Internet Redirect - iexplorer - shutting down select programs - help?

P

proskoma

New member
Running Windows XP Ver 2002 SP 3

Last week I neglected to update AVG before the previous free version expired. Got an error message (didn't write down) that the installer had problems - installed new version anyway - full scan - but have four symptioms:
1. Web page redirects - especially from google, but not exclusivly
2. CyberSitter will not stay running. If I type cyb2k.exe in start/run the icon shows up in the tray and I see the process appear in task manager but the process ends almost right away and the icon dissapears when the curser rolls over it.
3. Certain windows dialog boxes will not populate... ie system resore opens to a white screen. Before I started trying to clean it would give an internet looking error - script error occured when trying to run scripts on this screen. With no details in the underlying fields. Usually had to fource quit.
4. I seem to have the iexplorer.exe trojan as this process shows up at least once and often multiple times in the taks manager when no browser windows are open... my current default browser is Opera, but when windows boots, I usually get a message about internet explorer being the default browser even though it hasn't been run.

I have run the following to try and fix:
Malwarebytes Anti-Malware
Prevx 3.0
1-2-3-Spyware
Spybot S&D
Norman Malware Cleaner
Stinger 1001

Here's my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:04 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\TrayDay\TrayDay.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3518.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3518.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\Program Files\Promise\FastTrak\FtrakSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12005 bytes
 
Hi proskoma,


I have run the following to try and fix:
Malwarebytes Anti-Malware
Click to expand...
Do you have that log still around? Please look for C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt file. If found, post back its contents.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
Computer is worse today - can't get to internet at all (posting from a borrowed lap-top), iExplorer shows up at least 10 times in process and force quit doesn't work. Had to shut down at one point and the computer had two processes I've never heard of before it asked me about shutting down "Auto Suggest Drop Down" and "SysFader".

The DDS.SCR is not automatically opening any log files - any chance they're saved on my HD somewhere?

2 Malware log files follow:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/17/2009 9:17:30 PM
mbam-log-2009-04-17 (21-17-30).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 76969
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00021494-0000-0000-c000-000000000046} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

_____________________________________________________________

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/17/2009 10:25:48 PM
mbam-log-2009-04-17 (22-25-48).txt

Scan type: Quick Scan
Objects scanned: 88929
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\egauth.egegauth.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egcomservice.egcomsvc.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egcomservice2.egcomsvc2.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\casino1.ini (Malware.Trace) -> Quarantined and deleted successfully.
 
Follow-up

Ran DDS.SCR on lap-top to understand functionality. Will not run on infected computer... sometimes briefly see command box open but never starts and runs scan.
 
Hi

Please rename dds.scr file -> something.scr and try running again.
 
This had no effect. Same symptoms. Could see command window open briefly - then program quit without running the scan.
 
Hi

Time for another program.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
 
Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by David Wilson at 2009-04-21 21:21:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (27%) free of 112 GB
Total RAM: 1535 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:38 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\TrayDay\TrayDay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\David Wilson\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\David Wilson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3518.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3518.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\Program Files\Promise\FastTrak\FtrakSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11330 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
bho2gr Class - E:\Program Files\GetRight\xx2gr.dll [2006-12-08 243016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EXE [2004-04-13 290905]
"C2K"=C:\WINDOWS\CYB2K.EXE [2007-07-24 3163648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-02-14 7700480]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-02-14 86016]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"nwiz"=nwiz.exe /install []
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe [2002-08-20 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WPCycle.exe"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LDM"=\Program\BackWeb-8876480.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [2002-01-24 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\WINDOWS\system32\atiptaxx.exe [2001-09-27 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
E:\Program Files\Iomega\DriveIcons\deskup.exe [2001-10-01 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dskmgr32]
C:\WINDOWS\System32\dskmgr32.exe [2003-04-21 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-09-19 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2003-12-17 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-15 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe [2001-11-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
E:\Program Files\Iomega\Common\ImgStart.exe [2001-01-17 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
C:\Program Files\Hello\Hello.exe [2005-01-11 2572288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
E:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE [2001-04-02 77887]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-05-07 1552384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-07 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
C:\WINDOWS\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2002-10-20 5222]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FastCheck Monitoring Utility.lnk]
C:\Program Files\Promise\FastTrak\RAIDeUtility.exe [2001-11-22 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
C:\PROGRA~1\COMMON~1\SONICS~1\cinetray.exe [2002-09-18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Wilson^Start Menu^Programs^Startup^Dialog Box Assistant.lnk]
E:\Program Files\OSDEx\OSDEx.exe [2002-04-26 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Wilson^Start Menu^Programs^Startup^Webshots.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe

C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup
TrayDay.lnk - C:\Program Files\TrayDay\TrayDay.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=E:\PROGRAM FILES\EUDORA\EUSHLEXT.DLL [2005-11-14 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoFavoritesMenu"=1
"NoLogOff"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Cyb2k.exe"="C:\WINDOWS\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel"
"E:\Program Files\GetRight\getright.exe"="E:\Program Files\GetRight\getright.exe:*:Enabled:GetRight® www.getright.com"
"E:\Age of Empires II\Age2_X1\AGE2_X1.ICD"="E:\Age of Empires II\Age2_X1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe"="E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe:*:Enabled:Dreamweaver"
"C:\Program Files\Common Files\Doppler 10 Pinpoint Alert\TrueWeather.exe"="C:\Program Files\Common Files\Doppler 10 Pinpoint Alert\TrueWeather.exe:*:Enabled:TrueWeather"
"C:\Program Files\SnapStream Media\Beyond TV 3\PVSLibraryAppService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\PVSLibraryAppService.exe:*:Enabled:Beyond TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServer.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServer.exe:*:Enabled:Beyond TV Web Server"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVGuideDataLoader.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\Program Files\SnapStream Media\Beyond TV 3\PVSConfigService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\PVSConfigService.exe:*:Enabled:Beyond TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVD3DShell.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console"
"E:\Program Files\ICQ\Icq.exe"="E:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVRegistrationService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServiceProxy.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\Program Files\Grisoft\AVG Free\avgw.exe"="C:\Program Files\Grisoft\AVG Free\avgw.exe:*:Enabled:AVG Free Edition for Windows"
"C:\Program Files\Grisoft\AVG Free\avgvv.exe"="C:\Program Files\Grisoft\AVG Free\avgvv.exe:*:Enabled:AVG Free Virus Vault"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"E:\Program Files\Sierra\Empire Earth\Empire Earth.exe"="E:\Program Files\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"F:\Program Files\Opera\Opera.exe"="F:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Disabled:patchgrabber"
"E:\Program Files\Real\RealOne Player\realplay.exe"="E:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\SnapStream Media\Beyond TV 3\SetupWizard.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe"="C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard"
"C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe"="C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe:*:Enabled:Protecting from spyware and adware can be easy and effective!"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - open - "E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-04-20 19:43:08 ----D---- C:\rsit
2009-04-18 17:51:58 ----A---- C:\WINDOWS\RegNet98.txt
2009-04-18 17:51:58 ----A---- C:\WINDOWS\RegNet.txt
2009-04-18 14:49:36 ----D---- C:\WINDOWS\ERDNT
2009-04-18 14:49:00 ----D---- C:\Program Files\ERUNT
2009-04-18 14:29:18 ----SHD---- C:\Config.Msi
2009-04-18 10:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-18 00:21:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 00:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 21:04:13 ----D---- C:\Documents and Settings\David Wilson\Application Data\Malwarebytes
2009-04-17 21:04:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-17 21:04:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-17 19:53:43 ----A---- C:\WINDOWS\wininit.ini
2009-04-17 08:22:21 ----D---- C:\!KillBox
2009-04-16 21:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\{A21E413E-98CC-4ABB-9843-E6AA4F456F61}
2009-04-14 09:48:02 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-04-14 09:44:35 ----D---- C:\fixwareout
2009-04-14 09:40:48 ----D---- C:\Program Files\Trend Micro
2009-04-13 21:09:24 ----D---- C:\Program Files\AVG
2009-04-13 21:09:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

======List of files/folders modified in the last 1 months======

2009-04-20 20:29:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 20:27:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-20 19:42:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-18 14:30:14 ----A---- C:\WINDOWS\cylsplog.txt
2009-04-14 07:11:02 ----A---- C:\WINDOWS\win.ini
2009-04-13 22:12:42 ----A---- C:\WINDOWS\RAIDeUtility.ini
2009-04-13 21:57:24 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\wzfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\wrestfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\viofil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\vgamfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\urifil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\tapfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\tafil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\swfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\srchout.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\srchin.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\srchfrgn.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\sporfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\spmfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\snetfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\snetbonly.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\pxyfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\psyfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\popfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\pkmon.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\picsfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\perfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\nvgamfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\nfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\mp3fil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\movfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\macfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\lgwfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\lastupdate.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\jbfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\imgfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\igefil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\iawfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\hatfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\gnfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\gdwfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\gblfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\fshrfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\fmfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\finfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\entfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\cultfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\csnews.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\chtfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\bsnlst.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\bnrfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\Auctfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\adwfil.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2007-02-06 16512]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-04-13 285824]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 6656]
R1 DCDisk;DCDisk; C:\WINDOWS\system32\drivers\DCDisk.sys [2008-06-17 155648]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-04-15 140416]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2003-04-16 4228]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-04-13 117248]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-04-15 198528]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R3 4mmdat;4mmdat; C:\WINDOWS\System32\DRIVERS\4mmdat.sys [2008-04-13 12288]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-04-13 23680]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2001-09-19 22064]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-09-19 37822]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2001-09-19 5840]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2001-09-19 67440]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-02-14 3983872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wlanCIG;2Wire 802.11g Driver; C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2004-05-16 390752]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-05-04 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-05-04 2560]
S1 DVDRC;DVDRC; C:\WINDOWS\System32\drivers\DVDRC.sys []
S1 efbDisk;efbDisk; C:\WINDOWS\system32\drivers\efbDisk.sys []
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\DAVIDW~1\LOCALS~1\Temp\AMDPCI.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2001-09-26 285088]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-04 104960]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP); C:\WINDOWS\System32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DDCCI;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\Moni2c.sys [2003-03-30 6494]
S3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder); C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-09-22 814464]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\drivers\HidUsb.sys [2008-04-13 10368]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2001-09-19 50432]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-04-13 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zremote;zremote; C:\WINDOWS\system32\drivers\zremote.sys [2004-03-01 10368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-01-24 126976]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 FastTrakSvc;Promise FastTrak Log Service; C:\Program Files\Promise\FastTrak\FtrakSvc.exe [2000-11-15 237568]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2003-12-17 200704]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-01-14 73728]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 NsService;NovaStor NovaBACKUP Backup/Copy Engine; C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe [2008-06-17 207936]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-02-14 159811]
R2 Real time Backup Loader;Real time Backup Loader; C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe [2008-06-17 93248]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2000-11-30 57344]
S2 Backup Scheduler;Backup Scheduler; C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe [2008-06-17 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2004-01-30 65625]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2004-01-30 65622]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
 
Info.txt

info.txt logfile of random's system information tool 1.06 2009-04-20 19:43:15

======Uninstall list======

-->"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Gigabyte Management Tools\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GIGABYTE\Promise ATA 133 Driver\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 Free Solitaire-->E:\PROGRA~1\123FRE~1\UNWISE.EXE E:\PROGRA~1\123FRE~1\INSTALL.LOG
1Click DVD to Divx Avi 2.12-->"E:\Program Files\1Click DVD to Divx Avi\unins000.exe"
2Wire Wireless Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
AccuChef-->E:\PROGRA~1\ACCUCH~1\UNWISE.EXE E:\PROGRA~1\ACCUCH~1\INSTALL.LOG
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Actual Checkers 2000 R-->"E:\Program Files\Atlant Software\Actual Checkers 2000 R\unins000.exe"
Adaptec EZ-SCSI Standard Edition 5.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\SCSI_SE\DeIsL1.isu"
Adobe After Effects 5.5-->MsiExec.exe /I{31851B85-C98E-44DE-8750-9843BCD63963}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe GoLive 6.0-->"C:\Program Files\InstallShield Installation Information\{97E38F11-0FBE-4BC2-9EE1-5B1421C76F27}\setup.exe"
Adobe Illustrator 10.0.3-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe PageMaker 6.5-->C:\WINDOWS\uninst.exe -f"E:\Program Files\PM65\DeIsL2.isu"
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"E:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -ff:\psfonts\DeIsL1.isu -c"f:\psfonts\UNINST.DLL"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AniRez-->C:\WINDOWS\unvise32.exe E:\Program Files\uninstal.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ATI Multimedia\Uninst.isu" -c"C:\Program Files\ATI Multimedia\ISuninst.dll
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AWSPS 4.02-->C:\WINDOWS\uninst.exe -f"D:\Atelier Web\AWSPS 4.02\DeIsL1.isu" -c"D:\Atelier Web\AWSPS 4.02\_ISREG32.DLL"
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{E86496D9-5009-4FFF-AABD-6E62CDFAC7B7}
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Chessmaster 8000-->C:\WINDOWS\IsUninst.exe -f"d:\Chessmaster 8000\CM8kUninst.isu"
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Red Alert 2-->E:\Westwood\RedAlert\Uninstll.EXE
Command & Conquer Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge-->E:\Westwood\RedAlert\Uninstll.EXE
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Cover Art Downloader v1.2-->"C:\Program Files\Cover Art Downloader\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CuteFTP 5.0 XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.exe" -l0x9 /l0009 UNINSTALL
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DesignPro 5.0 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6}
Desktop Architect-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Freeware\Desktop Architect\Uninst.isu"
Dialog Box Assistant 1.01-->"E:\Program Files\OSDEx\unins000.exe"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
Director 8 Shockwave Studio-->E:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE E:\PROGRA~1\MACROM~1\DIRECT~1\install.log
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doppler 10 Pinpoint Alert-->C:\WINDOWS\wnUninstall.exe "Doppler 10 Pinpoint Alert"
DR-92 Manager-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DR-92 Manager\Uninst.isu"
Elecard MPEG Player-->"C:\Program Files\Elecard\Elecard MPEG Player\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG Player\install.log" -u
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Eudora-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CD51F8E-A936-46D2-93BA-140D3F08BDD6}\setup.exe" -l0x9
FastTrak RAID controller utility-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Promise\FastTrak\UninstNT.isu" -c"C:\Program Files\Promise\FastTrak\uninst.dll"
FontLook-->E:\PROGRA~1\FONTLOOK\UNWISE.EXE E:\PROGRA~1\FONTLOOK\INSTALL.LOG
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GetRight-->E:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
GoldLeo DVD Ripper 2.2-->"C:\Program Files\GoldLeo DVD Ripper\unins000.exe"
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WINTV\SCHEDU~1\UNISCHED.EXE C:\PROGRA~1\WINTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV2000-->C:\PROGRA~1\WINTV\UNTV32.EXE C:\PROGRA~1\WINTV\WINTV2K.LOG
Hauppauge WinTV-PVR 150 Drivers-->C:\PROGRA~1\WINTV\UNPVR48.EXE C:\PROGRA~1\WINTV\pvr26xxx.LOG
Hello (remove only)-->"C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 840c series (Remove only)-->C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=USB001 -vproduct=840c -huninstall
hp deskjet 840c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 840c series
HTMLPad 2004 Pro v5.0-->"E:\Program Files\HTMLPad 2004 Pro\unins000.exe"
HyperCD-->C:\WINDOWS\IsUninst.exe -fC:\HyperCD\Uninst.isu
ICQ-->E:\PROGRA~1\ICQ\ICQUninstall.EXE
IKEA HomePlanner Kitchen-->MsiExec.exe /I{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
Iomega App Services-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
IomegaWare-->C:\WINDOWS\unvise32.exe E:\Program Files\Iomega\uninstal.log
iSofter DVD Ripper Platinum 3.0.2007.228-->"C:\Program Files\iSofter\DVDPlatinum\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"E:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JMail-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0C3855-5651-4313-AC56-9A3F17D2ADC9}\Setup.exe"
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" UNINSTALL /L9
Logitech MouseWare 9.41 .1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0009 UNINSTALL
Macromedia Dreamweaver 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia Flash 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\SETUP.EXE" UNINSTALL
Macromedia FreeHand 9-->C:\WINDOWS\IsUninst.exe -f"D:\Macromedia\FreeHand 9\Uninst.isu"
Macromedia Generator 2-->C:\WINDOWS\IsUninst.exe -f"d:\macromedia\Generator2\Generator 2\Uninst.isu" -c"d:\macromedia\Generator2\Generator 2\bin\uninstall.dll"
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~3\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~3\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Cleaner Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Media Cleaner Pro 4.0.2\DeIsL1.isu" -c"C:\PROGRA~1\MEDIAC~1.2\uninst.dll
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
microKORG SoundEditor-->MsiExec.exe /X{EB091860-8C2B-4E49-A543-666373C39E6F}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Age of Empires II-->"E:\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive CD Sampler-->C:\UNWISE.EXE C:\Sampler7.LOG
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Microsoft Word 97 Time Mgmt Wizard Pack (Remove only)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wdtmgmt.inf, Uninstall.NT
Movavi Video Converter 6-->MsiExec.exe /I{6A750221-B84D-419D-B11C-5F597FDBA826}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (2.0.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Entertainment Download Troubleshooter-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{07B02BD4-E799-4945-B240-166CA9A9BE2D} /l1033
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Musicnotes Player V1.23.1 and Viewer-->"C:\Program Files\Musicnotes\Player\unins000.exe"
MySQL Connector/ODBC 3.51-->C:\WINDOWS\SYSTEM32\UNWISE.EXE C:\WINDOWS\SYSTEM32\myodbc3_install.LOG
Myst IV - Revelation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9
nanoPEG-Editor 2.2 Hauppauge Edition-->"C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
NEC-Mitsubishi NaViSet-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}
NetAccountability-->C:\WINDOWS\System32\nak.exe -u
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton Ghost-->MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}
NovaBACKUP-->MsiExec.exe /I{372FB8CA-E690-4FB2-B2DB-649768691561}
NovaBACKUP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C3B9465-E882-11D3-BF71-00C04FA0D6AE}\setup.exe" -L0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 3.4-04-16-16-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-04-16-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26C849AB-1865-412D-B87D-B18BC5CB6C60}\setup.exe" -l0x9 UNINSTALL
Opera 9.10-->MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Personal Color Viewer 2.0-->MsiExec.exe /I{B3E3EAEC-A20E-48EE-B161-A43B552D5465}
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
PolderbitS Sound Recorder and Editor-->"C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
QTam Bitmap to Icon 3.5-->"E:\Program Files\QTam\Bitmap to Icon 3.5\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Ray Dream Studio v5.0-->C:\WINDOWS\uninst.exe -f"c:\program files\RayDream\DeIsL1.isu"
Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
REALmagic Hollywood Plus-->C:\WINDOWS\IsUninst.exe -fC:\REALmagc\Uninst.isu -c"C:\REALmagc\rmset.dll
Red Alert Windows 95-->C:\WINDOWS\RAUNINST.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\REDALERT\DEISL1.ISU
Roxio Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Roxio Easy Media Creator 7-->MsiExec.exe /I{89818D7D-C128-4DC2-8DC8-326DC904969C}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SCRABBLE-->C:\PROGRA~1\HASBRO\SCRABB~1\UNWISE.EXE /U C:\PROGRA~1\HASBRO\SCRABB~1\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\Install.log
Sid Meier's Alpha Centauri-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu"
SimCity 3000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
SnapStream Beyond TV 4.6.1-->"C:\Program Files\SnapStream Media\Beyond TV\uninstall-btv.exe"
SnapStream Firefly Mini 1.0.2-->"C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
Solid Oak Software WhatsMyDNS 1.8.2.23-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\Solid Oak Software\WhatsMyDNS\Deploy.log"
Sonic CinePlayer MPEG Combo Pack-->MsiExec.exe /I{17F44736-17BF-4ACE-910E-A743C5D55129}
Sound Blaster PCI128-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Creative\CTSND\DeIsL1.isu"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperDVD Player V4.0-->"C:\Program Files\MasterSoft\unins000.exe"
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Ten Thumbs 4.3-->MsiExec.exe /I{312DFE8A-7B3A-41D4-AB00-52ACDB05ABE2}
Ten Thumbs Typing Tutor-->MsiExec.exe /X{28638102-02DB-43C5-9358-7596ED0FCBC2}
TPP Storage Class Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{179C8887-E768-4FF6-9008-1F665AD9F6FC}\Setup.exe" NotFirstIntall
TrayDay-->C:\PROGRA~1\TRAYDAY\Uninstall.exe C:\PROGRA~1\TRAYDAY\Install.log
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
Tweaki...for Power Users-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AE4702-5C47-43BB-BDD6-21C84D086B82}\setup.exe"
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB 2.0 Host Controller Driver-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\GIGABYTE\USB 2.0 Host Controller Driver\Uninst.isu" -c"C:\Program Files\GIGABYTE\USB 2.0 Host Controller Driver\uninst.dll"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Redist Package-->MsiExec.exe /I{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}
VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"E:\PROGRA~1\WINZIP\winzip32.exe" /uninstall
WordPerfect Office 2002-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002-->MsiExec.exe /I{A0B295C3-FD3C-11D4-A811-0090279106C3}
Wtcc II-->C:\PROGRA~1\WTCC2\UNWISE.EXE C:\PROGRA~1\WTCC2\INSTALL.LOG
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======System event log======

Computer Name: DAVEHOME
Event Code: 7000
Message: The ATI WDM Specialized MVD Codec service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 802605
Source Name: Service Control Manager
Time Written: 20090201155951.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 7000
Message: The ATI WDM Specialized MVD Codec service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 802568
Source Name: Service Control Manager
Time Written: 20090131093847.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0060B31CC114. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 802562
Source Name: Dhcp
Time Written: 20090131093828.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 7000
Message: The ATI WDM Specialized MVD Codec service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 802528
Source Name: Service Control Manager
Time Written: 20090127211231.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0060B31CC114. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 802510
Source Name: Dhcp
Time Written: 20090126211403.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833781
Source Name: CYBERsitter
Time Written: 20090319173259.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833780
Source Name: CYBERsitter
Time Written: 20090319173159.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833779
Source Name: CYBERsitter
Time Written: 20090319173059.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833778
Source Name: CYBERsitter
Time Written: 20090319172959.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833777
Source Name: CYBERsitter
Time Written: 20090319172859.000000-240
Event Type: error
User: DAVEHOME\David Wilson

======Environment variables======

"BLASTER"=A220 I7 D1 H7 P330 T6
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\PROGRA~1\MICROS~5\Office;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG;E:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0800
"PROMPT"=$p$g
"TEMP"=C:\WINDOWS\TEMP
"TMP"=C:\WINDOWS\TEMP
"winbootdir"=C:\WINDOWS
"windir"=C:\WINDOWS
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
 
Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Much better!!

ComboFix 09-04-23.02 - David Wilson 04/22/2009 18:53.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1107 [GMT -4:00]
Running from: c:\documents and settings\David Wilson\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dds.pif
c:\windows\IE4 Error Log.txt
c:\windows\jestertb.dll
c:\windows\system32\bnrfil.dll
c:\windows\system32\bsnlst.dll
c:\windows\system32\igefil.dll
c:\windows\system32\lastupdate.dll
c:\windows\system32\macfil.dll
c:\windows\system32\nfil.dll
c:\windows\system32\picsfil.dll
c:\windows\system32\snetfil.dll
c:\windows\system32\srchfrgn.dll
c:\windows\system32\srchout.dll
c:\windows\vaseo.lex
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-22 01:22 . 2009-04-22 01:22 2709 ----a-w c:\windows\system32\co32andlo.dat
2009-04-20 23:43 . 2009-04-20 23:43 -------- d-----w C:\rsit
2009-04-20 22:47 . 2009-04-20 22:47 2709 ----a-w c:\windows\system32\gapiyshe.dat
2009-04-20 01:14 . 2009-04-20 01:14 2709 ----a-w c:\windows\system32\cocoerrfo.dat
2009-04-19 22:34 . 2009-04-19 22:29 360021 ----a-w C:\something.scr
2009-04-19 22:13 . 2009-04-19 22:13 2709 ----a-w c:\windows\system32\orptofo.dat
2009-04-18 14:09 . 2009-04-18 14:09 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 04:21 . 2009-04-18 04:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 01:04 . 2009-04-18 01:04 -------- d-----w c:\documents and settings\David Wilson\Application Data\Malwarebytes
2009-04-18 01:04 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-18 01:04 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-18 01:04 . 2009-04-18 01:04 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-17 23:53 . 2009-04-17 23:53 66 ----a-w c:\windows\wininit.ini
2009-04-17 12:22 . 2009-04-17 12:22 -------- d-----w C:\!KillBox
2009-04-17 01:53 . 2009-04-17 01:53 184304 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 01:42 . 2009-04-17 01:42 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Seven Zip
2009-04-17 01:28 . 2009-04-17 01:28 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-17 01:28 . 2009-04-17 01:28 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-17 01:19 . 2009-04-17 01:19 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Seven Zip
2009-04-17 01:18 . 2009-04-17 01:18 -------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-04-17 01:18 . 2009-04-17 01:18 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-04-17 01:00 . 2009-04-17 01:00 -------- d-----w c:\documents and settings\All Users\Application Data\{A21E413E-98CC-4ABB-9843-E6AA4F456F61}
2009-04-17 00:59 . 2009-04-17 00:59 -------- d-----w c:\documents and settings\David Wilson\Local Settings\Application Data\Seven Zip
2009-04-14 18:33 . 2009-04-15 01:39 2709 ----a-w c:\windows\system32\dllto32to.dat
2009-04-14 13:44 . 2009-04-14 13:44 -------- d-----w C:\fixwareout
2009-04-14 01:57 . 2009-04-14 01:57 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\NovaStor
2009-04-14 01:09 . 2009-04-14 01:09 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 22:58 . 2008-10-11 18:01 1024 ---h--w C:\diskfile1
2009-04-22 22:58 . 2008-10-11 17:52 16896 ---h--w C:\logicinf.bin
2009-04-18 21:54 . 2003-10-25 14:41 40654 ----a-w C:\winzip.log
2009-04-18 18:49 . 2009-04-18 18:49 -------- d-----w c:\program files\ERUNT
2009-04-18 18:32 . 2009-04-18 18:11 722 ----a-w C:\aaw7boot.log
2009-04-18 04:21 . 2009-04-18 04:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-18 01:04 . 2009-04-18 01:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 13:40 . 2009-04-14 13:40 -------- d-----w c:\program files\Trend Micro
2009-04-14 01:09 . 2009-04-14 01:09 -------- d-----w c:\program files\AVG
2009-03-07 13:20 . 2009-03-07 13:20 -------- d-----w c:\program files\RayDream
2009-02-09 11:13 . 2008-10-14 21:51 1846784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2009-02-09 11:13 . 2001-08-23 16:00 1846784 ------w c:\windows\SYSTEM32\win32k.sys
2008-12-16 23:23 . 2008-12-16 23:23 726008 ----a-w c:\documents and settings\David Wilson\gotomypc_438.exe
2008-11-06 16:33 . 2008-03-15 15:11 726008 ----a-w c:\documents and settings\David Wilson\gotomypc_437.exe
2008-10-11 15:27 . 2004-10-06 03:17 184304 ----a-w c:\documents and settings\David Wilson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-03-11 03:02 . 2008-03-11 03:02 311752 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2005-01-15 03:17 . 2005-01-15 03:17 135 ----a-w c:\documents and settings\David Wilson\Local Settings\Application Data\fusioncache.dat
2001-11-06 04:23 . 2000-05-13 03:43 266 --sh--w c:\program files\desktop.ini
2001-11-06 04:23 . 2000-05-13 03:43 11079 ---h--w c:\program files\folder.htt
2001-01-19 16:04 . 2005-02-06 20:12 21841 ----a-w c:\program files\Common Files\tppupd2k.dll
2001-01-19 15:04 . 2002-02-24 01:38 21329 ------w c:\program files\Common Files\tppupd98.dll
2007-10-09 05:2005-04-28 02:53 33:30 . c:\program files\mozilla firefox\components\jar50.dll
2007-10-09 05:2005-04-28 02:53 33:30 . c:\program files\mozilla firefox\components\jsd3250.dll
2007-10-09 05:2007-10-20 14:31 33:32 . c:\program files\mozilla firefox\components\myspell.dll
2007-10-09 05:2007-10-20 14:31 33:32 . c:\program files\mozilla firefox\components\spellchk.dll
2007-10-09 05:2005-04-28 02:53 33:32 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-04 19:44 . 2008-10-04 19:44 32768 --sha-w c:\windows\SYSTEM32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100420081005\index.dat
2001-11-13 14:18 . 2001-11-13 14:18 8 --sh--w c:\windows\All Users\DRM\pdrm.dat
2008-05-19 02:07 . 2008-05-19 02:07 0 --sha-w c:\windows\All Users\DRM\Cache\Indiv02.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"PRISMSVR.EXE"="c:\windows\system32\PRISMSVR.EXE" [2004-04-13 290905]
"C2K"="c:\windows\CYB2K.EXE" [2007-07-24 3163648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-14 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-14 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2007-02-14 1622016]

c:\documents and settings\David Wilson\Start Menu\Programs\Startup\
TrayDay.lnk - c:\program files\TrayDay\TrayDay.exe [2003-12-6 204800]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - e:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2002-9-25 156160]
2Wire Wireless Client.lnk - c:\program files\2Wire 802.11g Wireless\PRISMCFG.exe [2007-8-18 335979]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "e:\program files\EUDORA\EUSHLEXT.DLL" [2005-11-14 86016]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
backup=c:\windows\pss\CorelCENTRAL 10.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FastCheck Monitoring Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\FastCheck Monitoring Utility.lnk
backup=c:\windows\pss\FastCheck Monitoring Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^David Wilson^Start Menu^Programs^Startup^Dialog Box Assistant.lnk]
path=c:\documents and settings\David Wilson\Start Menu\Programs\Startup\Dialog Box Assistant.lnk
backup=c:\windows\pss\Dialog Box Assistant.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^David Wilson^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"EnsoniqMixer"=starter.exe
"AtiPTA"=Atiptaxx.exe
"AtiCwd32"=Aticwd32.exe
"AtiQiPcl"=AtiQiPcl.exe
"POINTER"=point32.exe
"LoadQM"=loadqm.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"QuickTime Task"=e:\program files\QuickTime\qttask.exe
"MMTray"=d:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Cyb2k.exe"=
"e:\\Program Files\\GetRight\\getright.exe"=
"e:\\Age of Empires II\\Age2_X1\\AGE2_X1.ICD"=
"e:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\Doppler 10 Pinpoint Alert\\TrueWeather.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"e:\\Program Files\\ICQ\\Icq.exe"=
"e:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"f:\\Program Files\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVWebServiceProxy.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 efbDisk;efbDisk; [x]
R2 Backup Scheduler;Backup Scheduler;c:\program files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe [2008-06-17 98304]
R3 ati2mpaa;ati2mpaa;c:\windows\system32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
R3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
R3 DDCCI;DDC/CI monitor;c:\windows\system32\DRIVERS\Moni2c.sys [2003-03-30 6494]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
R3 zremote;zremote;c:\windows\system32\drivers\zremote.sys [2004-03-01 10368]
S0 amdagp10;AMD IG AGP Bus Filter;c:\windows\System32\DRIVERS\amdagp10.sys [2000-06-27 22994]
S0 dcsnap;dcsnap; [x]
S0 fasttrak;fasttrak;c:\windows\system32\DRIVERS\fasttrak.sys [2002-05-23 70656]
S1 DCDisk;DCDisk; [x]
S1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2003-12-17 5632]
S2 NsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\NovaStor\NovaStor NovaBACKUP\NsService.exe [2008-06-17 207936]
S2 Real time Backup Loader;Real time Backup Loader;c:\program files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe [2008-06-17 93248]
S3 4mmdat;4mmdat;c:\windows\system32\DRIVERS\4mmdat.sys [2008-04-13 12288]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2de2786-6cdd-11db-97eb-00045a68bf2f}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\Uninstall Expiration Reminder.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-01-09 00:12]

2009-04-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
HKCU-Run-LDM - \Program\BackWeb-8876480.exe
HKCU-Run-WPCycle.exe - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/index.html
mStart Page = hxxp://my.yahoo.com/index.html
IE: Download with GetRight - e:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Open with GetRight Browser - e:\program files\GetRight\GRbrowse.htm
LSP: c:\windows\system32\lspcs.dll
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\SYSTEM\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} - hxxp://www.live365.com/players/p365vip.cab
DPF: {5197842F-0557-48AE-9552-7594F7C98F04} - hxxp://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 18:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8066BAB-BCF1-46CA-D8AA-605D8DE00F6D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{210BD7C7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*]
"KGHQ1WVPMWYCTK5FHYUB2KQRGA1"=hex:01,00,01,00,00,00,00,00,61,e9,6d,81,db,39,d8,
7a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{945169D7-C27E-315B-97A3E6913A1C7622}\{06C63AB7-5C18-FA8E-E5D32118C99A5B59}\{F7BD6AFF-A45B-6FB8-BB91AB79C0A3DA53}*]
"KGHQ1WVPMWYCTK5FHYUB2KQRGA1"=hex:01,00,01,00,00,00,00,00,61,e9,6d,81,db,39,d8,
7a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}*]
"KGHQ1WVPMWYCTK5FHYUB2KQRGA1"=hex:01,00,01,00,00,00,00,00,61,e9,6d,81,db,39,d8,
7a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF11F383-757D-CF48-6D213AC2BB6130AD}\{12507465-D6D8-AFB1-97ED5D21195D77D5}\{90E47118-DD98-E716-1AABCD138C042D55}*]
"KGHQ1WVPMWYCTK5FHYUB2KQRGA1"=hex:01,00,01,00,00,00,00,00,61,e9,6d,81,db,39,d8,
7a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2F43379-985D-E7AE-2F5BD6B18999A07F}\{64C9A7C2-676E-3AEC-13AF6B278F65FD89}\{7B815B3C-162E-096A-EBEBEFD33B1AE416}*]
"KGHQ1WVPMWYCTK5FHYUB2KQRGA1"=hex:01,00,01,00,00,00,00,00,61,e9,6d,81,db,39,d8,
7a,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(628)
c:\windows\system32\lspcs.dll

- - - - - - - > 'explorer.exe'(1240)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\lspcs.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
c:\program files\Promise\FastTrak\FtrakSvc.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-04-22 19:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 23:01

Pre-Run: 31,939,166,208 bytes free
Post-Run: 32,058,310,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

298 --- E O F --- 2009-03-15 07:03

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:06 PM, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\cyb2k.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\TrayDay\TrayDay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\cyb2k.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://gulllake.gospelcom.net/unsecure/other_media/views/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/ocx/PasswordReset.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3518.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3518.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\Program Files\Promise\FastTrak\FtrakSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 10980 bytes
 
Hi again,


Generate an Uninstall List

* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.


Upload following files to

Start hjt, do a system scan, check (if found):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Close browsers and fix checked.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?t=47863&page=2

Collect::
c:\windows\system32\co32andlo.dat
c:\windows\system32\gapiyshe.dat
c:\windows\system32\cocoerrfo.dat
c:\windows\system32\orptofo.dat
c:\windows\system32\dllto32to.dat

Driver::
efbDisk
dcsnap
DCDisk

File::
C:\diskfile1
C:\logicinf.bin

RegLock::
[HKEY_USERS\$$$\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E8066BAB-BCF1-46CA-D8AA-605D8DE00F6D}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{210BD7C7-47ED-BBE9-95D0F9FAA3BD0E97}\{C5D4C247-F1D1-D183-A63FC2DFAAC29AA3}\{B55B3474-A2E6-F6F7-4AD088E6434601A2}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{945169D7-C27E-315B-97A3E6913A1C7622}\{06C63AB7-5C18-FA8E-E5D32118C99A5B59}\{F7BD6AFF-A45B-6FB8-BB91AB79C0A3DA53}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A73A7B6D-D5C7-2D01-6A3ED58A203D5FEA}\{958FE6C0-B367-4AD6-C310294BFC5DB709}\{E2E9EAF6-387C-4947-07B2C800F4ACC9F3}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BF11F383-757D-CF48-6D213AC2BB6130AD}\{12507465-D6D8-AFB1-97ED5D21195D77D5}\{90E47118-DD98-E716-1AABCD138C042D55}*]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F2F43379-985D-E7AE-2F5BD6B18999A07F}\{64C9A7C2-676E-3AEC-13AF6B278F65FD89}\{7B815B3C-162E-096A-EBEBEFD33B1AE416}*]


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You will be asked to submit some samples. Please follow the given instructions.
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.
 
Followed instructions as posted. Combo fix ran a scan (including deleting a few files and rebooted the computer. The result was a STOP error. I tried rebooting three times including turning the machine off and on. I also attempted to boot into safe mode. Each time gave the following:


A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:

*** STOP: 0x0000007B (0xF789E528,0xc0000034,0x00000000,0x00000000)
 
Hi

We need to enter recovery console. Select Microsoft Windows Recovery Console -option in boot menu

After logging onto the Recovery Console, type each of the lines (press enter after each):

CD ERDNT
BATCH CFRECOVERY.BAT
BATCH CF_UNDO.BAT

After that type EXIT to exit Recovery Console. See if you can reboot now.
 
ummmm...

Choosing the recovery console option in the boot menu was not successful. Screen went black, HD ran intensivly for a few seconds and returned to the OS selection screen. Attempted repeated times with the same result. Safe mode and full boot continue to give the stop screen.

Booted from the XP install CD and chose console option. My main drive is built on a RAID driven by the motherboard. A directory listing of the C drive in the recovery console showed no files. Going to have to find the RAID driver disc (or download), reattach my floppy drive (hope it still works) and load that driver with the recovery console from the CD before continuing.

Nothing is ever easy.

Any suggestions would be appreciated.

RAID: Promise Technology MB Fast Trak 133 "lite" BIOS Version - is what I see during the boot process.
 
Hi

RAID makes this more complicated. Do you have driver floppy around? If not, driver should be found on motherboard manufacturer's web site.

When recovery console loads you should immediately press F6 to run that RAID driver from floppy (like when installing Windows).
 
Successfully booted into recovery console from XP installation CD loading driver for the RAID from a floppy.

CD ERDNT worked and the first batch file worked, but the second batch file didn't exist in the directory.

Booting into windows took longer but ultimatly still gave the blue STOP screen error... same as before.

Does it make any difference that the recovery console mounts my main windows drive as e instead of c because of the RAID?

Discovered something odd... the CFrecovery.bat file was generated 4/22 6:56pm, but my recovery point was saved 4/23 in the evening. There is a directory called subs which seems to have a series of files which have the right time stamp for my backup.... as do the files in autobackup\4-23-2009. Are the batch files generic files that could be copied from a floppy into the directory and executed (he asked hopefully...).
 
Hi

I think the drive appears as drive e: cos recovery console was launched from cd. That shouldn't affect here.

After logging onto the Recovery Console, type each of the lines (press enter after each):
CD ERDNT
BATCH CFRECOVERY.BAT

Then go to subs folder by giving command:
CD SUBS

In that folder should be ERDNT.CON file. Run following command:
BATCH ERDNT.CON

Then type EXIT to restart the machine.
 
The ERDNT.CON file had all references to the c drive in it... so I manually executed each command in the batch file substituting the e drive for the c drive and rebooted. Windows still gave me the error.

I then copied the ERDNT.CON file to another computer - edited the file to change all reference of the c drive to the e drive moved it back to the infected machine... and executed the batch.

Same result.

ERDNT seems to have created a daily back-up as there is a series of directories named Autobackup with successive dates. My thought was to try and work backwards through successive dates to see if I can get Windows to come back up. My fear is that ComboFix deleted something Windows wants (I remember seeing the dialog box mention a few files it deleted - 4 I think) and this process will be futile since those important files are gone.

However, I'm hopeful that we will still find a solution through this mess.

One other note - when this happened, I drug the script file you provided over the ComboFix.exe icon to execute it... the first message I received was that ComboFix had a new version available so I updated it. Then it said ComboFix was restarting and went through the scan that has rendered Windows unbootable. Is it possible that when it restarted, it didn't follow your script and just ran a normal diagnostic?

I don't know if that's helpful but wanted to provide you with as much detail as possible to try and find a solution.
 
You must log in or register to reply here.
Back
Top