (0044291227655211); C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 DNADownloader;DNADownloader; C:\Program Files\GameSpot\DownloadManager_Win32.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S2 MSSQL$PINNACLESYS;MSSQL$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [2005-05-04 9150464]
S2 PinnacleSys.MediaServer;Pinnacle Systems Media Service; c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe [2006-01-19 49152]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]
S2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]
S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-27 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-04 163840]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S3 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S3 SQLAgent$PINNACLESYS;SQLAgent$PINNACLESYS; C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE [2005-05-03 323584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

oldskooldw · Nov 27, 2008

RSIT Logs Part 2

Here is the other log...

info.txt logfile of random's system information tool 1.04 2008-11-27 15:27:36

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {4F3FCD41-AD1C-4EE8-9D5C-35DBA58BA060}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15E9BB4B-D88B-47DD-BB38-2DB5B8CD2CEB}\Setup.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbsoluteShield File Shredder-->"C:\WINDOWS\AbsoluteShield File Shredder\uninstall.exe" "/U:C:\Program Files\AbsoluteShield File Shredder\Uninstall\uninstall.xml"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Add/Remove Pro-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ADRMPRO2.INF, DefaultUninstall.ntx86
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Allok Video Joiner 3.5.0423-->"C:\Program Files\Allok Video Joiner\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atomic Alarm Clock 4.35-->"C:\Program Files\Atomic Alarm Clock\unins000.exe"
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Bandwidth Monitor-->"C:\Program Files\Rokario\Bandwidth Monitor\unins000.exe"
BIAS SoundSoap PE 2.1-->MsiExec.exe /I{42442CA9-90E6-4011-BB55-7C263F6D5EC1}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Business Complete Care Services Agreement-->MsiExec.exe /X{64658686-0CD4-4CF6-983D-0A6BE32007DB}
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Click-N-Type-->MsiExec.exe /X{7BA0B036-5AA6-43FF-A7EF-B0BC16411A90}
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Company of Heroes Single Player Demo-->MsiExec.exe /X{6EA45FAC-6F5F-43EE-87D7-4688AF9E2F07}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Corel Photo Album 6-->MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Curse Client-->C:\Program Files\Curse\uninstall.exe
CWPv3-->C:\Program Files\Activision\Bridge Commander\Uninstal.exe
DC++ 0.707-->"C:\Program Files\DC++\uninstall.exe"
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 966-->C:\Program Files\Dell Photo AIO Printer 966\Install\x86\Uninst.exe
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DISC TITLE PRINTER for CW-100-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79C8CC21-6384-47E4-BEAB-2550066ED65B}\Setup.exe" -uninst anything
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD X Copy Platinum 5.0.0-->"C:\Program Files\DVDXCopyInternational\Platinum\uninstall.exe"
DVDFab Platinum 3.0.3.3 Beta Ghosthunter Release-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~2\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Element WoW Launcher v1.2-->MsiExec.exe /X{0D218D32-B021-49F0-A743-288F84963EA2}
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0622-->"C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
Folder Lock-->C:\Program Files\Folder Lock\Uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iPod Reset Utility-->MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Pro 9.01 - (9.0.1.1)-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Magelo Sync (uninstall only)-->"C:\Program Files\Magelo\Magelo Sync\UnInstall.exe"
MagicDisc 2.6.93-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MediaMonkey 2.5-->"C:\Program Files\MediaMonkey\unins000.exe"
Memorex exPressit Label Design Studio-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
MemoriesOnTV 4.0.4-->"C:\Program Files\MemoriesOnTV4\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Morpheus Toolbar-->rundll32 C:\PROGRA~1\MORPHE~2\bar\1.bin\MorphBar.dll,O
MotionArtist 4-->C:\WINDOWS\unvise32.exe C:\Program Files\e frontier\MotionArtist 4\uninstal.log
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
musicshake-->MsiExec.exe /I{1329C4EB-88EC-4D76-82A2-945EAF281D81}
NBC Direct Beta-->MsiExec.exe /I{7A647B7A-9FE7-44A2-9041-C04528D44EB9}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenCASE Media Agent-->MsiExec.exe /I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PenScanner Twain Driver-->C:\PROGRA~1\PenTwain\UNWISE.EXE C:\PROGRA~1\PenTwain\INSTALL.LOG
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Pinnacle MediaServer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{460CE8B9-6EC2-458A-90D4-691631ECE9D9}\setup.exe" -l0x9 UNINSTALL
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
QuickVerse 2007-->C:\PROGRA~1\QUICKV~1\QVUninst.exe
Real Alternative 1.51-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Red Eye Remover 2.0-->"C:\Program Files\Red Eye Remover\unins000.exe"
Red Eye Remover Pro 1.2-->"C:\Program Files\Red Eye Remover Pro\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
Roxio Disc Gallery-->MsiExec.exe /I{3E67A8DA-FE7B-4160-8465-F5571EA18753}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio MediaShare-->MsiExec.exe /I{9A9A1828-31D1-4590-A99F-022B7237AFAE}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sam and Max - Season Two - Sam and Max Episode 201 - Ice Station Santa-->C:\Program Files\Telltale Games\Sam and Max - Season Two\Uninstall Episode 201 - Ice Station Santa.exe
Sam and Max - Season Two - Sam and Max Episode 202 - Moai Better Blues-->C:\Program Files\Telltale Games\Sam and Max - Season Two\Uninstall Episode 202 - Moai Better Blues.exe
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~2\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Advanced Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
Sounds Best On Sound Blaster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15E9BB4B-D88B-47DD-BB38-2DB5B8CD2CEB}\Setup.EXE" -l0x9 /remove
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPOREsetup.exe" -runfromtemp -l0x0009 -removeonly
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TiVoToGo Playback Filter-->MsiExec.exe /I{2B7A795D-3250-4331-A33D-9F6DD6A3F659}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Ulead DVD MovieFactory 6-->C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Ulead MediaStudio Pro 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6E71574-2126-4E95-816E-32B2411C94BA}\setup.exe" -l0x9
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
ULTRA 2 Program Files-->MsiExec.exe /I{6CC9B4FB-161D-4330-97C3-9D48CA5FD106}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
UseNeXT-->"C:\Program Files\UseNeXT\unins001.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoCharge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{613EA65C-E570-4BE0-B26F-1EDF2536B3EA}\Setup.exe" -u
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VideoReDo TVSuite Version 3.1.5.565-->"C:\Program Files\VideoReDoTVSuite\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Web Photo Album 1.1-->"C:\Program Files\Web Photo Album\unins000.exe"
WinAVI Video Converter 9.0-->"C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Local Add-in for Microsoft Office Outlook-->MsiExec.exe /I{671CB656-DCED-4C30-90AD-CA75CB5C7BAA}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

Hosts File Missing

Blade81 · Nov 27, 2008

Hi again,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Azureus Vuze
Morpheus Toolbar
UseNeXT

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\Azureus
C:\Program Files\MorpheusBar
C:\Program Files\UseNeXT
C:\Program Files\LimeWire
C:\Program Files\iMesh Applications
C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\emulev0.47a-MorphXTv8.9-bin
C:\Program Files\Kazaa Lite Resurrection
C:\Program Files\K-Lite
C:\Program Files\eMule
C:\Program Files\Morpheus Ultra
C:\Program Files\Morpheus
C:\Program Files\BearShare Applications
C:\Program Files\Azureus
C:\Program Files\DC++
C:\Program Files\uTorrent
C:\Documents and Settings\Habitat Productions\Application Data\uTorrent
C:\Documents and Settings\Habitat Productions\Application Data\LimeWire

and files:
C:\Documents and Settings\Habitat Productions\My Documents\Habitat Productions\utorrent.exe

Empty Recycle Bin.

Uninstall also following old Java versions:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7

After that:

Download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)

Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

oldskooldw · Nov 27, 2008

here is the LopS&D log

here it is...

and my Java is up to date...

and yes, I am a bit of a pirate but this virus/malware is reason enough to curb that...

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 1.1.3
USER : Habitat Productions ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Not Activated)
Firewall : McAfee Personal Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:926 Go (Free:450 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:1917 Mo (Free:1 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
L:\ (USB)
M:\ (USB)
P:\ (USB) - FAT32 - Total:28507 Mo (Free:18 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Thu 11/27/2008|17:18 )

--------------------\\ Listing folders in APPLIC~1

[10/22/2006|04:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[10/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[11/25/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/06/2007|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 YPack Trial
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/21/2006|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/21/2006|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/08/2007|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/09/2006|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/07/2007|04:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[10/14/2008|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard
[01/26/2007|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[06/21/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[08/10/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[10/22/2006|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[01/26/2007|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DellFaxCtr
[12/27/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[10/01/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ExtendMedia
[08/11/2007|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[06/14/2008|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GoBit Games
[12/09/2006|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[05/16/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[10/22/2006|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[10/04/2008|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[10/06/2007|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/22/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/25/2008|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/09/2007|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[09/06/2007|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Media Center Programs
[01/26/2008|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/05/2007|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[11/25/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[05/12/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/01/2007|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[10/09/2007|03:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> part dead amok eggs
[10/12/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCSettings
[04/17/2008|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[12/12/2006|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle Studio
[06/25/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[01/29/2007|05:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QubeSoft
[02/17/2007|05:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[10/09/2007|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5
[08/05/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[05/31/2008|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/11/2004|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[01/20/2007|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[11/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[05/31/2008|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[05/29/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/12/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/25/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sunbelt
[07/29/2007|07:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[10/12/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/31/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[08/16/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/10/2006|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/09/2008|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[08/10/2007|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> wma five ante wait
[08/16/2008|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[08/09/2007|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YoGen

[10/22/2006|04:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/11/2004|05:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/25/2008|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[09/19/2007|02:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> .gaim
[08/08/2008|10:06] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> acccore
[01/05/2008|10:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Adobe
[12/13/2006|11:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> AdobeUM
[03/25/2008|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Apple Computer
[01/26/2008|03:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ArcSoft
[10/12/2008|09:18] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Azureus
[09/11/2008|06:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BearShare
[12/13/2007|02:01] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BNI Software
[08/29/2008|05:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BWMeterPro
[04/23/2007|10:37] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[02/27/2007|02:49] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars Demo
[08/23/2008|12:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel
[12/10/2006|01:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel Photo Album
[12/30/2006|05:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Creative
[01/27/2007|09:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DellFaxCtr
[06/21/2008|04:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Dreamlords
[07/16/2008|01:44] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DVD Flick
[11/01/2007|03:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> dvdcss
[05/28/2008|08:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> e frontier
[10/06/2007|09:20] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Exit Poke
[09/26/2007|07:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Folder Guard
[11/25/2008|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Foxit
[03/12/2008|08:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GarageGames
[11/11/2008|09:05] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GetRightToGo
[02/13/2007|12:40] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Help
[08/11/2004|05:20] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Identities
[02/13/2007|02:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ImgBurn
[12/10/2006|05:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> IMVU
[12/12/2006|06:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InstallShield
[06/01/2008|10:51] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InterVideo
[04/03/2007|06:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Kazaa Lite
[12/09/2006|05:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lavasoft
[12/12/2006|01:12] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Leadertech
[11/22/2008|08:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> LimeWire
[09/24/2007|07:04] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lionhead Studios
[05/28/2008|08:03] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lost Marble
[12/22/2006|02:47] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> LucasArts
[01/29/2007|06:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Macromedia
[08/22/2008|11:32] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Malwarebytes
[02/19/2007|12:17] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Media Player Classic
[10/14/2008|10:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Microsoft
[10/04/2008|07:48] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Move Networks
[06/17/2008|05:18] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Mozilla
[01/13/2007|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NCH Swift Sound
[05/01/2007|04:14] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Netscape
[08/20/2007|01:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NewsLeecher
[05/01/2007|04:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Photodex
[04/20/2008|09:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> proDAD
[11/04/2007|08:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Publish Providers
[09/03/2007|03:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> QuickVerse11
[08/24/2007|11:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Real
[12/14/2006|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|07:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G5
[08/30/2008|10:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Rokario
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Roxio
[08/07/2007|05:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ScanSoft
[04/16/2007|04:00] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SecuROM
[11/24/2008|06:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SiteAdvisor
[07/01/2008|03:30] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Skype
[07/01/2008|03:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> skypePM
[04/19/2008|02:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Snapfish
[02/13/2007|06:26] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sonic
[11/04/2007|08:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sony
[09/12/2008|02:33] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SPORE
[12/20/2006|11:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sun
[11/25/2008|05:38] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sunbelt
[02/23/2008|03:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SystemRequirementsLab
[12/09/2006|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Talkback
[02/23/2008|02:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Turbine
[07/29/2008|05:15] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> U3
[08/14/2007|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ulead Systems
[12/29/2007|04:26] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> UseNeXT
[11/23/2008|07:44] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> uTorrent
[01/27/2008|03:57] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ventrilo
[09/17/2008|12:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> VideoReDo-TVSuite
[09/18/2007|12:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Viewpoint
[12/10/2006|08:59] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> vlc
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Vso
[09/19/2008|11:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> yahoo!

[06/01/2008|05:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX
[07/30/2007|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/31/2008|09:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[11/25/2008|01:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore
[11/24/2008|11:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SiteAdvisor

[11/25/2008|05:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/24/2008 12:00 PM][--a------] C:\WINDOWS\tasks\SpyHunter Scanner.job
[11/27/2008 05:00 PM][--ah-----] C:\WINDOWS\tasks\82E372E29D5CE662.job
[11/25/2008 12:07 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/26/2008 07:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( 82E372E29D5CE662.job )=( c:\docume~1\habita~1\applic~1\exitpo~1\softrealspam.exe )

--------------------\\ Listing Folders in C:\Program Files

[03/21/2008|01:42] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[12/14/2007|03:41] C:\Program Files\<DIR> ABInvoice
[11/21/2007|10:25] C:\Program Files\<DIR> Absolute Video Converter
[12/01/2007|08:39] C:\Program Files\<DIR> Absolute Video Splitter Joiner
[10/13/2007|10:02] C:\Program Files\<DIR> AbsoluteShield File Shredder
[01/05/2008|11:43] C:\Program Files\<DIR> Acclaim
[09/01/2007|04:32] C:\Program Files\<DIR> Activision
[01/31/2007|09:03] C:\Program Files\<DIR> Add Remove Pro
[02/24/2008|05:19] C:\Program Files\<DIR> Adobe
[08/08/2008|10:04] C:\Program Files\<DIR> AIM Search
[08/16/2008|11:44] C:\Program Files\<DIR> AIM6
[08/14/2008|11:54] C:\Program Files\<DIR> Alex Feinman
[06/18/2008|06:58] C:\Program Files\<DIR> Allok Video Joiner
[06/04/2008|04:20] C:\Program Files\<DIR> Anim-FX
[08/08/2008|10:04] C:\Program Files\<DIR> AOL
[08/06/2008|10:32] C:\Program Files\<DIR> Apple Software Update
[09/22/2007|07:48] C:\Program Files\<DIR> Arial CD Ripper
[11/25/2008|10:13] C:\Program Files\<DIR> AskBarDis
[10/12/2008|12:10] C:\Program Files\<DIR> Atomic Alarm Clock
[05/21/2007|04:32] C:\Program Files\<DIR> AV Vcs 4.0 DIAMOND
[09/04/2007|04:14] C:\Program Files\<DIR> BAE
[10/04/2007|06:12] C:\Program Files\<DIR> BC-Mod Installer .NET
[04/22/2008|12:47] C:\Program Files\<DIR> BIAS
[10/04/2007|06:12] C:\Program Files\<DIR> BitComet
[06/15/2008|05:33] C:\Program Files\<DIR> BlackIsle
[09/10/2008|07:15] C:\Program Files\<DIR> Bonjour
[10/22/2006|04:26] C:\Program Files\<DIR> Broadcom
[03/04/2007|04:17] C:\Program Files\<DIR> CASIO
[08/17/2007|10:45] C:\Program Files\<DIR> CDisplay
[03/23/2008|04:26] C:\Program Files\<DIR> City of Heroes
[01/16/2008|10:01] C:\Program Files\<DIR> Click-N-Type
[02/03/2008|06:34] C:\Program Files\<DIR> Codebox
[09/13/2008|02:19] C:\Program Files\<DIR> Codec Pack - All In 1
[01/20/2008|03:50] C:\Program Files\<DIR> Codemasters
[07/29/2007|07:11] C:\Program Files\<DIR> Comcast
[11/25/2008|06:27] C:\Program Files\<DIR> Common Files
[08/11/2004|05:12] C:\Program Files\<DIR> ComPlus Applications
[12/05/2007|05:54] C:\Program Files\<DIR> Cool CD Ripper
[08/23/2008|12:52] C:\Program Files\<DIR> Corel
[10/22/2006|04:30] C:\Program Files\<DIR> Corel Corporation
[04/28/2007|05:52] C:\Program Files\<DIR> Creative
[10/03/2008|12:29] C:\Program Files\<DIR> Curse
[12/12/2006|01:17] C:\Program Files\<DIR> DAEMON Tools
[01/26/2007|05:06] C:\Program Files\<DIR> Dell
[01/26/2007|05:05] C:\Program Files\<DIR> Dell PC Fax
[01/26/2007|05:11] C:\Program Files\<DIR> Dell Photo AIO Printer 966
[11/16/2007|01:42] C:\Program Files\<DIR> DIFX
[09/13/2008|01:25] C:\Program Files\<DIR> DirectVobSub
[03/13/2008|02:42] C:\Program Files\<DIR> Disney
[09/13/2008|01:24] C:\Program Files\<DIR> DivX
[11/27/2008|10:39] C:\Program Files\<DIR> dl_cats
[06/15/2008|05:30] C:\Program Files\<DIR> DOSBox-0.72
[12/28/2006|05:56] C:\Program Files\<DIR> DVD Decrypter
[02/13/2007|01:31] C:\Program Files\<DIR> DVD Flick
[01/14/2007|07:27] C:\Program Files\<DIR> DVD Shrink
[03/13/2007|02:41] C:\Program Files\<DIR> DVDFab Platinum 3
[02/12/2007|08:58] C:\Program Files\<DIR> DVDlabPro2
[12/24/2006|02:50] C:\Program Files\<DIR> DVDXCopyInternational
[05/28/2008|08:35] C:\Program Files\<DIR> e frontier
[06/17/2008|05:55] C:\Program Files\<DIR> Electronic Arts
[10/12/2008|02:54] C:\Program Files\<DIR> Enigma Software Group
[10/04/2007|09:44] C:\Program Files\<DIR> Exit Poke
[08/28/2007|09:32] C:\Program Files\<DIR> File And MP3 Tag Renamer
[11/24/2008|05:07] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[07/18/2008|06:03] C:\Program Files\<DIR> FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[07/29/2007|03:56] C:\Program Files\<DIR> FocusSoft
[11/22/2008|08:25] C:\Program Files\<DIR> Folder Lock
[11/25/2008|10:13] C:\Program Files\<DIR> Foxit Software
[09/22/2007|04:06] C:\Program Files\<DIR> FreeRIP3
[02/18/2008|11:27] C:\Program Files\<DIR> Funcom
[09/06/2007|04:09] C:\Program Files\<DIR> Games
[09/24/2007|11:57] C:\Program Files\<DIR> GameSpot
[09/16/2007|05:18] C:\Program Files\<DIR> GameSpy Arcade
[07/19/2008|05:40] C:\Program Files\<DIR> GetFLV
[11/25/2008|07:21] C:\Program Files\<DIR> Google
[05/16/2008|03:07] C:\Program Files\<DIR> Hewlett-Packard
[06/23/2008|10:52] C:\Program Files\<DIR> HP
[05/27/2008|06:18] C:\Program Files\<DIR> ImTOO
[09/10/2008|09:02] C:\Program Files\<DIR> InstallShield Installation Information
[05/30/2008|09:23] C:\Program Files\<DIR> InterActual
[08/22/2008|09:48] C:\Program Files\<DIR> Internet Explorer
[05/31/2008|08:37] C:\Program Files\<DIR> InterVideo
[05/31/2008|08:39] C:\Program Files\<DIR> InterVideo Information Service
[10/07/2008|11:13] C:\Program Files\<DIR> iPod
[06/04/2007|06:23] C:\Program Files\<DIR> Irrational Games
[10/07/2008|11:13] C:\Program Files\<DIR> iTunes
[12/27/2006|11:23] C:\Program Files\<DIR> Jasc Software Inc
[11/25/2008|10:21] C:\Program Files\<DIR> Java
[08/23/2008|05:39] C:\Program Files\<DIR> JRTwine Software
[10/06/2007|09:15] C:\Program Files\<DIR> Lavasoft
[12/09/2006|08:31] C:\Program Files\<DIR> Lionhead Studios Ltd
[12/22/2006|02:43] C:\Program Files\<DIR> LucasArts
[02/03/2008|10:20] C:\Program Files\<DIR> LucasFan Games
[06/20/2008|04:59] C:\Program Files\<DIR> Magelo
[05/28/2008|04:31] C:\Program Files\<DIR> MagicDisc
[11/24/2008|12:42] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/25/2008|06:36] C:\Program Files\<DIR> McAfee
[11/25/2008|06:19] C:\Program Files\<DIR> McAfee.com
[02/17/2007|05:28] C:\Program Files\<DIR> Media Player Classic
[09/23/2007|06:30] C:\Program Files\<DIR> MediaMonkey
[05/25/2008|09:12] C:\Program Files\<DIR> Memorex exPressit Label Design Studio
[06/04/2008|03:06] C:\Program Files\<DIR> MemoriesOnTV4
[11/08/2008|12:48] C:\Program Files\<DIR> Messenger
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft ActiveSync
[08/11/2004|05:15] C:\Program Files\<DIR> microsoft frontpage
[10/06/2007|07:40] C:\Program Files\<DIR> Microsoft Games
[01/01/2007|04:54] C:\Program Files\<DIR> Microsoft Location Finder
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft Office
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[11/08/2008|12:59] C:\Program Files\<DIR> Microsoft Silverlight
[12/12/2006|05:50] C:\Program Files\<DIR> Microsoft SQL Server
[12/12/2006|06:05] C:\Program Files\<DIR> Microsoft.NET
[11/24/2008|05:07] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[10/12/2008|12:10] C:\Program Files\<DIR> MorpheusBar
[08/11/2004|05:12] C:\Program Files\<DIR> Movie Maker
[11/27/2008|03:25] C:\Program Files\<DIR> Mozilla Firefox
[08/09/2008|09:45] C:\Program Files\<DIR> MSN
[08/11/2004|05:11] C:\Program Files\<DIR> MSN Gaming Zone
[12/09/2006|05:14] C:\Program Files\<DIR> MSXML 4.0
[11/03/2007|08:38] C:\Program Files\<DIR> MSXML 6.0
[12/25/2006|08:00] C:\Program Files\<DIR> MUSICMATCH
[08/19/2007|08:50] C:\Program Files\<DIR> MyVideoConverter
[10/01/2008|12:15] C:\Program Files\<DIR> NBC Direct Beta
[12/05/2007|05:50] C:\Program Files\<DIR> NCH Software
[12/05/2007|06:00] C:\Program Files\<DIR> NCH Swift Sound
[10/13/2007|04:39] C:\Program Files\<DIR> NCSOFT
[08/11/2004|05:12] C:\Program Files\<DIR> NetMeeting
[08/11/2004|05:11] C:\Program Files\<DIR> Online Services
[01/05/2008|05:43] C:\Program Files\<DIR> ONWIND
[02/23/2008|08:36] C:\Program Files\<DIR> OpenAL
[10/01/2008|12:13] C:\Program Files\<DIR> OpenCase
[12/11/2007|11:40] C:\Program Files\<DIR> Orb Networks
[06/15/2007|09:42] C:\Program Files\<DIR> Outlook Express
[01/20/2007|04:05] C:\Program Files\<DIR> PenTwain
[03/13/2008|03:45] C:\Program Files\<DIR> Photodex
[05/01/2007|04:14] C:\Program Files\<DIR> Photodex Presenter
[04/20/2008|09:40] C:\Program Files\<DIR> Pinnacle
[04/20/2008|09:41] C:\Program Files\<DIR> proDAD
[09/10/2008|07:14] C:\Program Files\<DIR> QuickTime
[09/03/2007|03:11] C:\Program Files\<DIR> QuickVerse 2007
[07/30/2007|11:07] C:\Program Files\<DIR> Real
[02/17/2007|05:28] C:\Program Files\<DIR> Real Alternative
[05/04/2008|03:33] C:\Program Files\<DIR> Red Eye Remover
[08/23/2008|02:43] C:\Program Files\<DIR> Red Eye Remover Pro
[07/19/2008|03:58] C:\Program Files\<DIR> Replay Converter
[07/19/2008|04:04] C:\Program Files\<DIR> Replay Media Catcher
[10/09/2007|04:27] C:\Program Files\<DIR> River Past
[08/30/2008|10:08] C:\Program Files\<DIR> Rokario
[05/29/2008|06:29] C:\Program Files\<DIR> Roxio
[07/09/2008|10:34] C:\Program Files\<DIR> Safari
[01/20/2007|04:08] C:\Program Files\<DIR> ScanSoft
[11/24/2008|05:07] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[10/11/2007|11:01] C:\Program Files\<DIR> Serious Magic
[04/03/2007|06:20] C:\Program Files\<DIR> Shareaza
[08/05/2007|03:04] C:\Program Files\<DIR> Siber Systems
[11/01/2007|06:22] C:\Program Files\<DIR> SilentMusicBand
[11/24/2008|11:29] C:\Program Files\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\Program Files\<DIR> Skype
[12/12/2006|05:47] C:\Program Files\<DIR> SmartSound Software
[02/13/2007|06:25] C:\Program Files\<DIR> Sonic
[09/30/2008|06:34] C:\Program Files\<DIR> Sony
[10/11/2008|01:23] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/12/2008|12:20] C:\Program Files\<DIR> SpyNoMore
[06/04/2007|03:11] C:\Program Files\<DIR> Summitsoft
[07/09/2008|09:54] C:\Program Files\<DIR> Sun
[11/25/2008|05:38] C:\Program Files\<DIR> Sunbelt Software
[02/13/2007|12:15] C:\Program Files\<DIR> Super DVD Creator 9.25.0
[02/24/2008|05:31] C:\Program Files\<DIR> Sword of The New World
[02/23/2008|03:45] C:\Program Files\<DIR> SystemRequirementsLab
[11/24/2008|05:07] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[12/16/2007|04:29] C:\Program Files\<DIR> Telltale Games
[11/18/2007|12:38] C:\Program Files\<DIR> THQ
[09/13/2008|03:20] C:\Program Files\<DIR> Tivo Decoder
[09/13/2008|03:22] C:\Program Files\<DIR> TiVoToGo Filter
[11/19/2007|02:48] C:\Program Files\<DIR> Total Video Converter
[11/25/2008|09:56] C:\Program Files\<DIR> Trend Micro
[11/23/2008|05:32] C:\Program Files\<DIR> Trillian
[02/23/2008|02:24] C:\Program Files\<DIR> Turbine
[06/04/2008|03:56] C:\Program Files\<DIR> Ulead Systems
[11/22/2007|10:45] C:\Program Files\<DIR> Ultimate Nullifier
[08/11/2004|05:20] C:\Program Files\<DIR> Uninstall Information
[01/27/2008|03:51] C:\Program Files\<DIR> Ventrilo
[01/05/2008|03:59] C:\Program Files\<DIR> VestGame
[06/18/2008|08:09] C:\Program Files\<DIR> VideoCharge Software
[12/10/2006|08:48] C:\Program Files\<DIR> VideoLAN
[09/13/2008|04:51] C:\Program Files\<DIR> VideoReDoTVSuite
[08/08/2008|10:04] C:\Program Files\<DIR> Viewpoint
[02/10/2007|03:52] C:\Program Files\<DIR> Virtools
[03/15/2008|08:37] C:\Program Files\<DIR> Warcraft III
[08/23/2008|02:43] C:\Program Files\<DIR> Web Photo Album
[04/23/2008|07:54] C:\Program Files\<DIR> Winamp
[12/13/2007|11:54] C:\Program Files\<DIR> WinAVI Video Converter 9.0
[08/09/2008|09:36] C:\Program Files\<DIR> Windows Live
[01/01/2007|04:51] C:\Program Files\<DIR> Windows Live Local for Outlook
[12/16/2006|08:26] C:\Program Files\<DIR> Windows Media Components
[12/10/2006|07:22] C:\Program Files\<DIR> Windows Media Connect 2
[03/05/2008|04:22] C:\Program Files\<DIR> Windows Media Player
[08/11/2004|05:11] C:\Program Files\<DIR> Windows NT
[08/11/2004|05:13] C:\Program Files\<DIR> WindowsUpdate
[12/10/2006|12:40] C:\Program Files\<DIR> WinRAR
[11/13/2008|04:42] C:\Program Files\<DIR> World of Warcraft
[08/11/2004|05:15] C:\Program Files\<DIR> xerox
[08/17/2008|12:58] C:\Program Files\<DIR> Yahoo!
[12/16/2007|01:57] C:\Program Files\<DIR> Zlurp!
[09/13/2008|04:21] C:\Program Files\<DIR> Zoom Player
[09/22/2007|07:06] C:\Program Files\<DIR> Zortam Mp3 Media Studio

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/25/2008|10:12] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2008|11:43] C:\Program Files\Common Files\<DIR> AOL
[09/10/2008|07:14] C:\Program Files\Common Files\<DIR> Apple
[11/11/2008|06:30] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[08/23/2008|12:53] C:\Program Files\Common Files\<DIR> Corel
[12/12/2006|06:06] C:\Program Files\Common Files\<DIR> DESIGNER
[10/11/2008|03:04] C:\Program Files\Common Files\<DIR> Download Manager
[10/04/2007|06:12] C:\Program Files\Common Files\<DIR> GTK
[05/16/2008|03:06] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[05/16/2008|03:08] C:\Program Files\Common Files\<DIR> HP
[03/23/2008|12:12] C:\Program Files\Common Files\<DIR> INCA Shared
[01/20/2007|03:42] C:\Program Files\Common Files\<DIR> InstallShield
[10/22/2006|04:36] C:\Program Files\Common Files\<DIR> InstallShieldx
[05/31/2008|08:38] C:\Program Files\Common Files\<DIR> InterVideo
[08/10/2008|06:13] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[10/22/2006|04:21] C:\Program Files\Common Files\<DIR> Java
[05/31/2008|07:51] C:\Program Files\Common Files\<DIR> LightScribe
[08/27/2007|04:26] C:\Program Files\Common Files\<DIR> Macrovision Shared
[02/13/2007|12:38] C:\Program Files\Common Files\<DIR> MAGIX Shared
[11/25/2008|06:20] C:\Program Files\Common Files\<DIR> McAfee
[11/08/2008|12:41] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> MSSoap
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> Real
[09/22/2007|07:56] C:\Program Files\Common Files\<DIR> River Past
[05/29/2008|06:27] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/20/2007|04:08] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> Services
[04/02/2008|02:43] C:\Program Files\Common Files\<DIR> Skype
[05/29/2008|06:29] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/14/2007|10:07] C:\Program Files\Common Files\<DIR> SONY Digital Images
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[07/29/2007|07:11] C:\Program Files\Common Files\<DIR> supportsoft
[05/25/2008|09:10] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/15/2007|09:42] C:\Program Files\Common Files\<DIR> System
[10/14/2008|09:59] C:\Program Files\Common Files\<DIR> TiVo Shared
[02/09/2007|05:04] C:\Program Files\Common Files\<DIR> Totem Shared
[05/31/2008|08:39] C:\Program Files\Common Files\<DIR> Ulead
[04/09/2008|07:40] C:\Program Files\Common Files\<DIR> Ulead Systems
[08/09/2008|09:34] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[09/13/2008|11:22] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Searching with S_Lop

C:\DOCUME~1\HABITA~1\APPLIC~1\EXITPO~1

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\HABITA~1\APPLIC~1\exitpo~1
C:\Program Files\exitpo~1
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsc320.tmp
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsl1512.tmp
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsl1BE.tmp
C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\nsu3776.tmp
C:\WINDOWS\Tasks\82E372E29D5CE662.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Gplwarnford]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\HABITA~1\\APPLIC~1\\EXITPO~1\\about peak.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"birdfree"="C:\\DOCUME~1\\HABITA~1\\APPLIC~1\\EXITPO~1\\about peak.exe"
"birdfree"="C:\\DOCUME~1\\HABITA~1\\APPLIC~1\\EXITPO~1\\about peak.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 17:19:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
==> WAREOUT <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 2 for crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\AutoRunPro1\Crack
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip\AltoMP3 Gold.exe
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip\war3.exe
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip\worldedit.exe
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 2 for crack.zip\SamMax201.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Corel Paint Shop Pro Photo X2\Crack
C:\DOCUME~1\HABITA~1\My Documents\Comics\Corel Paint Shop Pro Photo X2\Crack\Corel Paint Shop Pro Photo.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\ImTOO CD Ripper v1.0.33.922 keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen\ADBEPHSPCS3.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen\ssg.nfo
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1\MemoriesOnTV Clipshow Package Vol.1\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1.1\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Memories_On_TV_Pro_v4.0.3\keygen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Memories_On_TV_Pro_v4.0.3\keygen\keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Memories_On_TV_Pro_v4.0.3\keygen\Leer.txt
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack\Readme.txt
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack

[F:868][D:1284]-> C:\DOCUME~1\HABITA~1\LOCALS~1\Temp
[F:128][D:0]-> C:\DOCUME~1\HABITA~1\Cookies
[F:1587][D:8]-> C:\DOCUME~1\HABITA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 11/27/2008|17:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 11/27/2008|17:19 - Option : [1]

--------------------\\ Scan completed at 17:19:34

Blade81 · Nov 28, 2008

Hi

and yes, I am a bit of a pirate but this virus/malware is reason enough to curb that...

I really hope you stop pirating cos if you don't it won't take long to get infected again and that time you may not be helped.

Delete following folders:
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
C:\DOCUME~1\HABITA~1\APPLIC~1\Azureus
C:\DOCUME~1\HABITA~1\APPLIC~1\BearShare
C:\DOCUME~1\HABITA~1\APPLIC~1\Kazaa Lite
C:\DOCUME~1\HABITA~1\APPLIC~1\LimeWire
C:\DOCUME~1\HABITA~1\APPLIC~1\UseNeXT
C:\DOCUME~1\HABITA~1\APPLIC~1\uTorrent
C:\Program Files\MorpheusBar
C:\Program Files\Shareaza
C:\DOCUME~1\HABITA~1\Local Settings\Temp\AutoRunPro1
C:\DOCUME~1\HABITA~1\My Documents\Comics\Corel Paint Shop Pro Photo X2
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Adobe Photoshop CS3 Extended v10.0.0 with Volume License Keygen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\Ulead VideoStudio Plus 11.5 + Keygen & Dolby Digital PowerPack
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][www.DivxTotaL.com]\Extras\MemoriesOnTV Clipshow Package Vol.1.1
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][http://www.DivxTotaL.com]\Memories_O..._v4.0.3
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][http://www.DivxTotaL.com]\Memories_O...gen
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\MemoriesOnTV_v4[hamlet][http://www.DivxTotaL.com]\Memories_O...eygen

and files:
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for Crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 2 for crack.zip
C:\DOCUME~1\HABITA~1\Local Settings\Temp\Temporary Directory 1 for AltoMP3 Gold 5.06+Crack.zip\AltoMP3 Gold.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\ImTOO CD Ripper v1.0.33.922 keygen.exe
C:\DOCUME~1\HABITA~1\My Documents\Comics\Programs\keygen.exe

~ in folder name means that folder name is longer than 6 characters. For example DOCUME~1 is Documents And Settings.

Uninstall CiD Help thru add/remove programs.

Option 3: (Fix without Hosts file restore)

Double click LopSD.exe to start the program.

Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 3 to choose Option 3 (Fix - Hosts), then press Enter
Don't close the window during suppression!
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)

You seem to have Malwarebytes' Anti-Malware installed. Make sure it's up-to-date and then run full scan with it. Post back its report & a fresh hjt log. If you're using a router login to it and check DNS IP addresses there.

oldskooldw · Nov 28, 2008

OK, here are the things u need

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 1.1.3
USER : Habitat Productions ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
Firewall : McAfee Personal Firewall (Activated)
C:\ (Local Disk) - NTFS - Total:926 Go (Free:450 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:1917 Mo (Free:1 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
K:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
L:\ (USB)
M:\ (USB)
P:\ (USB) - FAT32 - Total:28507 Mo (Free:18 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( Fri 11/28/2008|11:59 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing folders in APPLIC~1

[10/22/2006|04:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[10/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[11/25/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/06/2007|07:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Age of Empires 3 YPack Trial
[08/08/2008|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/21/2006|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[12/21/2006|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/08/2007|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/09/2006|05:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/14/2008|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard
[01/26/2007|05:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> BVRP Software
[06/21/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[08/10/2008|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[10/22/2006|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[01/26/2007|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DellFaxCtr
[12/27/2007|10:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[10/01/2008|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ExtendMedia
[08/11/2007|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[06/14/2008|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GoBit Games
[12/09/2006|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[05/16/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[10/22/2006|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[10/04/2008|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InterVideo
[10/06/2007|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[08/22/2008|11:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/25/2008|06:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/09/2007|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[09/06/2007|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Media Center Programs
[01/26/2008|03:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[12/05/2007|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[11/25/2008|05:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Norton
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller
[05/12/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/01/2007|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[10/12/2008|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Tools
[11/23/2008|01:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PCSettings
[04/17/2008|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[12/12/2006|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle Studio
[06/25/2008|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[01/29/2007|05:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QubeSoft
[02/17/2007|05:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Real
[10/09/2007|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> River Past G5
[08/05/2007|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[05/31/2008|09:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/11/2004|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[01/20/2007|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ScanSoft
[11/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[05/31/2008|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SmartSound Software Inc
[05/29/2008|06:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[10/12/2008|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/25/2008|05:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sunbelt
[07/29/2007|07:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[10/12/2008|04:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/31/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems
[12/10/2006|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/09/2008|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[08/10/2007|03:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> wma five ante wait
[08/16/2008|05:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[08/09/2007|09:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YoGen

[10/22/2006|04:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Creative
[08/11/2004|05:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/11/2004|05:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/25/2008|10:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[09/19/2007|02:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> .gaim
[08/08/2008|10:06] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> acccore
[01/05/2008|10:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Adobe
[12/13/2006|11:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> AdobeUM
[03/25/2008|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Apple Computer
[01/26/2008|03:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ArcSoft
[12/13/2007|02:01] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BNI Software
[08/29/2008|05:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> BWMeterPro
[04/23/2007|10:37] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars
[02/27/2007|02:49] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Command & Conquer 3 Tiberium Wars Demo
[08/23/2008|12:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel
[12/10/2006|01:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Corel Photo Album
[12/30/2006|05:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Creative
[01/27/2007|09:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DellFaxCtr
[06/21/2008|04:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Dreamlords
[07/16/2008|01:44] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> DVD Flick
[11/01/2007|03:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> dvdcss
[05/28/2008|08:36] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> e frontier
[09/26/2007|07:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Folder Guard
[11/25/2008|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Foxit
[03/12/2008|08:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GarageGames
[11/11/2008|09:05] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> GetRightToGo
[02/13/2007|12:40] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Help
[08/11/2004|05:20] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Identities
[02/13/2007|02:34] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ImgBurn
[12/10/2006|05:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> IMVU
[12/12/2006|06:22] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InstallShield
[06/01/2008|10:51] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> InterVideo
[12/09/2006|05:55] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lavasoft
[12/12/2006|01:12] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Leadertech
[09/24/2007|07:04] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lionhead Studios
[05/28/2008|08:03] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Lost Marble
[12/22/2006|02:47] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> LucasArts
[01/29/2007|06:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Macromedia
[08/22/2008|11:32] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Malwarebytes
[02/19/2007|12:17] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Media Player Classic
[10/14/2008|10:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Microsoft
[10/04/2008|07:48] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Move Networks
[06/17/2008|05:18] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Mozilla
[01/13/2007|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NCH Swift Sound
[05/01/2007|04:14] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Netscape
[08/20/2007|01:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> NewsLeecher
[05/01/2007|04:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Photodex
[04/20/2008|09:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> proDAD
[11/04/2007|08:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Publish Providers
[09/03/2007|03:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> QuickVerse11
[08/24/2007|11:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Real
[12/14/2006|07:58] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G4
[09/22/2007|07:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> River Past G5
[08/30/2008|10:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Rokario
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Roxio
[08/07/2007|05:43] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> ScanSoft
[04/16/2007|04:00] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SecuROM
[11/24/2008|06:21] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SiteAdvisor
[07/01/2008|03:30] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Skype
[07/01/2008|03:29] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> skypePM
[04/19/2008|02:56] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Snapfish
[02/13/2007|06:26] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sonic
[11/04/2007|08:50] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sony
[09/12/2008|02:33] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SPORE
[12/20/2006|11:11] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sun
[11/25/2008|05:38] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Sunbelt
[02/23/2008|03:45] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> SystemRequirementsLab
[12/09/2006|05:08] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Talkback
[02/23/2008|02:41] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Turbine
[07/29/2008|05:15] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> U3
[08/14/2007|10:13] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ulead Systems
[01/27/2008|03:57] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Ventrilo
[09/17/2008|12:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> VideoReDo-TVSuite
[12/10/2006|08:59] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> vlc
[05/31/2008|06:02] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> Vso
[09/19/2008|11:23] C:\DOCUME~1\HABITA~1\APPLIC~1\<DIR> yahoo!

[06/01/2008|05:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> DivX
[07/30/2007|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Identities
[11/25/2008|05:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/31/2008|09:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio
[11/25/2008|01:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore
[11/24/2008|11:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SiteAdvisor

[11/25/2008|05:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[11/25/2008 06:20 PM][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/24/2008 12:00 PM][--a------] C:\WINDOWS\tasks\SpyHunter Scanner.job
[11/25/2008 12:07 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/26/2008 07:11 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[03/21/2008|01:42] C:\Program Files\<DIR> Abbyy FineReader 6.0 Sprint
[12/14/2007|03:41] C:\Program Files\<DIR> ABInvoice
[11/21/2007|10:25] C:\Program Files\<DIR> Absolute Video Converter
[12/01/2007|08:39] C:\Program Files\<DIR> Absolute Video Splitter Joiner
[10/13/2007|10:02] C:\Program Files\<DIR> AbsoluteShield File Shredder
[01/05/2008|11:43] C:\Program Files\<DIR> Acclaim
[09/01/2007|04:32] C:\Program Files\<DIR> Activision
[01/31/2007|09:03] C:\Program Files\<DIR> Add Remove Pro
[02/24/2008|05:19] C:\Program Files\<DIR> Adobe
[08/08/2008|10:04] C:\Program Files\<DIR> AIM Search
[08/16/2008|11:44] C:\Program Files\<DIR> AIM6
[08/14/2008|11:54] C:\Program Files\<DIR> Alex Feinman
[06/18/2008|06:58] C:\Program Files\<DIR> Allok Video Joiner
[06/04/2008|04:20] C:\Program Files\<DIR> Anim-FX
[08/08/2008|10:04] C:\Program Files\<DIR> AOL
[08/06/2008|10:32] C:\Program Files\<DIR> Apple Software Update
[09/22/2007|07:48] C:\Program Files\<DIR> Arial CD Ripper
[11/25/2008|10:13] C:\Program Files\<DIR> AskBarDis
[10/12/2008|12:10] C:\Program Files\<DIR> Atomic Alarm Clock
[05/21/2007|04:32] C:\Program Files\<DIR> AV Vcs 4.0 DIAMOND
[09/04/2007|04:14] C:\Program Files\<DIR> BAE
[10/04/2007|06:12] C:\Program Files\<DIR> BC-Mod Installer .NET
[04/22/2008|12:47] C:\Program Files\<DIR> BIAS
[10/04/2007|06:12] C:\Program Files\<DIR> BitComet
[06/15/2008|05:33] C:\Program Files\<DIR> BlackIsle
[09/10/2008|07:15] C:\Program Files\<DIR> Bonjour
[10/22/2006|04:26] C:\Program Files\<DIR> Broadcom
[03/04/2007|04:17] C:\Program Files\<DIR> CASIO
[08/17/2007|10:45] C:\Program Files\<DIR> CDisplay
[03/23/2008|04:26] C:\Program Files\<DIR> City of Heroes
[01/16/2008|10:01] C:\Program Files\<DIR> Click-N-Type
[02/03/2008|06:34] C:\Program Files\<DIR> Codebox
[09/13/2008|02:19] C:\Program Files\<DIR> Codec Pack - All In 1
[01/20/2008|03:50] C:\Program Files\<DIR> Codemasters
[07/29/2007|07:11] C:\Program Files\<DIR> Comcast
[11/25/2008|06:27] C:\Program Files\<DIR> Common Files
[08/11/2004|05:12] C:\Program Files\<DIR> ComPlus Applications
[12/05/2007|05:54] C:\Program Files\<DIR> Cool CD Ripper
[08/23/2008|12:52] C:\Program Files\<DIR> Corel
[10/22/2006|04:30] C:\Program Files\<DIR> Corel Corporation
[04/28/2007|05:52] C:\Program Files\<DIR> Creative
[10/03/2008|12:29] C:\Program Files\<DIR> Curse
[12/12/2006|01:17] C:\Program Files\<DIR> DAEMON Tools
[01/26/2007|05:06] C:\Program Files\<DIR> Dell
[01/26/2007|05:05] C:\Program Files\<DIR> Dell PC Fax
[01/26/2007|05:11] C:\Program Files\<DIR> Dell Photo AIO Printer 966
[11/16/2007|01:42] C:\Program Files\<DIR> DIFX
[09/13/2008|01:25] C:\Program Files\<DIR> DirectVobSub
[03/13/2008|02:42] C:\Program Files\<DIR> Disney
[09/13/2008|01:24] C:\Program Files\<DIR> DivX
[11/28/2008|11:02] C:\Program Files\<DIR> dl_cats
[06/15/2008|05:30] C:\Program Files\<DIR> DOSBox-0.72
[12/28/2006|05:56] C:\Program Files\<DIR> DVD Decrypter
[02/13/2007|01:31] C:\Program Files\<DIR> DVD Flick
[01/14/2007|07:27] C:\Program Files\<DIR> DVD Shrink
[03/13/2007|02:41] C:\Program Files\<DIR> DVDFab Platinum 3
[02/12/2007|08:58] C:\Program Files\<DIR> DVDlabPro2
[12/24/2006|02:50] C:\Program Files\<DIR> DVDXCopyInternational
[05/28/2008|08:35] C:\Program Files\<DIR> e frontier
[06/17/2008|05:55] C:\Program Files\<DIR> Electronic Arts
[10/12/2008|02:54] C:\Program Files\<DIR> Enigma Software Group
[08/28/2007|09:32] C:\Program Files\<DIR> File And MP3 Tag Renamer
[11/24/2008|05:07] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[07/18/2008|06:03] C:\Program Files\<DIR> FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[07/29/2007|03:56] C:\Program Files\<DIR> FocusSoft
[11/22/2008|08:25] C:\Program Files\<DIR> Folder Lock
[11/25/2008|10:13] C:\Program Files\<DIR> Foxit Software
[09/22/2007|04:06] C:\Program Files\<DIR> FreeRIP3
[02/18/2008|11:27] C:\Program Files\<DIR> Funcom
[09/06/2007|04:09] C:\Program Files\<DIR> Games
[09/24/2007|11:57] C:\Program Files\<DIR> GameSpot
[09/16/2007|05:18] C:\Program Files\<DIR> GameSpy Arcade
[07/19/2008|05:40] C:\Program Files\<DIR> GetFLV
[11/25/2008|07:21] C:\Program Files\<DIR> Google
[05/16/2008|03:07] C:\Program Files\<DIR> Hewlett-Packard
[06/23/2008|10:52] C:\Program Files\<DIR> HP
[05/27/2008|06:18] C:\Program Files\<DIR> ImTOO
[09/10/2008|09:02] C:\Program Files\<DIR> InstallShield Installation Information
[05/30/2008|09:23] C:\Program Files\<DIR> InterActual
[08/22/2008|09:48] C:\Program Files\<DIR> Internet Explorer
[05/31/2008|08:37] C:\Program Files\<DIR> InterVideo
[05/31/2008|08:39] C:\Program Files\<DIR> InterVideo Information Service
[10/07/2008|11:13] C:\Program Files\<DIR> iPod
[06/04/2007|06:23] C:\Program Files\<DIR> Irrational Games
[10/07/2008|11:13] C:\Program Files\<DIR> iTunes
[12/27/2006|11:23] C:\Program Files\<DIR> Jasc Software Inc
[11/25/2008|10:21] C:\Program Files\<DIR> Java
[08/23/2008|05:39] C:\Program Files\<DIR> JRTwine Software
[10/06/2007|09:15] C:\Program Files\<DIR> Lavasoft
[12/09/2006|08:31] C:\Program Files\<DIR> Lionhead Studios Ltd
[12/22/2006|02:43] C:\Program Files\<DIR> LucasArts
[02/03/2008|10:20] C:\Program Files\<DIR> LucasFan Games
[06/20/2008|04:59] C:\Program Files\<DIR> Magelo
[05/28/2008|04:31] C:\Program Files\<DIR> MagicDisc
[11/24/2008|12:42] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/25/2008|06:36] C:\Program Files\<DIR> McAfee
[11/25/2008|06:19] C:\Program Files\<DIR> McAfee.com
[02/17/2007|05:28] C:\Program Files\<DIR> Media Player Classic
[09/23/2007|06:30] C:\Program Files\<DIR> MediaMonkey
[05/25/2008|09:12] C:\Program Files\<DIR> Memorex exPressit Label Design Studio
[06/04/2008|03:06] C:\Program Files\<DIR> MemoriesOnTV4
[11/08/2008|12:48] C:\Program Files\<DIR> Messenger
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft ActiveSync
[08/11/2004|05:15] C:\Program Files\<DIR> microsoft frontpage
[10/06/2007|07:40] C:\Program Files\<DIR> Microsoft Games
[01/01/2007|04:54] C:\Program Files\<DIR> Microsoft Location Finder
[12/12/2006|06:06] C:\Program Files\<DIR> Microsoft Office
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Digital Media Edition
[10/22/2006|04:28] C:\Program Files\<DIR> Microsoft Plus! Photo Story 2 LE
[11/08/2008|12:59] C:\Program Files\<DIR> Microsoft Silverlight
[12/12/2006|05:50] C:\Program Files\<DIR> Microsoft SQL Server
[12/12/2006|06:05] C:\Program Files\<DIR> Microsoft.NET
[11/24/2008|05:07] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[08/11/2004|05:12] C:\Program Files\<DIR> Movie Maker
[11/28/2008|11:35] C:\Program Files\<DIR> Mozilla Firefox
[08/09/2008|09:45] C:\Program Files\<DIR> MSN
[08/11/2004|05:11] C:\Program Files\<DIR> MSN Gaming Zone
[12/09/2006|05:14] C:\Program Files\<DIR> MSXML 4.0
[11/03/2007|08:38] C:\Program Files\<DIR> MSXML 6.0
[12/25/2006|08:00] C:\Program Files\<DIR> MUSICMATCH
[08/19/2007|08:50] C:\Program Files\<DIR> MyVideoConverter
[10/01/2008|12:15] C:\Program Files\<DIR> NBC Direct Beta
[12/05/2007|05:50] C:\Program Files\<DIR> NCH Software
[12/05/2007|06:00] C:\Program Files\<DIR> NCH Swift Sound
[10/13/2007|04:39] C:\Program Files\<DIR> NCSOFT
[08/11/2004|05:12] C:\Program Files\<DIR> NetMeeting
[08/11/2004|05:11] C:\Program Files\<DIR> Online Services
[01/05/2008|05:43] C:\Program Files\<DIR> ONWIND
[02/23/2008|08:36] C:\Program Files\<DIR> OpenAL
[10/01/2008|12:13] C:\Program Files\<DIR> OpenCase
[12/11/2007|11:40] C:\Program Files\<DIR> Orb Networks
[06/15/2007|09:42] C:\Program Files\<DIR> Outlook Express
[01/20/2007|04:05] C:\Program Files\<DIR> PenTwain
[03/13/2008|03:45] C:\Program Files\<DIR> Photodex
[05/01/2007|04:14] C:\Program Files\<DIR> Photodex Presenter
[04/20/2008|09:40] C:\Program Files\<DIR> Pinnacle
[04/20/2008|09:41] C:\Program Files\<DIR> proDAD
[09/10/2008|07:14] C:\Program Files\<DIR> QuickTime
[09/03/2007|03:11] C:\Program Files\<DIR> QuickVerse 2007
[07/30/2007|11:07] C:\Program Files\<DIR> Real
[02/17/2007|05:28] C:\Program Files\<DIR> Real Alternative
[05/04/2008|03:33] C:\Program Files\<DIR> Red Eye Remover
[08/23/2008|02:43] C:\Program Files\<DIR> Red Eye Remover Pro
[07/19/2008|03:58] C:\Program Files\<DIR> Replay Converter
[07/19/2008|04:04] C:\Program Files\<DIR> Replay Media Catcher
[10/09/2007|04:27] C:\Program Files\<DIR> River Past
[08/30/2008|10:08] C:\Program Files\<DIR> Rokario
[05/29/2008|06:29] C:\Program Files\<DIR> Roxio
[07/09/2008|10:34] C:\Program Files\<DIR> Safari
[01/20/2007|04:08] C:\Program Files\<DIR> ScanSoft
[11/24/2008|05:07] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[10/11/2007|11:01] C:\Program Files\<DIR> Serious Magic
[08/05/2007|03:04] C:\Program Files\<DIR> Siber Systems
[11/01/2007|06:22] C:\Program Files\<DIR> SilentMusicBand
[11/24/2008|11:29] C:\Program Files\<DIR> SiteAdvisor
[04/02/2008|02:43] C:\Program Files\<DIR> Skype
[12/12/2006|05:47] C:\Program Files\<DIR> SmartSound Software
[02/13/2007|06:25] C:\Program Files\<DIR> Sonic
[09/30/2008|06:34] C:\Program Files\<DIR> Sony
[10/11/2008|01:23] C:\Program Files\<DIR> Spybot - Search & Destroy
[10/12/2008|12:20] C:\Program Files\<DIR> SpyNoMore
[06/04/2007|03:11] C:\Program Files\<DIR> Summitsoft
[07/09/2008|09:54] C:\Program Files\<DIR> Sun
[11/25/2008|05:38] C:\Program Files\<DIR> Sunbelt Software
[02/13/2007|12:15] C:\Program Files\<DIR> Super DVD Creator 9.25.0
[02/24/2008|05:31] C:\Program Files\<DIR> Sword of The New World
[02/23/2008|03:45] C:\Program Files\<DIR> SystemRequirementsLab
[11/24/2008|05:07] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[12/16/2007|04:29] C:\Program Files\<DIR> Telltale Games
[11/18/2007|12:38] C:\Program Files\<DIR> THQ
[09/13/2008|03:20] C:\Program Files\<DIR> Tivo Decoder
[09/13/2008|03:22] C:\Program Files\<DIR> TiVoToGo Filter
[11/19/2007|02:48] C:\Program Files\<DIR> Total Video Converter
[11/25/2008|09:56] C:\Program Files\<DIR> Trend Micro
[11/23/2008|05:32] C:\Program Files\<DIR> Trillian
[02/23/2008|02:24] C:\Program Files\<DIR> Turbine
[06/04/2008|03:56] C:\Program Files\<DIR> Ulead Systems
[11/22/2007|10:45] C:\Program Files\<DIR> Ultimate Nullifier
[08/11/2004|05:20] C:\Program Files\<DIR> Uninstall Information
[01/27/2008|03:51] C:\Program Files\<DIR> Ventrilo
[01/05/2008|03:59] C:\Program Files\<DIR> VestGame
[06/18/2008|08:09] C:\Program Files\<DIR> VideoCharge Software
[12/10/2006|08:48] C:\Program Files\<DIR> VideoLAN
[09/13/2008|04:51] C:\Program Files\<DIR> VideoReDoTVSuite
[11/28/2008|11:47] C:\Program Files\<DIR> Viewpoint
[02/10/2007|03:52] C:\Program Files\<DIR> Virtools
[03/15/2008|08:37] C:\Program Files\<DIR> Warcraft III
[08/23/2008|02:43] C:\Program Files\<DIR> Web Photo Album
[04/23/2008|07:54] C:\Program Files\<DIR> Winamp
[12/13/2007|11:54] C:\Program Files\<DIR> WinAVI Video Converter 9.0
[08/09/2008|09:36] C:\Program Files\<DIR> Windows Live
[01/01/2007|04:51] C:\Program Files\<DIR> Windows Live Local for Outlook
[12/16/2006|08:26] C:\Program Files\<DIR> Windows Media Components
[12/10/2006|07:22] C:\Program Files\<DIR> Windows Media Connect 2
[03/05/2008|04:22] C:\Program Files\<DIR> Windows Media Player
[08/11/2004|05:11] C:\Program Files\<DIR> Windows NT
[08/11/2004|05:13] C:\Program Files\<DIR> WindowsUpdate
[12/10/2006|12:40] C:\Program Files\<DIR> WinRAR
[11/13/2008|04:42] C:\Program Files\<DIR> World of Warcraft
[08/11/2004|05:15] C:\Program Files\<DIR> xerox
[08/17/2008|12:58] C:\Program Files\<DIR> Yahoo!
[12/16/2007|01:57] C:\Program Files\<DIR> Zlurp!
[09/13/2008|04:21] C:\Program Files\<DIR> Zoom Player
[09/22/2007|07:06] C:\Program Files\<DIR> Zortam Mp3 Media Studio

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/25/2008|10:12] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2008|11:43] C:\Program Files\Common Files\<DIR> AOL
[09/10/2008|07:14] C:\Program Files\Common Files\<DIR> Apple
[11/11/2008|06:30] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[08/23/2008|12:53] C:\Program Files\Common Files\<DIR> Corel
[12/12/2006|06:06] C:\Program Files\Common Files\<DIR> DESIGNER
[10/11/2008|03:04] C:\Program Files\Common Files\<DIR> Download Manager
[10/04/2007|06:12] C:\Program Files\Common Files\<DIR> GTK
[05/16/2008|03:06] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[05/16/2008|03:08] C:\Program Files\Common Files\<DIR> HP
[03/23/2008|12:12] C:\Program Files\Common Files\<DIR> INCA Shared
[01/20/2007|03:42] C:\Program Files\Common Files\<DIR> InstallShield
[10/22/2006|04:36] C:\Program Files\Common Files\<DIR> InstallShieldx
[05/31/2008|08:38] C:\Program Files\Common Files\<DIR> InterVideo
[08/10/2008|06:13] C:\Program Files\Common Files\<DIR> Jasc Software Inc
[10/22/2006|04:21] C:\Program Files\Common Files\<DIR> Java
[05/31/2008|07:51] C:\Program Files\Common Files\<DIR> LightScribe
[08/27/2007|04:26] C:\Program Files\Common Files\<DIR> Macrovision Shared
[02/13/2007|12:38] C:\Program Files\Common Files\<DIR> MAGIX Shared
[11/25/2008|06:20] C:\Program Files\Common Files\<DIR> McAfee
[11/08/2008|12:41] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> MSSoap
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> ODBC
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> Real
[09/22/2007|07:56] C:\Program Files\Common Files\<DIR> River Past
[05/29/2008|06:27] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/20/2007|04:08] C:\Program Files\Common Files\<DIR> ScanSoft Shared
[08/11/2004|05:12] C:\Program Files\Common Files\<DIR> Services
[04/02/2008|02:43] C:\Program Files\Common Files\<DIR> Skype
[05/29/2008|06:29] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/14/2007|10:07] C:\Program Files\Common Files\<DIR> SONY Digital Images
[08/11/2004|05:07] C:\Program Files\Common Files\<DIR> SpeechEngines
[07/29/2007|07:11] C:\Program Files\Common Files\<DIR> supportsoft
[05/25/2008|09:10] C:\Program Files\Common Files\<DIR> SureThing Shared
[06/15/2007|09:42] C:\Program Files\Common Files\<DIR> System
[10/14/2008|09:59] C:\Program Files\Common Files\<DIR> TiVo Shared
[02/09/2007|05:04] C:\Program Files\Common Files\<DIR> Totem Shared
[05/31/2008|08:39] C:\Program Files\Common Files\<DIR> Ulead
[04/09/2008|07:40] C:\Program Files\Common Files\<DIR> Ulead Systems
[08/09/2008|09:34] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[09/13/2008|11:22] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[07/18/2008|06:17] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 76 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 12:01:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Searching for other infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{939CE971-0651-4909-80CD-6425C39A8210}]
DhcpNameServer REG_SZ 85.255.112.21 85.255.112.150
==> WAREOUT <==

[F:865][D:1274]-> C:\DOCUME~1\HABITA~1\LOCALS~1\Temp
[F:129][D:0]-> C:\DOCUME~1\HABITA~1\Cookies
[F:1601][D:8]-> C:\DOCUME~1\HABITA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 11/27/2008|17:09 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Thu 11/27/2008|17:19 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - Fri 11/28/2008|11:49 - Option : [3]
4 - "C:\Lop SD\LopR_4.txt" - Fri 11/28/2008|12:01 - Option : [3]

--------------------\\ Scan completed at 12:01:32

oldskooldw · Nov 28, 2008

mbam-log

Malwarebytes' Anti-Malware 1.30
Database version: 1432
Windows 5.1.2600 Service Pack 2

11/28/2008 12:12:02 PM
mbam-log-2008-11-28 (12-11-51).txt

Scan type: Quick Scan
Objects scanned: 65144
Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{939ce971-0651-4909-80cd-6425c39a8210}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

oldskooldw · Nov 28, 2008

Hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:01 PM, on 11/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 19191 bytes

oldskooldw · Nov 28, 2008

dns/ip

Primary DNS: 100.255.112.21
Secondary DNS: 100.255.112.150

IP Address: 69.250.63.169
IP Subnet Mask: 255.255.248.0
Gateway IP Address: 69.250.56.1

Blade81 · Nov 28, 2008

Hi

Did you quarantine MBAM findings? It reads 'no action taken' there.

Uninstall AskBar (may be a bit differently written) if you haven't installed it on purpose.

Start hjt, do a system scan, check (if found):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [ante wait camp memo] C:\Documents and Settings\All Users\Application Data\wma five ante wait\view gram.exe

Close browsers and fix checked.

Reboot.

We need to execute an OTMoveIt3 script

Please download OTMoveIt3 by OldTimer and save it to your desktop.
Double click theOTMoveIt3 icon on your desktop.

Paste the following code under the Paste Fix Here area. Do not include the word
Code
.

Code:

:Files
C:\Documents and Settings\All Users\Application Data\wma five ante wait
C:\Program Files\BitComet

Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log. How's the system running?
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

oldskooldw · Nov 28, 2008

moveit log

========== FILES ==========
C:\Documents and Settings\All Users\Application Data\wma five ante wait moved successfully.
C:\Program Files\BitComet\torrents moved successfully.
C:\Program Files\BitComet\rules moved successfully.
C:\Program Files\BitComet moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_140457

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:57 PM, on 11/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18829 bytes

by the way, after I restarted after the HJT fix I put in my password to log into windows and my computer froze on the login screen. i waited 10 minutes and then turned my computer off and then on again and it logged in normally, and my windows update still doesn't work.

Also will other computers on my network be affected?

Blade81 · Nov 28, 2008

Hi again

Your other systems shouldn't be affected if there was nothing else than wareout and LOP in the system we're now cleaning.

my windows update still doesn't work

Do you get any error message or how doesn't it work? Please post exact error message if you get any.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report & a fresh hjt log.

oldskooldw · Nov 28, 2008

Kaspersky Online Scanner will not work, I get [ERROR: Failed to resolve source DNS name] and as far as Windows update goes, when I click on windows update on the start menu I get redirected to MSN.com and I'm guessing this means I am still infected...

here is the HJT log anyway...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:16 PM, on 11/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18880 bytes

Blade81 · Nov 28, 2008

Hi

Please run MBAM again and make sure you do full scan and quarantine its findings. Reboot and post back MBAM report & a fresh hjt log. Still getting redirected?

oldskooldw · Nov 29, 2008

Once again, like with the HJT fix, after I restarted after the MWBAM quarantine and removal I put in my password to log into windows and my computer froze on the login screen. i waited 10 minutes and then turned my computer off and then on again and it logged in normally, any thoughts as to why?

Here is the MWBAM associated with the last scan...

Malwarebytes' Anti-Malware 1.30
Database version: 1432
Windows 5.1.2600 Service Pack 2

11/29/2008 10:12:30 AM
mbam-log-2008-11-29 (10-12-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 303116
Time elapsed: 2 hour(s), 15 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{939ce971-0651-4909-80cd-6425c39a8210}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

oldskooldw · Nov 29, 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:09 AM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe
C:\Program Files\Dell Photo AIO Printer 966\memcard.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~2\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 966\memcard.exe"
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bandmon] C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Habitat Productions\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicshake.com/NewDownload/musicshake.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicshake.com/NewDownload/musicshakeplayercab.CAB
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.gamehouse.com/realarcade-webgames/burgershop/GoBitGamesPlayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0044291227655211) (0044291227655211mcinstcleanup) - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\004429~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: DNADownloader - Unknown owner - C:\Program Files\GameSpot\DownloadManager_Win32.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\HABITA~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18876 bytes

oldskooldw · Nov 29, 2008

I'm still infected after I restarted and I don't know how to just quarantine the findings without mwbam deleting them...

Malwarebytes' Anti-Malware 1.30
Database version: 1432
Windows 5.1.2600 Service Pack 2

11/29/2008 10:36:52 AM
mbam-log-2008-11-29 (10-36-48).txt

Scan type: Quick Scan
Objects scanned: 64834
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{939ce971-0651-4909-80cd-6425c39a8210}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.21 85.255.112.150 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Blade81 · Nov 29, 2008

Hi

MBAM quarantines the findings when you delete them.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

can't get rid of dnschanger no matter what I do

New member

Security Expert: Emeritus

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

Security Expert: Emeritus

New member

New member

New member

Security Expert: Emeritus