Help with virus

C

charlotte63

New member
Not quite sure what is wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:29 PM, on 3/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2X\Client\APPServerClient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {08BDBD9D-C478-4B3A-9B4F-8F228A7B223c} - C:\WINDOWS\System32\dpcdll32.dll (file missing)
O2 - BHO: (no name) - {0B06BA93-97F4-44E9-9C9E-52A70A21B0Ed} - C:\WINDOWS\System32\dpcdll32.dll (file missing)
O2 - BHO: (no name) - {117B7B3B-C478-4B3A-9B4F-8F228A7B223c} - C:\WINDOWS\System32\dpcdll32.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\WINDOWS\System32\dpnlobby3232.dll
O4 - Startup: 2X Client.lnk = C:\Program Files\2X\Client\APPServerClient.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258597985734
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpna/66/install/gtdownhp.cab?1,0,0,94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,C:\WINDOWS\System32\dnsapi32.dll
O20 - Winlogon Notify: 90b38228839 - C:\WINDOWS\System32\dnsapi32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 9283 bytes
 
Hello charlotte

Welcome to Safer Networking.

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


You do have some nasty things going on :red:




Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.


O2 - BHO: (no name) - {08BDBD9D-C478-4B3A-9B4F-8F228A7B223c} - C:\WINDOWS\System32\dpcdll32.dll (file missing)
O2 - BHO: (no name) - {0B06BA93-97F4-44E9-9C9E-52A70A21B0Ed} - C:\WINDOWS\System32\dpcdll32.dll (file missing)
O2 - BHO: (no name) - {117B7B3B-C478-4B3A-9B4F-8F228A7B223c} - C:\WINDOWS\System32\dpcdll32.dll (file missing)

O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\WINDOWS\System32\dpnlobby3232.dll

O20 - Winlogon Notify: 90b38228839 - C:\WINDOWS\System32\dnsapi32.dll




Please download ATF Cleaner by Atribune to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    post_a4255_MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please






  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
here is the report from Malwarebytes.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3935

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/30/2010 8:51:05 PM
mbam-log-2010-03-30 (20-51-05).txt

Scan type: Quick scan
Objects scanned: 114300
Time elapsed: 12 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 49

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\1B.tmp (Worm.P2P) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\90b38228839 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dnsapi32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dnsapi32.dll -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\1B.tmp (Worm.P2P) -> Delete on reboot.
C:\WINDOWS\system32\19.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browselc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsdmo32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ialmuENG32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ialmuRUS32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iasacct32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\48.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\695.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\696.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7B.tmp (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A0.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1256839282v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1256839282v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1256839282v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1256839282v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.


Here is the log file from RSIT.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Home at 2010-03-30 21:18:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (31%) free of 57 GB
Total RAM: 503 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:49 PM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2X\Client\APPServerClient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Home\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Home.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 2X Client.lnk = C:\Program Files\2X\Client\APPServerClient.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258597985734
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpna/66/install/gtdownhp.cab?1,0,0,94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8875 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-03 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll [2010-03-10 813040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-03 279664]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\System32\igfxtray.exe [2005-10-14 94208]
"igfxhkcmd"=C:\WINDOWS\System32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\System32\igfxpers.exe [2005-10-14 114688]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-02-15 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-01-03 39408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\Home\Start Menu\Programs\Startup
2X Client.lnk - C:\Program Files\2X\Client\APPServerClient.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Disabled:FrostWire"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Disabled:PaltalkScene"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2010-03-30 21:18:32 ----D---- C:\rsit
2010-03-30 20:34:35 ----D---- C:\Documents and Settings\Home\Application Data\Malwarebytes
2010-03-30 20:33:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-30 20:33:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-30 20:07:40 ----A---- C:\WINDOWS\system32\2E.tmp
2010-03-30 20:07:04 ----A---- C:\WINDOWS\system32\2C.tmp
2010-03-29 18:50:27 ----A---- C:\WINDOWS\system32\2.tmp
2010-03-29 15:11:36 ----A---- C:\WINDOWS\system32\6C.tmp
2010-03-29 15:11:30 ----A---- C:\WINDOWS\system32\6B.tmp
2010-03-28 19:13:46 ----A---- C:\WINDOWS\system32\25.tmp
2010-03-26 12:29:35 ----D---- C:\Program Files\Trend Micro
2010-03-26 12:18:03 ----D---- C:\WINDOWS\ERDNT
2010-03-26 12:16:27 ----D---- C:\Program Files\ERUNT
2010-03-25 06:28:00 ----A---- C:\WINDOWS\system32\69B.tmp
2010-03-25 06:27:38 ----A---- C:\WINDOWS\system32\699.tmp
2010-03-25 06:27:27 ----A---- C:\WINDOWS\system32\698.tmp
2010-03-25 06:27:25 ----A---- C:\WINDOWS\system32\697.tmp
2010-03-23 22:35:26 ----D---- C:\Program Files\Bonjour
2010-03-23 22:35:12 ----SHD---- C:\Config.Msi
2010-03-23 22:25:58 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-23 22:25:58 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-23 22:25:58 ----A---- C:\WINDOWS\system32\java.exe
2010-03-23 21:01:10 ----A---- C:\WINDOWS\system32\150.tmp
2010-03-22 18:40:42 ----A---- C:\WINDOWS\system32\1.tmp
2010-03-22 18:40:05 ----A---- C:\WINDOWS\system32\53.tmp
2010-03-22 18:40:02 ----A---- C:\WINDOWS\system32\52.tmp
2010-03-14 22:46:06 ----A---- C:\WINDOWS\wininit.ini
2010-03-14 21:50:25 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-14 21:23:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-14 21:23:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-10 23:58:55 ----D---- C:\WINDOWS\Minidump
2010-03-10 20:31:24 ----D---- C:\Documents and Settings\Home\Application Data\WinRAR
2010-03-10 04:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-09 22:28:32 ----D---- C:\Program Files\iPod
2010-03-09 22:28:12 ----D---- C:\Program Files\iTunes
2010-03-09 22:25:40 ----D---- C:\Program Files\QuickTime
2010-03-09 20:43:50 ----A---- C:\WINDOWS\system32\1B8.tmp
2010-03-09 00:43:56 ----A---- C:\WINDOWS\system32\7A.tmp
2010-03-06 16:04:08 ----A---- C:\WINDOWS\system32\A1.tmp
2010-03-06 16:03:26 ----A---- C:\WINDOWS\system32\9F.tmp
2010-03-03 20:42:18 ----A---- C:\WINDOWS\system32\3F.tmp
2010-03-03 02:46:47 ----SH---- C:\WINDOWS\system32\unrar.exe
2010-03-03 02:46:47 ----D---- C:\WINDOWS\system32\578938191
2010-03-03 02:46:14 ----D---- C:\Program Files\Mozilla Firefox
2010-02-27 17:56:13 ----D---- C:\WINDOWS\Sun
2010-02-27 17:51:03 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-27 17:49:52 ----D---- C:\Program Files\Java
2010-02-27 17:47:33 ----D---- C:\Documents and Settings\Home\Application Data\Sun
2010-02-24 04:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-16 06:48:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-16 06:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-16 06:48:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-15 19:34:51 ----D---- C:\Program Files\Safari
2010-02-15 00:43:48 ----D---- C:\WINDOWS\Prefetch
2010-02-15 00:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-15 00:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-15 00:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-15 00:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-15 00:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-15 00:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-15 00:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-15 00:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-15 00:23:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-15 00:21:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-15 00:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-15 00:16:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-15 00:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-15 00:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-15 00:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-15 00:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-15 00:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-15 00:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-15 00:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-14 23:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-14 23:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-14 23:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-14 23:51:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-14 23:49:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-14 23:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-14 23:45:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-14 23:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-14 23:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-14 23:39:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-14 23:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-14 23:34:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-14 23:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-02-14 23:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-02-14 23:27:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-14 23:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-14 23:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-14 23:21:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-14 23:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-14 23:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-14 23:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-14 23:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-14 23:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-14 23:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-14 23:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-14 23:06:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-14 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-14 23:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-14 23:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-14 22:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-14 22:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-14 22:50:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-14 22:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-14 22:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-14 22:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-14 22:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-14 22:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-14 22:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-14 22:28:00 ----D---- C:\WINDOWS\system32\scripting
2010-02-14 22:27:55 ----D---- C:\WINDOWS\l2schemas
2010-02-14 22:27:53 ----D---- C:\WINDOWS\system32\en
2010-02-14 22:10:40 ----D---- C:\WINDOWS\network diagnostic
2010-02-14 21:33:18 ----D---- C:\WINDOWS\ie8updates
2010-02-14 21:31:18 ----D---- C:\WINDOWS\WBEM
2010-02-14 21:28:40 ----HDC---- C:\WINDOWS\ie8
2010-02-12 11:46:14 ----A---- C:\WINDOWS\system32\dns-sd.exe
2010-02-12 11:46:14 ----A---- C:\WINDOWS\system32\dnssd.dll
2010-02-09 23:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-09 23:08:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-09 23:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-09 23:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-09 23:06:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-09 23:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-09 23:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-09 23:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977165_0$
2010-01-31 11:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2010-01-31 11:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-01-29 00:07:46 ----D---- C:\Program Files\TurboTax
2010-01-29 00:03:59 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-29 00:03:47 ----D---- C:\WINDOWS\system32\en-US
2010-01-29 00:03:36 ----D---- C:\Program Files\Reference Assemblies
2010-01-29 00:02:13 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-29 00:02:13 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-29 00:02:12 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-29 00:02:12 ----D---- C:\4812d6fd88c25d4efa
2010-01-28 23:59:43 ----RSD---- C:\WINDOWS\assembly
2010-01-28 23:58:17 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-28 23:56:43 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-01-28 23:56:28 ----D---- C:\Program Files\MSXML 6.0
2010-01-27 21:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-01-27 21:49:10 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-01-27 21:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-01-26 00:48:15 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2010-01-26 00:47:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-26 00:47:19 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-01-26 00:46:41 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-26 00:46:16 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-01-26 00:44:13 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-01-26 00:43:27 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-26 00:43:19 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-01-23 23:20:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-16 10:44:27 ----D---- C:\Documents and Settings\Home\Application Data\2XClient
2010-01-16 10:43:54 ----D---- C:\Program Files\2X
2010-01-14 00:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-01-14 00:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-01-13 21:14:00 ----D---- C:\Documents and Settings\Home\Application Data\Move Networks
2010-01-13 21:12:24 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-01-12 00:31:47 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2010-01-12 00:31:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-12 00:31:26 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-12 00:31:05 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2010-01-12 00:31:04 ----A---- C:\WINDOWS\system32\cdintf300.dll
2010-01-12 00:30:50 ----D---- C:\Documents and Settings\Home\Application Data\Intuit
2010-01-12 00:30:34 ----D---- C:\Program Files\Common Files\Palo Alto Software
2010-01-12 00:30:26 ----D---- C:\Program Files\Common Files\Intuit
2010-01-12 00:30:16 ----D---- C:\Program Files\Quicken
2010-01-12 00:29:56 ----A---- C:\WINDOWS\QUICKEN.INI
2010-01-12 00:29:13 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2010-01-10 20:12:58 ----A---- C:\WINDOWS\system32\hpzlnt09.dll
2010-01-10 20:12:29 ----A---- C:\WINDOWS\system32\AddPort.ini
2010-01-10 20:12:26 ----A---- C:\WINDOWS\system32\hptcpmui.dll
2010-01-10 20:12:26 ----A---- C:\WINDOWS\system32\hptcpmon.ini
2010-01-10 20:12:25 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2010-01-10 20:12:25 ----A---- C:\WINDOWS\system32\hpzjfw01.dll
2010-01-10 20:12:25 ----A---- C:\WINDOWS\system32\hptcpmon.dll
2010-01-10 20:12:25 ----A---- C:\WINDOWS\system32\hptcpmib.dll
2010-01-10 20:12:05 ----D---- C:\Program Files\Hewlett-Packard
2010-01-10 20:10:23 ----A---- C:\WINDOWS\system32\hptrace.ini
2010-01-10 20:09:31 ----A---- C:\WINDOWS\hpdj5800.ini
2010-01-10 19:50:33 ----D---- C:\Documents and Settings\All Users\Application Data\Gtek
2010-01-10 19:50:12 ----D---- C:\Documents and Settings\Home\Application Data\GTek
2010-01-09 22:56:40 ----A---- C:\WINDOWS\system32\muweb.dll
2010-01-09 22:56:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-01-09 22:56:40 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-01-09 22:44:42 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-01-09 22:40:35 ----D---- C:\Program Files\Microsoft Works
2010-01-09 22:40:17 ----D---- C:\Program Files\MSBuild
2010-01-09 22:39:10 ----D---- C:\Program Files\Microsoft Visual Studio
2010-01-09 22:39:10 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-09 22:32:50 ----D---- C:\WINDOWS\SHELLNEW
2010-01-09 22:31:12 ----D---- C:\Program Files\Microsoft Office
2010-01-09 22:31:05 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-01-09 22:29:30 ----RHD---- C:\MSOCache
2010-01-04 22:58:24 ----D---- C:\dj5850
2010-01-04 07:47:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-03 23:51:59 ----D---- C:\Documents and Settings\Home\Application Data\Apple Computer
2010-01-03 23:51:20 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-01-03 23:50:04 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-03 23:48:22 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-01-03 23:47:41 ----D---- C:\Program Files\Apple Software Update
2010-01-03 23:47:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-03 23:47:24 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-01-03 23:46:10 ----D---- C:\Program Files\Common Files\Apple
2010-01-03 23:46:10 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-01-03 22:30:09 ----D---- C:\Program Files\Kaspersky Lab
2010-01-03 22:30:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-01-03 22:27:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-03 14:49:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-02 11:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970430_0$
2010-01-02 11:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971737_0$
2010-01-01 21:16:05 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-01 20:35:59 ----D---- C:\Documents and Settings\Home\Application Data\Paltalk
2010-01-01 11:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-01-01 11:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-01-01 11:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-01-01 11:16:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-01-01 11:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-01-01 11:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-01-01 11:16:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-01-01 11:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-01-01 11:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-01 11:15:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-01-01 11:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-01-01 11:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2010-01-01 11:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-01-01 11:15:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-01-01 11:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2010-01-01 11:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-01-01 11:15:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-01-01 11:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-01-01 11:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-01-01 11:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-01-01 11:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-01-01 11:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2010-01-01 11:14:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-01-01 11:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-01-01 11:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-01-01 11:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-01-01 11:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-01-01 11:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-01-01 11:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-01-01 11:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-01-01 11:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-01-01 11:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-01-01 11:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-01-01 11:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2010-01-01 11:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2010-01-01 11:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-01-01 11:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-01-01 11:12:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-01-01 11:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-01-01 11:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-01-01 11:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-01-01 11:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-01-01 11:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-01-01 11:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-01-01 11:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2010-01-01 11:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-01-01 11:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-01-01 11:10:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-01-01 11:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-01-01 11:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-01-01 11:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-01-01 11:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-01-01 11:10:06 ----D---- C:\Program Files\MSXML 4.0
2010-01-01 11:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-01-01 11:09:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-01-01 11:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-01-01 11:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-01-01 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-12-31 16:03:43 ----D---- C:\Documents and Settings\Home\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-12-31 16:02:58 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-12-31 15:30:27 ----D---- C:\Program Files\Common Files\Adobe
2009-12-31 15:29:32 ----D---- C:\Program Files\Adobe
2009-12-31 15:29:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-31 15:28:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-31 15:28:04 ----D---- C:\Documents and Settings\Home\Application Data\Google
2009-12-31 15:27:31 ----D---- C:\Program Files\Google
2009-12-31 15:27:00 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-31 15:23:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-12-31 15:23:06 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-12-31 15:23:03 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-12-31 15:23:03 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-12-31 15:22:54 ----N---- C:\WINDOWS\system32\setupn.exe
2009-12-31 15:22:52 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-12-31 15:22:50 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-12-31 15:22:50 ----N---- C:\WINDOWS\system32\qutil.dll
2009-12-31 15:22:49 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-12-31 15:22:49 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-12-31 15:22:49 ----N---- C:\WINDOWS\system32\qagent.dll
2009-12-31 15:22:45 ----N---- C:\WINDOWS\system32\onex.dll
2009-12-31 15:22:37 ----N---- C:\WINDOWS\system32\napstat.exe
2009-12-31 15:22:37 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-12-31 15:22:37 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-12-31 15:22:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-12-31 15:22:34 ----N---- C:\WINDOWS\system32\mssha.dll
2009-12-31 15:22:23 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-12-31 15:22:22 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-12-31 15:22:22 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-12-31 15:22:20 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-12-31 15:22:09 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-12-31 15:22:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-12-31 15:22:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-12-31 15:22:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-12-31 15:22:08 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-12-31 15:22:08 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-12-31 15:21:52 ----A---- C:\WINDOWS\005263_.tmp
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-12-31 15:21:50 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-12-31 15:21:43 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-12-31 15:21:43 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-12-31 15:21:42 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-12-31 15:21:42 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-12-31 15:21:42 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-12-31 15:21:42 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-12-31 15:21:42 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-12-31 15:21:41 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-12-31 15:21:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-12-31 15:21:40 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-12-31 15:21:38 ----N---- C:\WINDOWS\system32\credssp.dll
2009-12-31 15:21:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-31 15:21:32 ----N---- C:\WINDOWS\system32\azroles.dll
2009-12-31 15:21:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-12-31 14:59:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-12-31 14:50:54 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-12-31 14:50:54 ----A---- C:\WINDOWS\system32\xpsp3res.dll

======List of files/folders modified in the last 3 months======

2010-03-30 21:08:43 ----D---- C:\WINDOWS\Temp
2010-03-30 20:55:48 ----D---- C:\WINDOWS
2010-03-30 20:53:32 ----D---- C:\WINDOWS\system32
2010-03-30 20:53:26 ----D---- C:\WINDOWS\system32\drivers
2010-03-30 20:53:26 ----D---- C:\WINDOWS\peernet
2010-03-30 20:53:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-30 20:53:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 20:33:03 ----RD---- C:\Program Files
2010-03-30 20:29:51 ----HD---- C:\WINDOWS\inf
2010-03-30 20:28:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-30 20:28:02 ----D---- C:\Program Files\Internet Explorer
2010-03-30 20:25:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-29 21:11:26 ----D---- C:\WINDOWS\repair
2010-03-29 21:02:49 ----SHD---- C:\System Volume Information
2010-03-29 19:49:51 ----D---- C:\WINDOWS\Registration
2010-03-29 19:39:41 ----D---- C:\Documents and Settings\Home\Application Data\Ahead
2010-03-23 22:38:23 ----SHD---- C:\WINDOWS\Installer
2010-03-15 17:43:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-15 17:42:12 ----A---- C:\WINDOWS\imsins.BAK
2010-03-14 21:51:20 ----D---- C:\Documents and Settings
2010-03-14 12:42:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-10 23:33:17 ----SD---- C:\WINDOWS\Tasks
2010-03-10 04:10:25 ----D---- C:\Program Files\Movie Maker
2010-03-10 04:04:07 ----D---- C:\WINDOWS\WinSxS
2010-03-09 02:53:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-25 11:54:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-02-25 01:24:37 ----N---- C:\WINDOWS\system32\occache.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\wininet.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-02-25 01:24:37 ----A---- C:\WINDOWS\system32\mstime.dll
2010-02-25 01:24:36 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-02-25 01:24:35 ----N---- C:\WINDOWS\system32\jsproxy.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-02-25 01:24:35 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-02-25 01:24:34 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2010-02-24 04:54:25 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2010-02-16 01:40:05 ----SHD---- C:\RECYCLER
2010-02-15 19:17:32 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-15 00:44:10 ----A---- C:\WINDOWS\setuplog.txt
2010-02-15 00:43:15 ----D---- C:\WINDOWS\system32\Setup
2010-02-15 00:43:15 ----D---- C:\WINDOWS\AppPatch
2010-02-15 00:43:15 ----D---- C:\Program Files\Messenger
2010-02-15 00:43:13 ----D---- C:\WINDOWS\system32\wbem
2010-02-15 00:43:12 ----RSD---- C:\WINDOWS\Fonts
2010-02-15 00:42:34 ----D---- C:\WINDOWS\security
2010-02-15 00:05:17 ----D---- C:\Program Files\Outlook Express
2010-02-14 22:28:59 ----D---- C:\WINDOWS\ime
2010-02-14 22:28:57 ----D---- C:\WINDOWS\Help
2010-02-14 22:28:05 ----D---- C:\WINDOWS\system32\usmt
2010-02-14 22:27:52 ----D---- C:\WINDOWS\system32\bits
2010-02-14 22:17:24 ----D---- C:\WINDOWS\system32\Restore
2010-02-14 22:17:24 ----D---- C:\WINDOWS\system32\npp
2010-02-14 22:17:19 ----D---- C:\WINDOWS\msagent
2010-02-14 22:17:17 ----D---- C:\WINDOWS\srchasst
2010-02-14 22:17:13 ----D---- C:\Program Files\NetMeeting
2010-02-14 22:17:06 ----D---- C:\WINDOWS\system32\Com
2010-02-14 22:17:00 ----D---- C:\Program Files\Windows Media Player
2010-02-14 22:16:59 ----D---- C:\Program Files\Windows NT
2010-02-14 22:16:50 ----D---- C:\Program Files\Common Files\System
2010-02-14 22:16:02 ----D---- C:\WINDOWS\system32\oobe
2010-02-14 22:15:57 ----D---- C:\WINDOWS\system
2010-02-14 22:03:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-14 22:03:11 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-14 21:54:53 ----D---- C:\WINDOWS\EHome
2010-02-14 21:31:30 ----D---- C:\WINDOWS\system32\config
2010-02-14 21:30:53 ----D---- C:\WINDOWS\Media
2010-01-29 08:31:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-29 00:18:20 ----SD---- C:\Documents and Settings\Home\Application Data\Microsoft
2010-01-29 00:02:54 ----D---- C:\WINDOWS\system32\spool
2010-01-28 23:58:26 ----D---- C:\WINDOWS\system32\mui
2010-01-26 00:46:57 ----A---- C:\WINDOWS\win.ini
2010-01-12 00:36:42 ----D---- C:\Program Files\Common Files
2010-01-09 22:37:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-09 22:37:39 ----D---- C:\WINDOWS\PCHealth
2010-01-04 07:47:28 ----D---- C:\WINDOWS\Debug
2010-01-01 11:10:57 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-31 16:03:36 ----D---- C:\Documents and Settings\Home\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-30 315408]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2003-01-23 17217]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2006-04-05 2208512]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 UXDCMN;UXDCMN; \??\D:\WINSTRESS\UXDCMN.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-03 135664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-03 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
 
because the info file is so long I needed to post it in a separate post.

And Last the info file from RSIT.

info.txt logfile of random's system information tool 1.06 2010-03-30 21:18:59

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2X Client-->MsiExec.exe /X{3DFDA58D-624D-47ED-97A9-74E817B6323F}
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Application Support-->MsiExec.exe /I{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
hp deskjet 5800-->msiexec /x{8FD66F0B-38FF-4834-88FF-56DC214A62ED}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterVideo WinDVD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\InterVideo\WinDVD\Uninst.isu"
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime-->MsiExec.exe /I{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}
Safari-->MsiExec.exe /I{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Premier 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {0B06BA93-97F4-44E9-9C9E-52A70A21B0Ed} - C:\WINDOWS\System32\dpcdll32.dll (file missing) [2010-03-30]
O2 - BHO: (no name) - {117B7B3B-C478-4B3A-9B4F-8F228A7B223c} - C:\WINDOWS\System32\dpcdll32.dll (file missing) [2010-03-30]
O20 - Winlogon Notify: 90b38228839 - C:\WINDOWS\System32\dnsapi32.dll [2010-03-30]
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\WINDOWS\System32\dpnlobby3232.dll [2010-03-30]
O2 - BHO: (no name) - {08BDBD9D-C478-4B3A-9B4F-8F228A7B223c} - C:\WINDOWS\System32\dpcdll32.dll (file missing) [2010-03-30]

======Security center information======

AV: Kaspersky Internet Security (outdated)
FW: Kaspersky Internet Security

======System event log======

Computer Name: HOME-VL2LPZF6SS
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.0.109 for the Network Card
with network address 0012F0373088 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 6542
Source Name: Dhcp
Time Written: 20100311203333.000000-360
Event Type: warning
User:

Computer Name: HOME-VL2LPZF6SS
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.0.109 for the Network Card
with network address 0012F0373088 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 6541
Source Name: Dhcp
Time Written: 20100311203333.000000-360
Event Type: warning
User:

Computer Name: HOME-VL2LPZF6SS
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.0.109 for the Network Card
with network address 0012F0373088 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 6540
Source Name: Dhcp
Time Written: 20100311203323.000000-360
Event Type: warning
User:

Computer Name: HOME-VL2LPZF6SS
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.0.109 for the Network Card
with network address 0012F0373088 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 6539
Source Name: Dhcp
Time Written: 20100311203323.000000-360
Event Type: warning
User:

Computer Name: HOME-VL2LPZF6SS
Event Code: 1005
Message: Your computer has detected that the IP address 192.168.0.109 for the Network Card
with network address 0012F0373088 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 6538
Source Name: Dhcp
Time Written: 20100311203313.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: HOME-VL2LPZF6SS
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 605
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20100128230422.000000-360
Event Type: warning
User:

Computer Name: HOME-VL2LPZF6SS
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 588
Source Name: ASP.NET 2.0.50727.0
Time Written: 20100128230055.000000-360
Event Type: warning
User:

Computer Name: HOME-VL2LPZF6SS
Event Code: 1517
Message: Windows saved user HOME-VL2LPZF6SS\Home registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 551
Source Name: Userenv
Time Written: 20100126070408.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-VL2LPZF6SS
Event Code: 1517
Message: Windows saved user HOME-VL2LPZF6SS\Home registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 544
Source Name: Userenv
Time Written: 20100126000341.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-VL2LPZF6SS
Event Code: 1000
Message: Faulting application windvd.exe, version 1.0.0.1, faulting module windvd.exe, version 1.0.0.1, fault address 0x000e6ddd.

Record Number: 542
Source Name: Application Error
Time Written: 20100125233843.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
 
Morning,

Looks like you still have some things that need to be removed.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
Good afternoon!

Here are my 2 logs!

ComboFix 10-03-29.04 - Home 03/31/2010 6:27.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.239 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\020000006ddf6e6d839C.manifest
c:\documents and settings\Administrator\Application Data\020000006ddf6e6d839O.manifest
c:\documents and settings\Administrator\Application Data\020000006ddf6e6d839P.manifest
c:\documents and settings\Administrator\Application Data\020000006ddf6e6d839S.manifest
c:\documents and settings\Home\Application Data\020000006ddf6e6d839C.manifest
c:\documents and settings\Home\Application Data\020000006ddf6e6d839O.manifest
c:\documents and settings\Home\Application Data\020000006ddf6e6d839P.manifest
c:\documents and settings\Home\Application Data\020000006ddf6e6d839S.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d836C.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d836O.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d836P.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d836S.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d839C.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d839O.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d839P.manifest
c:\documents and settings\Jacob\Application Data\020000006ddf6e6d839S.manifest
c:\windows\system32\1.tmp
c:\windows\system32\578938191
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 02:18 . 2010-03-31 02:18 -------- d-----w- C:\rsit
2010-03-31 01:34 . 2010-03-31 01:34 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-03-31 01:33 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 01:33 . 2010-03-31 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 01:33 . 2010-03-31 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 01:33 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 16:42 . 2010-03-29 16:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-26 17:29 . 2010-03-26 17:29 -------- d-----w- c:\program files\Trend Micro
2010-03-26 17:16 . 2010-03-26 17:16 -------- d-----w- c:\program files\ERUNT
2010-03-24 03:35 . 2010-03-24 03:35 -------- d-----w- c:\program files\Bonjour
2010-03-24 03:21 . 2010-03-24 03:21 152576 ----a-w- c:\documents and settings\Jacob\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-24 03:21 . 2010-03-24 03:21 79488 ----a-w- c:\documents and settings\Jacob\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-21 03:00 . 2010-03-21 03:00 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Temp
2010-03-15 02:23 . 2010-03-15 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-15 02:23 . 2010-03-15 02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-11 02:43 . 2010-03-11 02:43 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\WMTools Downloaded Files
2010-03-10 03:41 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 03:28 . 2010-03-10 03:28 -------- d-----w- c:\program files\iPod
2010-03-10 03:28 . 2010-03-10 03:30 -------- d-----w- c:\program files\iTunes
2010-03-10 03:25 . 2010-03-23 06:08 -------- d-----w- c:\program files\QuickTime
2010-03-07 10:19 . 2010-03-07 10:19 -------- d-----w- c:\documents and settings\Jacob\Application Data\Ahead
2010-03-04 09:00 . 2010-03-04 09:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-02 03:24 . 2010-03-03 07:34 4506256 ----a-w- c:\documents and settings\Jacob\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.6.exe
2010-03-02 03:16 . 2010-03-10 07:25 -------- d-----w- c:\documents and settings\Jacob\Application Data\FrostWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 11:45 . 2010-01-04 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-03-31 01:07 . 2010-03-31 01:07 0 ----a-w- c:\windows\system32\2E.tmp
2010-03-31 01:07 . 2010-03-31 01:07 0 ----a-w- c:\windows\system32\2C.tmp
2010-03-30 00:39 . 2009-12-21 01:01 -------- d-----w- c:\documents and settings\Home\Application Data\Ahead
2010-03-29 23:50 . 2010-03-29 23:50 0 ----a-w- c:\windows\system32\2.tmp
2010-03-29 20:11 . 2010-03-29 20:11 0 ----a-w- c:\windows\system32\6C.tmp
2010-03-29 20:11 . 2010-03-29 20:11 0 ----a-w- c:\windows\system32\6B.tmp
2010-03-29 00:13 . 2010-03-29 00:13 0 ----a-w- c:\windows\system32\25.tmp
2010-03-27 02:35 . 2010-02-16 00:34 -------- d-----w- c:\program files\Safari
2010-03-25 11:28 . 2010-03-25 11:28 0 ----a-w- c:\windows\system32\69B.tmp
2010-03-25 11:27 . 2010-03-25 11:27 0 ----a-w- c:\windows\system32\699.tmp
2010-03-25 11:27 . 2010-03-25 11:27 0 ----a-w- c:\windows\system32\698.tmp
2010-03-25 11:27 . 2010-03-25 11:27 0 ----a-w- c:\windows\system32\697.tmp
2010-03-24 03:25 . 2010-02-27 22:49 -------- d-----w- c:\program files\Java
2010-03-24 02:01 . 2010-03-24 02:01 0 ----a-w- c:\windows\system32\150.tmp
2010-03-23 06:07 . 2010-01-04 04:51 -------- d-----w- c:\documents and settings\Home\Application Data\Apple Computer
2010-03-22 23:40 . 2010-03-22 23:40 0 ----a-w- c:\windows\system32\53.tmp
2010-03-22 23:40 . 2010-03-22 23:40 0 ----a-w- c:\windows\system32\52.tmp
2010-03-11 01:37 . 2010-01-16 15:44 -------- d-----w- c:\documents and settings\Home\Application Data\2XClient
2010-03-10 09:12 . 2010-01-10 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 03:28 . 2010-01-04 04:46 -------- d-----w- c:\program files\Common Files\Apple
2010-03-10 01:43 . 2010-03-10 01:43 0 ----a-w- c:\windows\system32\1B8.tmp
2010-03-09 09:24 . 2010-01-26 05:46 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-09 05:43 . 2010-03-09 05:43 0 ----a-w- c:\windows\system32\7A.tmp
2010-03-06 21:04 . 2010-03-06 21:04 0 ----a-w- c:\windows\system32\A1.tmp
2010-03-06 21:03 . 2010-03-06 21:03 0 ----a-w- c:\windows\system32\9F.tmp
2010-03-04 01:42 . 2010-03-04 01:42 0 ----a-w- c:\windows\system32\3F.tmp
2010-03-03 04:37 . 2010-02-16 00:20 -------- d-----w- c:\documents and settings\Jacob\Application Data\Apple Computer
2010-02-27 22:55 . 2010-02-27 22:48 152576 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-02-27 05:07 . 2010-01-31 17:11 480440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-25 06:24 . 2003-03-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 02:43 . 2010-02-25 02:19 -------- d-----w- c:\documents and settings\Jacob\Application Data\U3
2010-02-23 05:45 . 2010-02-22 09:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 06:45 . 2010-02-16 06:45 58292 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-16 00:41 . 2010-02-16 00:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-16 00:32 . 2010-02-16 00:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-02-16 00:16 . 2010-02-16 00:16 71776 ----a-w- c:\documents and settings\Jacob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 03:35 . 2009-11-19 01:56 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-30 19:13 . 2010-01-30 19:13 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-29 05:18 . 2009-11-19 03:10 71776 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 03:44 . 2010-01-28 03:44 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-20 20:20 . 2010-01-20 20:20 6 ----a-w- c:\windows\Fonts\wfonts.key
2010-01-14 02:14 . 2010-01-14 02:14 144160 ----a-w- c:\documents and settings\Home\Application Data\Move Networks\uninstall.exe
2010-01-14 02:14 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\Home\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-12 05:34 . 2010-01-12 05:34 3379200 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17137-171411.dll
2010-01-12 05:33 . 2010-01-12 05:33 585728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\171124-17122.dll
2010-01-12 05:33 . 2010-01-12 05:33 5898240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\171411-17153.dll
2010-01-12 05:33 . 2010-01-12 05:33 2723840 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17153-17167.dll
2010-01-12 05:33 . 2010-01-12 05:33 679936 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17175-17182.dll
2010-01-12 05:33 . 2010-01-12 05:33 634880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17182-17192.dll
2010-01-12 05:33 . 2010-01-12 05:33 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-01-12 05:33 . 2010-01-12 05:33 581632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17167-17175.dll
2010-01-12 05:32 . 2010-01-12 05:32 3497984 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17122-17137.dll
2010-01-12 05:32 . 2010-01-12 05:32 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-01-12 05:32 . 2010-01-12 05:32 1008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-01-04 03:47 . 2010-01-04 03:47 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-04 03:47 . 2010-01-04 03:47 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-04 03:47 . 2010-01-04 03:47 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-04 03:47 . 2010-01-04 03:47 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-04 03:47 . 2010-01-04 03:47 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-04 03:44 . 2010-01-04 03:44 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-04 03:44 . 2010-01-04 03:44 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-04 03:44 . 2010-01-04 03:44 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-04 03:44 . 2010-01-04 03:44 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-04 03:44 . 2010-01-04 03:44 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-04 03:32 . 2010-01-04 03:32 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-04 03:32 . 2010-01-04 03:32 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-31 16:50 . 2003-03-31 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-10-14 114688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Jacob\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Home\Start Menu\Programs\Startup\
2X Client.lnk - c:\program files\2X\Client\APPServerClient.exe [2009-12-18 1127880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 10:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2010 2:49 PM 135664]
S3 UXDCMN;UXDCMN;\??\d:\winstress\UXDCMN.SYS --> d:\winstress\UXDCMN.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
Trusted Zone: chase.com\cards
Trusted Zone: intuit.com\ttlc
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 06:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3084)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-31 06:52:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-31 11:52

Pre-Run: 18,594,877,440 bytes free
Post-Run: 18,542,985,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 4E8BC3ED5E03A2C6B1413634C886231B


and the Hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:43 PM, on 3/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\2X\Client\APPServerClient.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 2X Client.lnk = C:\Program Files\2X\Client\APPServerClient.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258597985734
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpna/66/install/gtdownhp.cab?1,0,0,94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8698 bytes
 
Hello Charlotte,

FrostWire
LimeWire
If you keep using File Sharing programs like this your going to keep on getting infected. Your downloading that file from an unknown source and malware writers are aware of this and jumping on the band wagon trying to distribute there filth. You would be doing yourself a big favor if you uninstalled these and stayed away from programs like this.


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Link to the post


Code: 
http://forums.spybot.info/showthread.php?t=56477

Collect::
c:\windows\system32\2E.tmp
c:\windows\system32\2C.tmp
c:\windows\system32\2.tmp
c:\windows\system32\6C.tmp
c:\windows\system32\6B.tmp
c:\windows\system32\25.tmp
c:\windows\system32\69B.tmp
c:\windows\system32\699.tmp
c:\windows\system32\698.tmp
c:\windows\system32\697.tmp
c:\windows\system32\150.tmp
c:\windows\system32\53.tmp
c:\windows\system32\52.tmp
c:\windows\system32\1B8.tmp
c:\windows\system32\7A.tmp
c:\windows\system32\A1.tmp
c:\windows\system32\9F.tmp
c:\windows\system32\3F.tmp

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
 
Thanks!
My 17 year old downloaded those and I thought I had uninstalled them already. I think they were the source of my problems!

here are the logs.

ComboFix 10-03-29.04 - Home 03/31/2010 23:41:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.194 [GMT -5:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

file zipped: c:\windows\system32\150.tmp
file zipped: c:\windows\system32\1B8.tmp
file zipped: c:\windows\system32\2.tmp
file zipped: c:\windows\system32\25.tmp
file zipped: c:\windows\system32\2C.tmp
file zipped: c:\windows\system32\2E.tmp
file zipped: c:\windows\system32\3F.tmp
file zipped: c:\windows\system32\52.tmp
file zipped: c:\windows\system32\53.tmp
file zipped: c:\windows\system32\697.tmp
file zipped: c:\windows\system32\698.tmp
file zipped: c:\windows\system32\699.tmp
file zipped: c:\windows\system32\69B.tmp
file zipped: c:\windows\system32\6B.tmp
file zipped: c:\windows\system32\6C.tmp
file zipped: c:\windows\system32\7A.tmp
file zipped: c:\windows\system32\9F.tmp
file zipped: c:\windows\system32\A1.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\150.tmp
c:\windows\system32\1B8.tmp
c:\windows\system32\2.tmp
c:\windows\system32\25.tmp
c:\windows\system32\2C.tmp
c:\windows\system32\2E.tmp
c:\windows\system32\3F.tmp
c:\windows\system32\52.tmp
c:\windows\system32\53.tmp
c:\windows\system32\697.tmp
c:\windows\system32\698.tmp
c:\windows\system32\699.tmp
c:\windows\system32\69B.tmp
c:\windows\system32\6B.tmp
c:\windows\system32\6C.tmp
c:\windows\system32\7A.tmp
c:\windows\system32\9F.tmp
c:\windows\system32\A1.tmp

.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-03-31 02:18 . 2010-03-31 02:18 -------- d-----w- C:\rsit
2010-03-31 01:34 . 2010-03-31 01:34 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-03-31 01:33 . 2010-03-30 05:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 01:33 . 2010-03-31 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 01:33 . 2010-03-31 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 01:33 . 2010-03-30 05:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 16:42 . 2010-03-29 16:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-03-26 17:29 . 2010-03-26 17:29 -------- d-----w- c:\program files\Trend Micro
2010-03-26 17:16 . 2010-03-26 17:16 -------- d-----w- c:\program files\ERUNT
2010-03-24 03:35 . 2010-03-24 03:35 -------- d-----w- c:\program files\Bonjour
2010-03-24 03:21 . 2010-03-24 03:21 152576 ----a-w- c:\documents and settings\Jacob\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-24 03:21 . 2010-03-24 03:21 79488 ----a-w- c:\documents and settings\Jacob\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-21 03:00 . 2010-03-21 03:00 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Temp
2010-03-15 02:23 . 2010-03-15 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-15 02:23 . 2010-03-15 02:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-11 02:43 . 2010-03-11 02:43 -------- d-----w- c:\documents and settings\Jacob\Local Settings\Application Data\WMTools Downloaded Files
2010-03-10 03:41 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 03:28 . 2010-03-10 03:28 -------- d-----w- c:\program files\iPod
2010-03-10 03:28 . 2010-03-10 03:30 -------- d-----w- c:\program files\iTunes
2010-03-10 03:25 . 2010-03-23 06:08 -------- d-----w- c:\program files\QuickTime
2010-03-07 10:19 . 2010-03-07 10:19 -------- d-----w- c:\documents and settings\Jacob\Application Data\Ahead
2010-03-04 09:00 . 2010-03-04 09:00 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 03:55 . 2010-01-04 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-03-30 00:39 . 2009-12-21 01:01 -------- d-----w- c:\documents and settings\Home\Application Data\Ahead
2010-03-27 02:35 . 2010-02-16 00:34 -------- d-----w- c:\program files\Safari
2010-03-24 03:25 . 2010-02-27 22:49 -------- d-----w- c:\program files\Java
2010-03-23 06:07 . 2010-01-04 04:51 -------- d-----w- c:\documents and settings\Home\Application Data\Apple Computer
2010-03-11 01:37 . 2010-01-16 15:44 -------- d-----w- c:\documents and settings\Home\Application Data\2XClient
2010-03-10 09:12 . 2010-01-10 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 03:28 . 2010-01-04 04:46 -------- d-----w- c:\program files\Common Files\Apple
2010-03-09 09:24 . 2010-01-26 05:46 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-03 04:37 . 2010-02-16 00:20 -------- d-----w- c:\documents and settings\Jacob\Application Data\Apple Computer
2010-02-27 22:55 . 2010-02-27 22:48 152576 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2010-02-27 05:07 . 2010-01-31 17:11 480440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-25 06:24 . 2003-03-31 12:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-25 02:43 . 2010-02-25 02:19 -------- d-----w- c:\documents and settings\Jacob\Application Data\U3
2010-02-23 05:45 . 2010-02-22 09:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 06:45 . 2010-02-16 06:45 58292 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-16 00:41 . 2010-02-16 00:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-16 00:32 . 2010-02-16 00:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-02-16 00:16 . 2010-02-16 00:16 71776 ----a-w- c:\documents and settings\Jacob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 03:35 . 2009-11-19 01:56 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-02-12 16:46 . 2010-02-12 16:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46 . 2010-02-12 16:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-30 19:13 . 2010-01-30 19:13 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-29 05:18 . 2009-11-19 03:10 71776 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 03:44 . 2010-01-28 03:44 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-20 20:20 . 2010-01-20 20:20 6 ----a-w- c:\windows\Fonts\wfonts.key
2010-01-14 02:14 . 2010-01-14 02:14 144160 ----a-w- c:\documents and settings\Home\Application Data\Move Networks\uninstall.exe
2010-01-14 02:14 . 2009-12-07 01:22 5603776 ----a-w- c:\documents and settings\Home\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-01-12 05:34 . 2010-01-12 05:34 3379200 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17137-171411.dll
2010-01-12 05:33 . 2010-01-12 05:33 585728 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\171124-17122.dll
2010-01-12 05:33 . 2010-01-12 05:33 5898240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\171411-17153.dll
2010-01-12 05:33 . 2010-01-12 05:33 2723840 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17153-17167.dll
2010-01-12 05:33 . 2010-01-12 05:33 679936 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17175-17182.dll
2010-01-12 05:33 . 2010-01-12 05:33 634880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17182-17192.dll
2010-01-12 05:33 . 2010-01-12 05:33 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-01-12 05:33 . 2010-01-12 05:33 581632 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17167-17175.dll
2010-01-12 05:32 . 2010-01-12 05:32 3497984 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\17122-17137.dll
2010-01-12 05:32 . 2010-01-12 05:32 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2010-01-12 05:32 . 2010-01-12 05:32 1008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2010-01-04 03:47 . 2010-01-04 03:47 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-04 03:47 . 2010-01-04 03:47 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-04 03:47 . 2010-01-04 03:47 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-04 03:47 . 2010-01-04 03:47 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-04 03:47 . 2010-01-04 03:47 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-04 03:44 . 2010-01-04 03:44 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-04 03:44 . 2010-01-04 03:44 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-04 03:44 . 2010-01-04 03:44 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-04 03:44 . 2010-01-04 03:44 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-04 03:44 . 2010-01-04 03:44 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-04 03:32 . 2010-01-04 03:32 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-04 03:32 . 2010-01-04 03:32 108059 ----a-w- c:\windows\system32\drivers\klin.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-03-31_11.45.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-01 01:54 . 2010-04-01 01:54 16384 c:\windows\Temp\Perflib_Perfdata_264.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-10-14 114688]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\Jacob\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\Home\Start Menu\Programs\Startup\
2X Client.lnk - c:\program files\2X\Client\APPServerClient.exe [2009-12-18 1127880]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 10:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 3:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 8:39 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2010 2:49 PM 135664]
S3 UXDCMN;UXDCMN;\??\d:\winstress\UXDCMN.SYS --> d:\winstress\UXDCMN.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
Trusted Zone: chase.com\cards
Trusted Zone: intuit.com\ttlc
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 23:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-31 23:56:02
ComboFix-quarantined-files.txt 2010-04-01 04:55
ComboFix2.txt 2010-03-31 11:52

Pre-Run: 18,525,679,616 bytes free
Post-Run: 18,511,843,328 bytes free

- - End Of File - - 397F8DE754F848C8AAFB63CF2D45ED41
Upload was successful


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:18 AM, on 4/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: 2X Client.lnk = C:\Program Files\2X\Client\APPServerClient.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1258597985734
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30155.www3.hp.com/ediags/hpna/66/install/gtdownhp.cab?1,0,0,94
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8498 bytes
 
It is running great! Much faster and it is not accessing the harddrive constantly like it was doing before.

Thank you so much!
 
Your very welcome Charlotte

ATF Cleaner is yours to keep , run it once a week or so to clear out the clutter

Malwarebytes is the free version, yours to keep also, open it, check for updates and run a scan a few times a month removing what it finds


Now to remove most of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.







Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Click to expand...


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.6
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Safe Surfn
Ken
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
 
You must log in or register to reply here.
Back
Top