smitfraud

C

cobra1

New member
i have virus called smitfraud c coreservice that spybot wont remove.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:53 PM, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Volume Control\Volume Control.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Documents and Settings\nancy\lsass.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\nancy\Desktop\utorrent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Twain\Twain.exe
C:\Documents and Settings\nancy\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\nancy\Application Data\Microsoft\Windows\pufnqx.exe
C:\DOCUME~1\nancy\APPLIC~1\FNTS~1\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/mic...update.microsoft.com/microsoftupdate&ln=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = cobra
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VolControl] C:\Program Files\Volume Control\Volume Control.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [flockbox] F:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\nancy\lsass.exe
O4 - HKLM\..\Run: [{52bbc8da-ec77-26b2-4e49-c97178c95e6a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brqoqoomirrfxziva.dll" DllStub
O4 - HKLM\..\Run: [a496ad42] rundll32.exe "C:\WINDOWS\system32\opnlLeDu.dll",b
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\nancy\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\nancy\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\nancy\Application Data\Microsoft\Windows\pufnqx.exe
O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\nancy\APPLIC~1\FNTS~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - HKCU\..\Run: [iqoz] C:\Program Files\InetGet2\stub109_4_0_4_0.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {9F9E33E8-0F27-4A98-9C61-940FDFE31DC2} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://free-game-downloads.mosw.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219878245281
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL goojpq.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9868 bytes
 
Hi cobra1

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
Then we use this:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
 
also when all this started i got a message from windows security alerts saying authentium firewall and antivirus was out of date when i have never even had authentim
thanks
Logfile of random's system information tool 1.02 (written by random/random)
Run by nancy at 2008-09-27 20:04:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 54 GB (71%) free of 76 GB
Total RAM: 247 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:53 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Volume Control\Volume Control.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
C:\Documents and Settings\nancy\lsass.exe
C:\Documents and Settings\nancy\Desktop\utorrent.exe
C:\Program Files\Twain\Twain.exe
C:\WINDOWS\system32\mC02\mC022328.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Documents and Settings\nancy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nancy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = cobra
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {05EEDBFD-EA8F-4995-A928-6B421DFB172B} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: bambanner browser enhancer - {20b06176-3681-dc3c-476e-239617fb5aba} - C:\WINDOWS\system32\brqoqoomirrfxziva.dll
O2 - BHO: (no name) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: (no name) - {5D55FE1E-83E5-4DCC-8275-93E02E921A33} - C:\WINDOWS\system32\urqPfGAp.dll
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7F86C548-8046-4A4D-BB63-73DD15868F4A} - (no file)
O2 - BHO: (no name) - {9579D574-D4D8-4335-9560-FE8641A013BD} - (no file)
O2 - BHO: (no name) - {B40FDC41-705E-4522-A804-FEB9DBB123A3} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: {5377365d-4e3c-c368-2274-5263ed76b8bc} - {cb8b67de-3625-4722-863c-c3e4d5637735} - C:\WINDOWS\system32\bmqbnd.dll
O2 - BHO: (no name) - {DA2E0515-F0D5-4773-8191-400CCD50783B} - C:\WINDOWS\system32\ddCSMDtR.dll
O2 - BHO: (no name) - {DD6962B9-D871-4AC5-B2F6-06CD654A360D} - (no file)
O2 - BHO: (no name) - {E586C5FF-E734-4984-95FF-92BC87AC75EF} - (no file)
O2 - BHO: (no name) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - (no file)
O2 - BHO: (no name) - {EBDD2E69-2FB9-4B0D-AC49-D63883857DFA} - (no file)
O2 - BHO: (no name) - {EF8DFF1A-05E9-456F-9387-4EDE47EDFEA5} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [VolControl] C:\Program Files\Volume Control\Volume Control.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [flockbox] F:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\nancy\lsass.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [{52bbc8da-ec77-26b2-4e49-c97178c95e6a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\brqoqoomirrfxziva.dll" DllStub
O4 - HKLM\..\Run: [BMa7a59ede] Rundll32.exe "C:\WINDOWS\system32\mvdwvnow.dll",s
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\nancy\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {9F9E33E8-0F27-4A98-9C61-940FDFE31DC2} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://free-game-downloads.mosw.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219878245281
O17 - HKLM\System\CCS\Services\Tcpip\..\{5381478A-BFC0-4AAF-9FBC-EE4FE4B8714B}: NameServer = 207.69.188.185 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{5381478A-BFC0-4AAF-9FBC-EE4FE4B8714B}: NameServer = 207.69.188.185 207.69.188.186
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ednwqa.dll nijfhj.dll bmqbnd.dll
O20 - Winlogon Notify: ddCSMDtR - C:\WINDOWS\SYSTEM32\ddCSMDtR.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10797 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEDBFD-EA8F-4995-A928-6B421DFB172B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{206E52E0-D52E-11D4-AD54-0000E86C26F6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20b06176-3681-dc3c-476e-239617fb5aba}]
bambanner browser enhancer - C:\WINDOWS\system32\brqoqoomirrfxziva.dll [2008-08-29 166400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D55FE1E-83E5-4DCC-8275-93E02E921A33}]
C:\WINDOWS\system32\urqPfGAp.dll [2008-09-22 284672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]
OIN Analytics - C:\Program Files\OINAnalytics\OINAnalytics.dll [2008-09-12 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F86C548-8046-4A4D-BB63-73DD15868F4A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B40FDC41-705E-4522-A804-FEB9DBB123A3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb8b67de-3625-4722-863c-c3e4d5637735}]
C:\WINDOWS\system32\bmqbnd.dll [2008-09-27 115200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA2E0515-F0D5-4773-8191-400CCD50783B}]
C:\WINDOWS\system32\ddCSMDtR.dll [2008-09-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD6962B9-D871-4AC5-B2F6-06CD654A360D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E586C5FF-E734-4984-95FF-92BC87AC75EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBDD2E69-2FB9-4B0D-AC49-D63883857DFA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF8DFF1A-05E9-456F-9387-4EDE47EDFEA5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2005-03-03 173136]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} - FreshDownload Bar - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll []
{9FB3908C-6565-4CB0-95F8-E9F85258723C}
{014DA6C9-189F-421a-88CD-07CFE51CFF10}
{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A960"=C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe [2003-09-21 270336]
"VolControl"=C:\Program Files\Volume Control\Volume Control.exe [2007-01-24 102400]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"CyberLat Ram Cleaner"=C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1 []
"flockbox"=F:\My Lockbox\flockbox.exe /a []
"MRT"=C:\WINDOWS\system32\MRT.exe [2008-08-05 15888504]
"LSA Shellu"=C:\Documents and Settings\nancy\lsass.exe [2008-06-15 52224]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"{52bbc8da-ec77-26b2-4e49-c97178c95e6a}"=C:\WINDOWS\system32\brqoqoomirrfxziva.dll [2008-08-29 166400]
"BMa7a59ede"=C:\WINDOWS\system32\mvdwvnow.dll [2008-09-27 105984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\nancy\Desktop\utorrent.exe [2008-08-13 267056]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Twain"=C:\Program Files\Twain\Twain.exe [2008-09-19 60928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ednwqa.dll nijfhj.dll bmqbnd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddCSMDtR]
C:\WINDOWS\system32\ddCSMDtR.dll [2008-09-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll []
"{DA2E0515-F0D5-4773-8191-400CCD50783B}"=C:\WINDOWS\system32\ddCSMDtR.dll [2008-09-18 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqPfGAp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\K1RFD\EchoLink\EchoLink.exe"="C:\Program Files\K1RFD\EchoLink\EchoLink.exe:*:Enabled:EchoLink"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Program Files\Freeciv-2.0.9-gtk2\civserver.exe:*:Enabled:civserver"
"C:\Documents and Settings\Nancy_2\Desktop\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Documents and Settings\Nancy_2\Desktop\Freeciv-2.0.9-gtk2\civserver.exe:*:Disabled:civserver"
"C:\Documents and Settings\nancy\Desktop\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Documents and Settings\nancy\Desktop\Freeciv-2.0.9-gtk2\civserver.exe:*:Enabled:civserver"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\WinMX Music\WinMX Music.exe"="C:\Program Files\WinMX Music\WinMX Music.exe:*:Enabled:WinMX Music"
"C:\ClonkPlanet\clonk.c4x"="C:\ClonkPlanet\clonk.c4x:*:Enabled:Clonk Engine"
"C:\Program Files\Globulation_2\glob2.exe"="C:\Program Files\Globulation_2\glob2.exe:*:Enabled:glob2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"F:\Freeciv-2.1.4-gtk2\civserver.exe"="F:\Freeciv-2.1.4-gtk2\civserver.exe:*:Enabled:civserver"
"C:\Documents and Settings\nancy\Desktop\utorrent.exe"="C:\Documents and Settings\nancy\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\nancy\Desktop\KMIVBR2\KMI.Cstore.exe"="C:\Documents and Settings\nancy\Desktop\KMIVBR2\KMI.Cstore.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-09-27 20:04:33 ----D---- C:\rsit
2008-09-27 18:25:22 ----SH---- C:\WINDOWS\system32\blvxsasx.ini
2008-09-27 18:24:12 ----A---- C:\WINDOWS\system32\xsasxvlb.dll
2008-09-27 18:23:09 ----A---- C:\WINDOWS\system32\bmqbnd.dll
2008-09-27 18:22:25 ----A---- C:\WINDOWS\system32\mxovlqmp.dll
2008-09-27 18:21:00 ----A---- C:\WINDOWS\system32\mvdwvnow.dll
2008-09-27 17:19:56 ----A---- C:\WINDOWS\system32\vtULcbaY.dll
2008-09-27 17:19:56 ----A---- C:\WINDOWS\system32\byXOefgh.dll
2008-09-27 17:16:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 16:11:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-26 19:33:58 ----A---- C:\WINDOWS\system32\cpfitt.dll
2008-09-26 19:32:35 ----A---- C:\WINDOWS\system32\enyauakw.dll
2008-09-26 19:31:39 ----SH---- C:\WINDOWS\system32\kihvhbxk.ini
2008-09-26 19:28:27 ----A---- C:\WINDOWS\system32\wjlojfjv.dll
2008-09-25 20:22:49 ----SH---- C:\WINDOWS\system32\kycnkbuh.ini
2008-09-25 20:21:22 ----A---- C:\WINDOWS\system32\wvznag.dll
2008-09-25 20:20:12 ----A---- C:\WINDOWS\system32\wixyfius.dll
2008-09-25 20:19:02 ----A---- C:\WINDOWS\system32\ieqrjoxu.dll
2008-09-25 20:14:59 ----ASH---- C:\WINDOWS\system32\pAGfPqru.ini2
2008-09-25 20:14:58 ----ASH---- C:\WINDOWS\system32\pAGfPqru.ini
2008-09-24 22:41:43 ----A---- C:\WINDOWS\system32\tsggzi.dll
2008-09-24 22:41:42 ----A---- C:\WINDOWS\system32\tqmcwvhn.dll
2008-09-24 22:41:41 ----SH---- C:\WINDOWS\system32\wavuosre.ini
2008-09-24 20:57:25 ----SH---- C:\WINDOWS\system32\pxnhabof.ini
2008-09-24 20:57:04 ----A---- C:\WINDOWS\system32\fobahnxp.dll
2008-09-24 20:55:52 ----A---- C:\WINDOWS\system32\kjxmibsl.dll
2008-09-24 18:55:29 ----A---- C:\WINDOWS\system32\nijfhj.dll
2008-09-24 18:55:28 ----A---- C:\WINDOWS\system32\wsfxdmda.dll
2008-09-24 18:53:06 ----SH---- C:\WINDOWS\system32\jkloietj.ini
2008-09-23 21:37:04 ----A---- C:\WINDOWS\system32\brndrybe.dll
2008-09-22 20:34:14 ----A---- C:\WINDOWS\system32\ednwqa.dll
2008-09-22 20:33:27 ----SH---- C:\WINDOWS\system32\cwbxtlmj.ini
2008-09-22 20:33:23 ----A---- C:\WINDOWS\system32\yvtwntxn.dll
2008-09-22 20:32:31 ----A---- C:\WINDOWS\system32\jmltxbwc.dll
2008-09-22 20:30:08 ----A---- C:\WINDOWS\system32\iwrmjrjj.dll
2008-09-22 18:30:05 ----SH---- C:\WINDOWS\system32\raebthhb.ini
2008-09-22 18:29:36 ----N---- C:\WINDOWS\system32\bhhtbear.dll
2008-09-22 18:27:01 ----A---- C:\WINDOWS\system32\oztfvh.dll
2008-09-22 18:26:35 ----A---- C:\WINDOWS\system32\lccncmoj.dll
2008-09-22 18:24:24 ----A---- C:\WINDOWS\system32\qsrfloyf.dll
2008-09-22 18:22:02 ----N---- C:\WINDOWS\system32\urqPfGAp.dll
2008-09-22 18:07:05 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-22 18:06:20 ----A---- C:\rapport.txt
2008-09-21 18:52:15 ----SH---- C:\WINDOWS\system32\uDeLlnpo.ini
2008-09-21 18:51:53 ----A---- C:\WINDOWS\system32\ssqNEvtu.dll
2008-09-21 18:50:52 ----A---- C:\WINDOWS\system32\etlxsoup.dll
2008-09-21 18:50:33 ----A---- C:\WINDOWS\system32\goojpq.dll
2008-09-21 18:49:48 ----A---- C:\WINDOWS\system32\vxogrlwk.dll
2008-09-21 18:47:36 ----A---- C:\WINDOWS\system32\mvvehpph.dll
2008-09-21 00:02:12 ----A---- C:\WINDOWS\system32\rqRHyvSI.dll
2008-09-21 00:02:11 ----A---- C:\WINDOWS\system32\byXPJbyv.dll
2008-09-20 18:06:25 ----D---- C:\Program Files\Trend Micro
2008-09-19 19:51:39 ----SH---- C:\Program Files\Common Files\Yazzle3050OinUninstaller.exe
2008-09-19 19:51:33 ----D---- C:\Documents and Settings\nancy\Application Data\F?nts
2008-09-19 19:51:05 ----D---- C:\Program Files\OINAnalytics
2008-09-19 19:39:19 ----D---- C:\Documents and Settings\nancy\Application Data\SpeedRunner
2008-09-19 19:34:17 ----D---- C:\Program Files\Twain
2008-09-19 19:29:17 ----D---- C:\Program Files\Webtools
2008-09-19 19:24:19 ----D---- C:\Program Files\Mjcore
2008-09-19 16:51:30 ----A---- C:\WINDOWS\system32\XIlorXyb.tmp
2008-09-19 16:50:24 ----A---- C:\WINDOWS\system32\rqRKARJC.dll
2008-09-19 16:50:24 ----A---- C:\WINDOWS\system32\jkkLBrsP.dll
2008-09-19 16:47:27 ----A---- C:\WINDOWS\system32\gatdyjty.dll
2008-09-19 16:46:53 ----A---- C:\WINDOWS\system32\wqpfyk.dll
2008-09-19 16:44:57 ----A---- C:\WINDOWS\system32\gofjimgd.dll
2008-09-19 16:44:15 ----A---- C:\WINDOWS\system32\hgGabBrQ.dll
2008-09-19 16:44:14 ----A---- C:\WINDOWS\system32\hgGabArr.dll
2008-09-19 16:36:49 ----A---- C:\WINDOWS\pskt.ini
2008-09-19 16:36:43 ----A---- C:\WINDOWS\BMa7a59ede.txt
2008-09-19 16:36:22 ----A---- C:\WINDOWS\system32\cnclcedk.dll
2008-09-18 22:11:20 ----ASH---- C:\WINDOWS\system32\dddJlRCf.ini
2008-09-18 20:41:44 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-09-18 19:25:34 ----A---- C:\WINDOWS\system32\vksify.dll
2008-09-18 19:22:19 ----A---- C:\WINDOWS\system32\suwdajlv.dll
2008-09-18 19:21:41 ----SH---- C:\WINDOWS\system32\XIlorXyb.ini
2008-09-18 19:21:13 ----N---- C:\WINDOWS\system32\byXrolIX.dll
2008-09-18 19:21:12 ----A---- C:\WINDOWS\system32\vtUljKEX.dll
2008-09-18 19:18:57 ----A---- C:\WINDOWS\system32\imomgreb.dll
2008-09-18 19:18:00 ----A---- C:\WINDOWS\system32\afb5693c-.txt
2008-09-18 19:10:42 ----A---- C:\WINDOWS\faceback.exe
2008-09-18 19:09:41 ----A---- C:\WINDOWS\system32\fdzcpfskzdlocog.exe
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\winf
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\UES
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\p
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\np5
2008-09-18 19:04:14 ----D---- C:\WINDOWS\system32\mC02
2008-09-18 19:03:40 ----A---- C:\WINDOWS\system32\vTLddcCu.dll
2008-09-18 19:03:40 ----A---- C:\WINDOWS\system32\ddCSMDtR.dll
2008-09-16 09:56:36 ----A---- C:\WINDOWS\b116.exe
2008-09-12 16:36:13 ----D---- C:\Program Files\Galactic Capitalism
2008-09-12 11:21:12 ----SH---- C:\Program Files\Common Files\Yazzle3050OinAdmin.exe
2008-09-12 08:57:28 ----A---- C:\WINDOWS\b157.exe
2008-09-12 08:37:42 ----A---- C:\WINDOWS\b104.exe
2008-09-12 08:36:52 ----A---- C:\WINDOWS\b103.exe
2008-09-11 06:02:46 ----A---- C:\WINDOWS\b161.exe
2008-09-10 18:27:33 ----D---- C:\SIMLIFE
2008-09-05 19:58:22 ----D---- C:\Program Files\Axon Data
2008-08-31 23:37:42 ----D---- C:\Program Files\Risk
2008-08-31 21:57:14 ----D---- C:\Program Files\Phun
2008-08-30 22:28:24 ----D---- C:\Program Files\Zombie Cow Studios
2008-08-30 20:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-29 08:11:50 ----A---- C:\WINDOWS\system32\brqoqoomirrfxziva.dll
2008-08-28 22:40:49 ----D---- C:\CAESAR
2008-08-28 20:25:34 ----D---- C:\Program Files\VDMSound

======List of files/folders modified in the last 1 months======

2008-09-27 20:04:45 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2008-09-27 20:04:20 ----D---- C:\Documents and Settings\nancy\Application Data\Free Download Manager
2008-09-27 19:58:43 ----D---- C:\Documents and Settings\nancy\Application Data\uTorrent
2008-09-27 18:39:12 ----D---- C:\WINDOWS\system32
2008-09-27 18:25:30 ----D---- C:\WINDOWS\Prefetch
2008-09-27 18:19:30 ----D---- C:\WINDOWS\Temp
2008-09-27 17:16:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-27 17:16:24 ----D---- C:\WINDOWS
2008-09-27 17:16:02 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 12:29:13 ----D---- C:\WINDOWS\Help
2008-09-25 19:51:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-24 22:54:44 ----D---- C:\Documents and Settings\nancy\Application Data\OpenOffice.org2
2008-09-23 20:56:29 ----A---- C:\WINDOWS\dellstat.ini
2008-09-23 20:34:33 ----SHD---- C:\WINDOWS\Installer
2008-09-23 20:33:45 ----DC---- C:\Config.Msi
2008-09-23 20:30:22 ----AC---- C:\WINDOWS\AuthMgr.INI
2008-09-23 20:28:16 ----D---- C:\Program Files\EarthLink TotalAccess
2008-09-22 18:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-22 18:05:40 ----D---- C:\WINDOWS\Desktop
2008-09-21 15:50:58 ----D---- C:\Documents and Settings
2008-09-21 14:04:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-20 23:38:33 ----HD---- C:\WINDOWS\inf
2008-09-20 23:38:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 23:36:02 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:01:45 ----AC---- C:\WINDOWS\wininit.ini
2008-09-20 21:53:24 ----SHD---- C:\System Volume Information
2008-09-20 21:53:24 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 18:06:25 ----D---- C:\Program Files
2008-09-19 19:51:39 ----D---- C:\Program Files\Common Files
2008-09-18 19:09:38 ----D---- C:\temp
2008-09-18 19:03:06 ----A---- C:\WINDOWS\system.ini
2008-09-07 16:33:08 ----D---- C:\WINDOWS\system32\NtmsData
2008-08-30 20:13:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-28 18:04:12 ----D---- C:\Program Files\DOSBox-0.72

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 a3033;a3033; C:\WINDOWS\System32\drivers\a3033.sys [2008-09-18 86144]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\WINDOWS\system32\DRIVERS\ADSFilter.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 apjxlbqm;apjxlbqm; C:\WINDOWS\system32\drivers\apjxlbqm.sys []
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\nancy\LOCALS~1\Temp\oflpydin.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050920.038\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2006-02-03 49536]
S3 VirtualFD;VirtualFD; \??\C:\Documents and Settings\nancy\Desktop\vfd21-050404\vfd.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EarthLinkMonitor;EarthLink Monitor Service; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2005-01-17 822424]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe []

-----------------EOF-----------------

next file
info.txt logfile of random's system information tool 1.02 2008-09-27 20:05:00

======Uninstall list======

1.0-->"C:\Program Files\Carbiz demo\Carbiz\unins000.exe"
AC Circuits Challenge V5-->MsiExec.exe /I{090CC7E3-7AAD-4A79-B9E3-EFC545138A7E}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AQUAZONE "Virtual Aquarium Collection"-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6A9D7C4-1E5B-42FD-98F5-E067A942AEE1}\Setup.exe" -l0x9
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Battle For Troy-->C:\PROGRA~1\BATTLE~2\UNWISE.EXE C:\PROGRA~1\BATTLE~2\INSTALL.LOG
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Ben There, Dan That!-->MsiExec.exe /I{1E2D1B31-C0E0-4663-B50A-1C92F696A09F}
Caesar 1.0-->MsiExec.exe /I{ECAB24D0-E56A-46B1-94AD-40813CC308A6}
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{FF77A242-BC69-4A6D-ACE8-A1A2F2CD0824}
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Clonk Planet-->C:\WINDOWS\system32\GKSUI18.EXE C:\ClonkPlanet\Uninstall4CAA.DAT
Conquest 3.1-->"C:\Program Files\Conquest\unins000.exe"
CyberLat RAM Cleaner 1.1.3-->"C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\unins000.exe"
DC Circuits Challenge V5-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ETCAI Products\DC Circuits Challenge V5\DeIsL1.isu" -c"C:\Program Files\ETCAI Products\DC Circuits Challenge V5\_ISREG32.DLL"
Dell AIO Printer A960-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBFUN5C.EXE -dDell AIO Printer A960
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EarthLink Software-->"C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
EarthLink Toolbar-->MsiExec.exe /X{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}
Enhancement Browser Tools Bambanner-->C:\WINDOWS\system32\fdzcpfskzdlocog.exe
Free Download Manager 2.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Freeciv 2.0.9 (GTK+ client)-->"C:\Program Files\Freeciv-2.0.9-gtk2\uninstall.exe"
F-Strippoker-->C:\Program Files\F-Strippoker\uninstall.exe
Galactic Capitalism-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Galactic Capitalism\ST5UNST.LOG"
Galcon 1.0-->"C:\Program Files\Galcon\unins000.exe"
GameBiz 2 Uninstall-->"C:\Program Files\GameBiz2\unins000.exe"
Globulation 2-->C:\Program Files\Globulation_2\glob2win32-uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GTK+ 2.8.18-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Guerrilla War-->C:\Program Files\Guerrilla War\uninstall.exe
Hallmark Card Studio Special Edition-->MsiExec.exe /I{563FE39E-B4D7-4DC0-B443-97313128AEC0}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Lemonade Tycoon 2-->"C:\Program Files\Lemonade Tycoon 2\unins000.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mall Tycoon-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Take2 Interactive\Mall Tycoon\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator for Windows 95-->"C:\Program Files\Microsoft Games\FS95\UNINSTAL.EXE" /runtemp
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Multisim 2001 Textbook Edition-->C:\WINDOWS\IsUninst.exe -fC:\Multisim\Uninst.isu
Multisim sample circuits-->C:\WINDOWS\IsUninst.exe -fC:\Multisim\Samples\Msmsamp.isu
Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Nuclear Power 1.3-->C:\Program Files\Nuclear Power\uninst.exe
OIN Analytics-->C:\Program Files\OINAnalytics\Uninstall.exe
Omega M-17 Standard-->C:\PROGRA~1\M17\UNWISE.EXE C:\PROGRA~1\M17\INSTALL.LOG
OpenOffice.org 2.3-->MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Paint.NET v3.10-->MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}
Phun beta 4.22-->"C:\Program Files\Phun\unins000.exe"
Power Supply Challenge-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ETCAI Products\Power Supply Challenge\DeIsL1.isu" -c"C:\Program Files\ETCAI Products\Power Supply Challenge\_ISREG32.DLL"
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Prison Tycoon-->C:\Program Files\Prison Tycoon\data\gvnUninstaller.exe
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Salient: Supply & Command-->F:\Salient\Uninstall.exe
School Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CFFE053-748A-44DC-A248-06EA38E4BC03}\setup.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926247)-->"C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
SimCity 2000-->MsiExec.exe /I{8D52E0F9-17A0-493B-8692-937381DDB62B}
Sk8Park-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Sk8Park\ST5UNST.LOG"
Sk8park2-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Sk8park2\ST5UNST.LOG"
Solar Wars v1.40-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Solar Wars\ST6UNST.LOG"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Space MAX 1.0-->"C:\Program Files\SpaceMAX\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
T.H.U.G.S.-->"C:\Program Files\T.H.U.G.S.\unins000.exe"
Tabloid Tycoon (remove only)-->"C:\Program Files\Valusoft\Tabloid Tycoon\Uninstall.exe"
The lost Castle-->C:\The lost Castle\Uninstal.exe
The Tower of Babel-->MsiExec.exe /I{F5C8A97C-CAB7-45BD-8791-3B7CA70A67C7}
The Ur-Quan Masters 0.6.2-->C:\Program Files\The Ur-Quan Masters\uninst.exe
TV Manager (Demo)-->"C:\Program Files\TV Manager Demo\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB900930)-->"C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VDMSound-->C:\Program Files\VDMSound\uninst.exe
Virtual U-->"C:\Program Files\Virtual U\setup\UNWISE.EXE" "C:\PROGRA~1\VIRTUA~1\INSTALL.LOG"
Volume Control-->MsiExec.exe /I{C937244C-5CD1-4567-92CD-38E7E966B894}
VSP-Poker-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\VSP-Poker\ST5UNST.LOG"
Widelands Build11-->"C:\Program Files\Widelands\unins000.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: Authentium Antivirus (outdated)
FW: Authentium Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\VDMSound
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"LANG"=C
"VDMSPath"=C:\Program Files\VDMSound

-----------------EOF-----------------
 
Sorry for delay, I have missed your reply.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these afterwards:

C:\Documents and Settings\nancy\Desktop\utorrent.exe
C:\Program Files\uTorrent
C:\Documents and Settings\nancy\Application Data\uTorrent

Delete info.txt in RSIT folder

Please run a new RSIT scan when finished and post logs back here.
 
i deleted utorent
Logfile of random's system information tool 1.02 (written by random/random)
Run by nancy at 2008-10-02 19:53:01
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 54 GB (70%) free of 76 GB
Total RAM: 247 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:19 PM, on 10/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Volume Control\Volume Control.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Documents and Settings\nancy\lsass.exe
C:\Program Files\Twain\Twain.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nancy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\nancy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = cobra
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {05EEDBFD-EA8F-4995-A928-6B421DFB172B} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: (no name) - {1C85FC89-C3D5-4A63-B03F-A560A80B468B} - C:\WINDOWS\system32\urqPfGAp.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: (no name) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: OIN Analytics - {6B221E01-F517-4959-8C41-81948E7F2F17} - C:\Program Files\OINAnalytics\OINAnalytics.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7F86C548-8046-4A4D-BB63-73DD15868F4A} - (no file)
O2 - BHO: {159d7cfe-1b67-e3fa-3ec4-bd85d01ddd19} - {91ddd10d-58db-4ce3-af3e-76b1efc7d951} - C:\WINDOWS\system32\ivnsya.dll
O2 - BHO: (no name) - {9579D574-D4D8-4335-9560-FE8641A013BD} - (no file)
O2 - BHO: (no name) - {B40FDC41-705E-4522-A804-FEB9DBB123A3} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {DA2E0515-F0D5-4773-8191-400CCD50783B} - C:\WINDOWS\system32\ddCSMDtR.dll
O2 - BHO: (no name) - {DD6962B9-D871-4AC5-B2F6-06CD654A360D} - (no file)
O2 - BHO: (no name) - {E586C5FF-E734-4984-95FF-92BC87AC75EF} - (no file)
O2 - BHO: (no name) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - (no file)
O2 - BHO: (no name) - {EBDD2E69-2FB9-4B0D-AC49-D63883857DFA} - (no file)
O2 - BHO: (no name) - {EF8DFF1A-05E9-456F-9387-4EDE47EDFEA5} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [VolControl] C:\Program Files\Volume Control\Volume Control.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKLM\..\Run: [flockbox] F:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\nancy\lsass.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [BMa7a59ede] Rundll32.exe "C:\WINDOWS\system32\rvxwruli.dll",s
O4 - HKLM\..\Run: [a496ad42] rundll32.exe "C:\WINDOWS\system32\kiqlpyto.dll",b
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\nancy\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {9F9E33E8-0F27-4A98-9C61-940FDFE31DC2} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://free-game-downloads.mosw.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219878245281
O17 - HKLM\System\CCS\Services\Tcpip\..\{5381478A-BFC0-4AAF-9FBC-EE4FE4B8714B}: NameServer = 207.69.188.185 207.69.188.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{5381478A-BFC0-4AAF-9FBC-EE4FE4B8714B}: NameServer = 207.69.188.185 207.69.188.186
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ednwqa.dll nijfhj.dll ivnsya.dll
O20 - Winlogon Notify: ddCSMDtR - C:\WINDOWS\SYSTEM32\ddCSMDtR.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10260 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05EEDBFD-EA8F-4995-A928-6B421DFB172B}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15F4D456-5BAA-4076-8486-EECB38CD3E57}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C85FC89-C3D5-4A63-B03F-A560A80B468B}]
C:\WINDOWS\system32\urqPfGAp.dll [2008-09-22 284672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{206E52E0-D52E-11D4-AD54-0000E86C26F6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]
OIN Analytics - C:\Program Files\OINAnalytics\OINAnalytics.dll [2008-09-12 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F86C548-8046-4A4D-BB63-73DD15868F4A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91ddd10d-58db-4ce3-af3e-76b1efc7d951}]
C:\WINDOWS\system32\ivnsya.dll [2008-10-02 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B40FDC41-705E-4522-A804-FEB9DBB123A3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA2E0515-F0D5-4773-8191-400CCD50783B}]
C:\WINDOWS\system32\ddCSMDtR.dll [2008-09-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD6962B9-D871-4AC5-B2F6-06CD654A360D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E586C5FF-E734-4984-95FF-92BC87AC75EF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBDD2E69-2FB9-4B0D-AC49-D63883857DFA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF8DFF1A-05E9-456F-9387-4EDE47EDFEA5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2005-03-03 173136]
{ED0E8CA5-42FB-4B18-997B-769E0408E79D} - FreshDownload Bar - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll []
{9FB3908C-6565-4CB0-95F8-E9F85258723C}
{014DA6C9-189F-421a-88CD-07CFE51CFF10}
{6CA49FDD-4AEB-4F08-A394-C0A1F82CAA16}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dell AIO Printer A960"=C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe [2003-09-21 270336]
"VolControl"=C:\Program Files\Volume Control\Volume Control.exe [2007-01-24 102400]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"CyberLat Ram Cleaner"=C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1 []
"flockbox"=F:\My Lockbox\flockbox.exe /a []
"LSA Shellu"=C:\Documents and Settings\nancy\lsass.exe [2008-06-15 52224]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]
"BMa7a59ede"=C:\WINDOWS\system32\rvxwruli.dll [2008-10-02 105472]
"a496ad42"=C:\WINDOWS\system32\kiqlpyto.dll [2008-10-02 73728]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\nancy\Desktop\utorrent.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Twain"=C:\Program Files\Twain\Twain.exe [2008-09-19 60928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ednwqa.dll nijfhj.dll ivnsya.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddCSMDtR]
C:\WINDOWS\system32\ddCSMDtR.dll [2008-09-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll []
"{DA2E0515-F0D5-4773-8191-400CCD50783B}"=C:\WINDOWS\system32\ddCSMDtR.dll [2008-09-18 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqPfGAp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\K1RFD\EchoLink\EchoLink.exe"="C:\Program Files\K1RFD\EchoLink\EchoLink.exe:*:Enabled:EchoLink"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Railroads!\RailRoads.exe:*:Enabled:Sid Meier's Railroads!"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Program Files\Freeciv-2.0.9-gtk2\civserver.exe:*:Enabled:civserver"
"C:\Documents and Settings\Nancy_2\Desktop\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Documents and Settings\Nancy_2\Desktop\Freeciv-2.0.9-gtk2\civserver.exe:*:Disabled:civserver"
"C:\Documents and Settings\nancy\Desktop\Freeciv-2.0.9-gtk2\civserver.exe"="C:\Documents and Settings\nancy\Desktop\Freeciv-2.0.9-gtk2\civserver.exe:*:Enabled:civserver"
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\WinMX Music\WinMX Music.exe"="C:\Program Files\WinMX Music\WinMX Music.exe:*:Enabled:WinMX Music"
"C:\ClonkPlanet\clonk.c4x"="C:\ClonkPlanet\clonk.c4x:*:Enabled:Clonk Engine"
"C:\Program Files\Globulation_2\glob2.exe"="C:\Program Files\Globulation_2\glob2.exe:*:Enabled:glob2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"F:\Freeciv-2.1.4-gtk2\civserver.exe"="F:\Freeciv-2.1.4-gtk2\civserver.exe:*:Enabled:civserver"
"C:\Documents and Settings\nancy\Desktop\utorrent.exe"="C:\Documents and Settings\nancy\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\nancy\Desktop\KMIVBR2\KMI.Cstore.exe"="C:\Documents and Settings\nancy\Desktop\KMIVBR2\KMI.Cstore.exe:*:Enabled: "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0349ac28-2945-11dd-ad90-e1fb8d0daab6}]
shell\Auto\command - F:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


======List of files/folders created in the last 1 months======

2008-10-02 19:26:58 ----D---- C:\Documents and Settings\nancy\Application Data\uTorrent
2008-10-02 19:14:31 ----SH---- C:\WINDOWS\system32\otyplqik.ini2
2008-10-02 19:14:22 ----ASH---- C:\WINDOWS\system32\otyplqik.tmp
2008-10-02 19:14:04 ----N---- C:\WINDOWS\system32\kiqlpyto.dll
2008-10-02 19:13:41 ----A---- C:\WINDOWS\system32\ivnsya.dll
2008-10-02 19:13:19 ----A---- C:\WINDOWS\system32\esbowfsn.dll
2008-10-02 19:11:39 ----A---- C:\WINDOWS\system32\rvxwruli.dll
2008-10-02 18:55:18 ----A---- C:\WINDOWS\system32\yvuool.dll
2008-10-02 18:54:57 ----A---- C:\WINDOWS\system32\rpgnsmdl.dll
2008-10-02 18:52:13 ----SH---- C:\WINDOWS\system32\lorcadnf.ini
2008-10-02 18:51:57 ----N---- C:\WINDOWS\system32\fndacrol.dll
2008-10-02 18:49:44 ----A---- C:\WINDOWS\system32\hodppveo.dll
2008-10-01 20:56:13 ----SH---- C:\WINDOWS\system32\gteyosve.ini
2008-10-01 18:49:59 ----A---- C:\WINDOWS\system32\mbnbdf.dll
2008-10-01 18:49:31 ----A---- C:\WINDOWS\system32\whmeujrt.dll
2008-10-01 18:47:27 ----A---- C:\WINDOWS\system32\yfddxgbd.dll
2008-09-30 18:54:18 ----A---- C:\WINDOWS\system32\sfyoyt.dll
2008-09-30 18:53:47 ----A---- C:\WINDOWS\system32\nxjxvhbg.dll
2008-09-30 18:51:57 ----SH---- C:\WINDOWS\system32\rctcmkoq.ini
2008-09-30 18:50:41 ----A---- C:\WINDOWS\system32\souxomxp.dll
2008-09-30 18:48:11 ----A---- C:\WINDOWS\system32\katxfm.dll
2008-09-30 18:47:45 ----A---- C:\WINDOWS\system32\rwtvjiqk.dll
2008-09-30 18:45:54 ----SH---- C:\WINDOWS\system32\poedytwm.ini
2008-09-30 18:45:23 ----A---- C:\WINDOWS\system32\tuvTjHAp.dll
2008-09-30 18:45:23 ----A---- C:\WINDOWS\system32\opnoLDWm.dll
2008-09-30 18:42:08 ----A---- C:\WINDOWS\system32\ymvnkxtd.dll
2008-09-29 17:36:59 ----SH---- C:\WINDOWS\system32\femmierk.ini
2008-09-29 17:36:13 ----A---- C:\WINDOWS\system32\fsobtpwt.dll
2008-09-29 17:04:48 ----A---- C:\WINDOWS\system32\uoffks.dll
2008-09-29 17:04:26 ----A---- C:\WINDOWS\system32\kvaaqfxg.dll
2008-09-29 17:03:44 ----SH---- C:\WINDOWS\system32\etwwagyc.ini
2008-09-29 17:01:30 ----A---- C:\WINDOWS\system32\kxhycuoy.dll
2008-09-29 16:56:37 ----SH---- C:\WINDOWS\system32\xouyerfk.ini
2008-09-29 16:55:37 ----N---- C:\WINDOWS\system32\kfreyuox.dll
2008-09-29 16:54:59 ----D---- C:\WINDOWS\system32\EV02
2008-09-29 16:53:57 ----A---- C:\WINDOWS\system32\ivxtws.dll
2008-09-29 16:53:35 ----A---- C:\WINDOWS\system32\urqRLBUM.dll
2008-09-29 16:53:35 ----A---- C:\WINDOWS\system32\rqRJDwXP.dll
2008-09-29 16:53:06 ----A---- C:\WINDOWS\system32\pbhsbcvi.dll
2008-09-29 16:50:18 ----A---- C:\WINDOWS\system32\cqaitvkv.dll
2008-09-28 16:33:42 ----A---- C:\WINDOWS\system32\lqdcdl.dll
2008-09-28 16:33:42 ----A---- C:\WINDOWS\system32\bbjtrlcv.dll
2008-09-28 16:31:07 ----SH---- C:\WINDOWS\system32\bwwctmqe.ini
2008-09-28 16:30:58 ----A---- C:\WINDOWS\system32\dnvnrgdg.dll
2008-09-28 09:27:03 ----ASH---- C:\WINDOWS\system32\pAGfPqru.ini2
2008-09-27 20:04:33 ----D---- C:\rsit
2008-09-27 18:25:22 ----SH---- C:\WINDOWS\system32\blvxsasx.ini
2008-09-27 18:24:12 ----A---- C:\WINDOWS\system32\xsasxvlb.dll
2008-09-27 18:23:09 ----A---- C:\WINDOWS\system32\bmqbnd.dll
2008-09-27 18:22:25 ----A---- C:\WINDOWS\system32\mxovlqmp.dll
2008-09-27 18:21:00 ----A---- C:\WINDOWS\system32\mvdwvnow.dll
2008-09-27 17:19:56 ----A---- C:\WINDOWS\system32\vtULcbaY.dll
2008-09-27 17:19:56 ----A---- C:\WINDOWS\system32\byXOefgh.dll
2008-09-27 17:16:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 16:11:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-26 19:33:58 ----A---- C:\WINDOWS\system32\cpfitt.dll
2008-09-26 19:32:35 ----A---- C:\WINDOWS\system32\enyauakw.dll
2008-09-26 19:31:39 ----SH---- C:\WINDOWS\system32\kihvhbxk.ini
2008-09-26 19:28:27 ----A---- C:\WINDOWS\system32\wjlojfjv.dll
2008-09-25 20:22:49 ----SH---- C:\WINDOWS\system32\kycnkbuh.ini
2008-09-25 20:21:22 ----A---- C:\WINDOWS\system32\wvznag.dll
2008-09-25 20:20:12 ----A---- C:\WINDOWS\system32\wixyfius.dll
2008-09-25 20:19:02 ----A---- C:\WINDOWS\system32\ieqrjoxu.dll
2008-09-25 20:14:58 ----ASH---- C:\WINDOWS\system32\pAGfPqru.ini
2008-09-24 22:41:43 ----A---- C:\WINDOWS\system32\tsggzi.dll
2008-09-24 22:41:42 ----A---- C:\WINDOWS\system32\tqmcwvhn.dll
2008-09-24 22:41:41 ----SH---- C:\WINDOWS\system32\wavuosre.ini
2008-09-24 20:57:25 ----SH---- C:\WINDOWS\system32\pxnhabof.ini
2008-09-24 20:57:04 ----A---- C:\WINDOWS\system32\fobahnxp.dll
2008-09-24 20:55:52 ----A---- C:\WINDOWS\system32\kjxmibsl.dll
2008-09-24 18:55:29 ----A---- C:\WINDOWS\system32\nijfhj.dll
2008-09-24 18:55:28 ----A---- C:\WINDOWS\system32\wsfxdmda.dll
2008-09-24 18:53:06 ----SH---- C:\WINDOWS\system32\jkloietj.ini
2008-09-23 21:37:04 ----A---- C:\WINDOWS\system32\brndrybe.dll
2008-09-22 20:34:14 ----A---- C:\WINDOWS\system32\ednwqa.dll
2008-09-22 20:33:27 ----SH---- C:\WINDOWS\system32\cwbxtlmj.ini
2008-09-22 20:33:23 ----A---- C:\WINDOWS\system32\yvtwntxn.dll
2008-09-22 20:32:31 ----A---- C:\WINDOWS\system32\jmltxbwc.dll
2008-09-22 20:30:08 ----A---- C:\WINDOWS\system32\iwrmjrjj.dll
2008-09-22 18:30:05 ----SH---- C:\WINDOWS\system32\raebthhb.ini
2008-09-22 18:29:36 ----N---- C:\WINDOWS\system32\bhhtbear.dll
2008-09-22 18:27:01 ----A---- C:\WINDOWS\system32\oztfvh.dll
2008-09-22 18:26:35 ----A---- C:\WINDOWS\system32\lccncmoj.dll
2008-09-22 18:24:24 ----A---- C:\WINDOWS\system32\qsrfloyf.dll
2008-09-22 18:22:02 ----N---- C:\WINDOWS\system32\urqPfGAp.dll
2008-09-22 18:07:05 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-22 18:06:20 ----A---- C:\rapport.txt
2008-09-21 18:52:15 ----SH---- C:\WINDOWS\system32\uDeLlnpo.ini
2008-09-21 18:51:53 ----A---- C:\WINDOWS\system32\ssqNEvtu.dll
2008-09-21 18:50:52 ----A---- C:\WINDOWS\system32\etlxsoup.dll
2008-09-21 18:50:33 ----A---- C:\WINDOWS\system32\goojpq.dll
2008-09-21 18:49:48 ----A---- C:\WINDOWS\system32\vxogrlwk.dll
2008-09-21 18:47:36 ----A---- C:\WINDOWS\system32\mvvehpph.dll
2008-09-21 00:02:12 ----A---- C:\WINDOWS\system32\rqRHyvSI.dll
2008-09-21 00:02:11 ----A---- C:\WINDOWS\system32\byXPJbyv.dll
2008-09-20 18:06:25 ----D---- C:\Program Files\Trend Micro
2008-09-19 19:51:39 ----SH---- C:\Program Files\Common Files\Yazzle3050OinUninstaller.exe
2008-09-19 19:51:33 ----D---- C:\Documents and Settings\nancy\Application Data\F?nts
2008-09-19 19:51:05 ----D---- C:\Program Files\OINAnalytics
2008-09-19 19:39:19 ----D---- C:\Documents and Settings\nancy\Application Data\SpeedRunner
2008-09-19 19:34:17 ----D---- C:\Program Files\Twain
2008-09-19 19:29:17 ----D---- C:\Program Files\Webtools
2008-09-19 19:24:19 ----D---- C:\Program Files\Mjcore
2008-09-19 16:51:30 ----A---- C:\WINDOWS\system32\XIlorXyb.tmp
2008-09-19 16:50:24 ----A---- C:\WINDOWS\system32\rqRKARJC.dll
2008-09-19 16:50:24 ----A---- C:\WINDOWS\system32\jkkLBrsP.dll
2008-09-19 16:47:27 ----A---- C:\WINDOWS\system32\gatdyjty.dll
2008-09-19 16:46:53 ----A---- C:\WINDOWS\system32\wqpfyk.dll
2008-09-19 16:44:57 ----A---- C:\WINDOWS\system32\gofjimgd.dll
2008-09-19 16:44:15 ----A---- C:\WINDOWS\system32\hgGabBrQ.dll
2008-09-19 16:44:14 ----A---- C:\WINDOWS\system32\hgGabArr.dll
2008-09-19 16:36:49 ----A---- C:\WINDOWS\pskt.ini
2008-09-19 16:36:43 ----A---- C:\WINDOWS\BMa7a59ede.txt
2008-09-19 16:36:22 ----A---- C:\WINDOWS\system32\cnclcedk.dll
2008-09-18 22:11:20 ----ASH---- C:\WINDOWS\system32\dddJlRCf.ini
2008-09-18 20:41:44 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-09-18 19:25:34 ----A---- C:\WINDOWS\system32\vksify.dll
2008-09-18 19:22:19 ----A---- C:\WINDOWS\system32\suwdajlv.dll
2008-09-18 19:21:41 ----SH---- C:\WINDOWS\system32\XIlorXyb.ini
2008-09-18 19:21:13 ----N---- C:\WINDOWS\system32\byXrolIX.dll
2008-09-18 19:21:12 ----A---- C:\WINDOWS\system32\vtUljKEX.dll
2008-09-18 19:18:57 ----A---- C:\WINDOWS\system32\imomgreb.dll
2008-09-18 19:18:00 ----A---- C:\WINDOWS\system32\afb5693c-.txt
2008-09-18 19:10:42 ----A---- C:\WINDOWS\faceback.exe
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\winf
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\UES
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\p
2008-09-18 19:09:14 ----D---- C:\WINDOWS\system32\np5
2008-09-18 19:04:14 ----D---- C:\WINDOWS\system32\mC02
2008-09-18 19:03:40 ----A---- C:\WINDOWS\system32\vTLddcCu.dll
2008-09-18 19:03:40 ----A---- C:\WINDOWS\system32\ddCSMDtR.dll
2008-09-16 09:56:36 ----A---- C:\WINDOWS\b116.exe
2008-09-12 16:36:13 ----D---- C:\Program Files\Galactic Capitalism
2008-09-12 11:21:12 ----SH---- C:\Program Files\Common Files\Yazzle3050OinAdmin.exe
2008-09-12 08:57:28 ----A---- C:\WINDOWS\b157.exe
2008-09-12 08:37:42 ----A---- C:\WINDOWS\b104.exe
2008-09-12 08:36:52 ----A---- C:\WINDOWS\b103.exe
2008-09-11 06:02:46 ----A---- C:\WINDOWS\b161.exe
2008-09-10 18:27:33 ----D---- C:\SIMLIFE
2008-09-05 19:58:22 ----D---- C:\Program Files\Axon Data

======List of files/folders modified in the last 1 months======

2008-10-02 19:52:29 ----A---- C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2008-10-02 19:20:41 ----D---- C:\WINDOWS\system32
2008-10-02 19:18:59 ----D---- C:\WINDOWS\Temp
2008-10-02 19:14:35 ----D---- C:\Program Files
2008-10-01 21:29:38 ----D---- C:\WINDOWS\Prefetch
2008-10-01 20:32:25 ----D---- C:\Program Files\The Tower of Babel
2008-10-01 19:15:34 ----D---- C:\WINDOWS
2008-10-01 18:38:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-29 16:59:01 ----D---- C:\temp
2008-09-28 23:19:21 ----D---- C:\Documents and Settings\nancy\Application Data\Free Download Manager
2008-09-28 22:52:30 ----D---- C:\WINDOWS\Desktop
2008-09-27 17:16:02 ----D---- C:\WINDOWS\system32\drivers
2008-09-27 12:29:13 ----D---- C:\WINDOWS\Help
2008-09-25 19:51:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-24 22:54:44 ----D---- C:\Documents and Settings\nancy\Application Data\OpenOffice.org2
2008-09-23 20:56:29 ----A---- C:\WINDOWS\dellstat.ini
2008-09-23 20:34:33 ----SHD---- C:\WINDOWS\Installer
2008-09-23 20:33:45 ----DC---- C:\Config.Msi
2008-09-23 20:30:22 ----AC---- C:\WINDOWS\AuthMgr.INI
2008-09-23 20:28:16 ----D---- C:\Program Files\EarthLink TotalAccess
2008-09-22 18:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-21 15:50:58 ----D---- C:\Documents and Settings
2008-09-21 14:04:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-09-20 23:38:33 ----HD---- C:\WINDOWS\inf
2008-09-20 23:38:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-20 23:36:02 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-20 23:01:45 ----AC---- C:\WINDOWS\wininit.ini
2008-09-20 21:53:24 ----SHD---- C:\System Volume Information
2008-09-20 21:53:24 ----D---- C:\WINDOWS\system32\Restore
2008-09-20 12:40:37 ----D---- C:\Program Files\Phun
2008-09-19 19:51:39 ----D---- C:\Program Files\Common Files
2008-09-18 19:03:06 ----A---- C:\WINDOWS\system.ini
2008-09-07 16:33:08 ----D---- C:\WINDOWS\system32\NtmsData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 a3033;a3033; C:\WINDOWS\System32\drivers\a3033.sys [2008-09-18 86144]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-07-16 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 aci5oqw2;aci5oqw2; C:\WINDOWS\system32\drivers\aci5oqw2.sys []
S3 ADSFilter;ADSFilter - (Aluria Filter Driver); C:\WINDOWS\system32\DRIVERS\ADSFilter.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 bvrp_pci;bvrp_pci; \??\C:\WINDOWS\System32\drivers\bvrp_pci.sys []
S3 BW2NDIS5;BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 oflpydin;oflpydin; \??\C:\DOCUME~1\nancy\LOCALS~1\Temp\oflpydin.sys []
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050920.038\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2006-02-03 49536]
S3 VirtualFD;VirtualFD; \??\C:\Documents and Settings\nancy\Desktop\vfd21-050404\vfd.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-04 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EarthLinkMonitor;EarthLink Monitor Service; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2005-01-17 822424]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe []
S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe []
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe []
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe []

-----------------EOF-----------------
 
apparently together they make too long of a post
info.txt logfile of random's system information tool 1.02 2008-10-02 19:53:27

======Uninstall list======

1.0-->"C:\Program Files\Carbiz demo\Carbiz\unins000.exe"
AC Circuits Challenge V5-->MsiExec.exe /I{090CC7E3-7AAD-4A79-B9E3-EFC545138A7E}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AQUAZONE "Virtual Aquarium Collection"-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6A9D7C4-1E5B-42FD-98F5-E067A942AEE1}\Setup.exe" -l0x9
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Battle For Troy-->C:\PROGRA~1\BATTLE~2\UNWISE.EXE C:\PROGRA~1\BATTLE~2\INSTALL.LOG
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Ben There, Dan That!-->MsiExec.exe /I{1E2D1B31-C0E0-4663-B50A-1C92F696A09F}
Caesar 1.0-->MsiExec.exe /I{ECAB24D0-E56A-46B1-94AD-40813CC308A6}
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{FF77A242-BC69-4A6D-ACE8-A1A2F2CD0824}
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Clonk Planet-->C:\WINDOWS\system32\GKSUI18.EXE C:\ClonkPlanet\Uninstall4CAA.DAT
Conquest 3.1-->"C:\Program Files\Conquest\unins000.exe"
CyberLat RAM Cleaner 1.1.3-->"C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\unins000.exe"
DC Circuits Challenge V5-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ETCAI Products\DC Circuits Challenge V5\DeIsL1.isu" -c"C:\Program Files\ETCAI Products\DC Circuits Challenge V5\_ISREG32.DLL"
Dell AIO Printer A960-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBFUN5C.EXE -dDell AIO Printer A960
Dell Picture Studio - Dell Image Expert-->MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
EarthLink Software-->"C:\Program Files\EarthLink TotalAccess\uninstll.exe" /W
EarthLink Toolbar-->MsiExec.exe /X{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}
Free Download Manager 2.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Freeciv 2.0.9 (GTK+ client)-->"C:\Program Files\Freeciv-2.0.9-gtk2\uninstall.exe"
F-Strippoker-->C:\Program Files\F-Strippoker\uninstall.exe
Galactic Capitalism-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Galactic Capitalism\ST5UNST.LOG"
Galcon 1.0-->"C:\Program Files\Galcon\unins000.exe"
GameBiz 2 Uninstall-->"C:\Program Files\GameBiz2\unins000.exe"
Globulation 2-->C:\Program Files\Globulation_2\glob2win32-uninst.exe
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
GTK+ 2.8.18-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Guerrilla War-->C:\Program Files\Guerrilla War\uninstall.exe
Hallmark Card Studio Special Edition-->MsiExec.exe /I{563FE39E-B4D7-4DC0-B443-97313128AEC0}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB929120)-->"C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Lemonade Tycoon 2-->"C:\Program Files\Lemonade Tycoon 2\unins000.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mall Tycoon-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Take2 Interactive\Mall Tycoon\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator for Windows 95-->"C:\Program Files\Microsoft Games\FS95\UNINSTAL.EXE" /runtemp
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Publisher 2003-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Multisim 2001 Textbook Edition-->C:\WINDOWS\IsUninst.exe -fC:\Multisim\Uninst.isu
Multisim sample circuits-->C:\WINDOWS\IsUninst.exe -fC:\Multisim\Samples\Msmsamp.isu
Norton Internet Security-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Nuclear Power 1.3-->C:\Program Files\Nuclear Power\uninst.exe
OIN Analytics-->C:\Program Files\OINAnalytics\Uninstall.exe
Omega M-17 Standard-->C:\PROGRA~1\M17\UNWISE.EXE C:\PROGRA~1\M17\INSTALL.LOG
OpenOffice.org 2.3-->MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Paint.NET v3.10-->MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}
Phun beta 4.22-->"C:\Program Files\Phun\unins000.exe"
Power Supply Challenge-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ETCAI Products\Power Supply Challenge\DeIsL1.isu" -c"C:\Program Files\ETCAI Products\Power Supply Challenge\_ISREG32.DLL"
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Prison Tycoon-->C:\Program Files\Prison Tycoon\data\gvnUninstaller.exe
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Salient: Supply & Command-->F:\Salient\Uninstall.exe
School Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CFFE053-748A-44DC-A248-06EA38E4BC03}\setup.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926247)-->"C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
SimCity 2000-->MsiExec.exe /I{8D52E0F9-17A0-493B-8692-937381DDB62B}
Sk8Park-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Sk8Park\ST5UNST.LOG"
Sk8park2-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Sk8park2\ST5UNST.LOG"
Solar Wars v1.40-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Solar Wars\ST6UNST.LOG"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Space MAX 1.0-->"C:\Program Files\SpaceMAX\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
T.H.U.G.S.-->"C:\Program Files\T.H.U.G.S.\unins000.exe"
Tabloid Tycoon (remove only)-->"C:\Program Files\Valusoft\Tabloid Tycoon\Uninstall.exe"
The lost Castle-->C:\The lost Castle\Uninstal.exe
The Tower of Babel-->MsiExec.exe /I{F5C8A97C-CAB7-45BD-8791-3B7CA70A67C7}
The Ur-Quan Masters 0.6.2-->C:\Program Files\The Ur-Quan Masters\uninst.exe
TV Manager (Demo)-->"C:\Program Files\TV Manager Demo\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB900930)-->"C:\WINDOWS\$NtUninstallKB900930$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VDMSound-->C:\Program Files\VDMSound\uninst.exe
Virtual U-->"C:\Program Files\Virtual U\setup\UNWISE.EXE" "C:\PROGRA~1\VIRTUA~1\INSTALL.LOG"
Volume Control-->MsiExec.exe /I{C937244C-5CD1-4567-92CD-38E7E966B894}
VSP-Poker-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\VSP-Poker\ST5UNST.LOG"
Widelands Build11-->"C:\Program Files\Widelands\unins000.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Hotfix - KB834707-->C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB887797-->C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 11-->MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: Authentium Antivirus (outdated)
FW: Authentium Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\VDMSound
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"LANG"=C
"VDMSPath"=C:\Program Files\VDMSound

-----------------EOF-----------------
 
So then you don't have antivirus active at all.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that:

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
 
yeah it must have been a bug in the forum i will start downloading one of the programs although it make take a while (dialup)
 
You don't need a floppy drive :)

There are stand-alone downloads in Microsoft web site.

Download correct version for your operating system & service pack and drag & drop it into combofix.exe, please.
 
ok i have windows recovery console installed but it will take a day or two to run another virus check and combofix
 
ok combofix seems to have removed it
ComboFix 08-10-12.01 - nancy 2008-10-15 20:40:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.53 [GMT -4:00]
Running from: C:\Documents and Settings\nancy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\nancy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-12 01:13 . 2008-10-12 01:13 <DIR> d-------- C:\695d627f403feaa5dbe1
2008-10-11 22:36 . 2008-10-11 22:36 86,016 --a------ C:\WINDOWS\system32\evcjargp.exe
2008-10-11 00:17 . 2004-08-04 01:59 36,352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2008-10-11 00:17 . 2004-08-04 01:59 36,352 --a--c--- C:\WINDOWS\system32\dllcache\disk.sys
2008-10-09 23:02 . 2008-10-09 23:02 <DIR> d-------- C:\Program Files\Avira
2008-10-09 23:02 . 2008-10-09 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-09 18:51 . 2008-10-09 18:51 73,728 --a------ C:\WINDOWS\system32\fmpifcfs.exe
2008-10-07 18:58 . 2008-10-09 19:10 8,704 --a------ C:\WINDOWS\system32\smwin32.dll
2008-10-05 19:18 . 2008-10-05 19:18 121 --ahs---- C:\WINDOWS\system32\wkldxmiv.ini
2008-10-05 16:32 . 2008-10-05 16:32 <DIR> d-------- C:\Program Files\hxdmjaf
2008-10-04 23:29 . 2008-10-04 23:33 122 --ahs---- C:\WINDOWS\system32\mdedmflg.ini
2008-10-04 16:44 . 2008-10-04 16:44 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-03 21:10 . 2008-10-03 21:10 <DIR> d-------- C:\Program Files\Applications
2008-10-03 20:04 . 2008-10-12 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mbqhmbcv
2008-10-03 18:48 . 2004-08-04 03:56 24,576 --a------ C:\WINDOWS\system32\stus.exe
2008-10-02 19:26 . 2008-10-15 20:42 <DIR> d-------- C:\Documents and Settings\nancy\Application Data\uTorrent
2008-09-29 16:54 . 2008-10-10 20:24 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-09-29 16:54 . 2008-09-29 16:59 <DIR> d-------- C:\temp\xp34
2008-09-28 16:31 . 2008-09-28 16:31 121 --ahs---- C:\WINDOWS\system32\bwwctmqe.ini
2008-09-27 20:04 . 2008-10-02 19:53 <DIR> d-------- C:\rsit
2008-09-26 19:31 . 2008-09-26 19:32 38,880 --ahs---- C:\WINDOWS\system32\kihvhbxk.ini
2008-09-25 20:22 . 2008-09-26 19:12 38,880 --ahs---- C:\WINDOWS\system32\kycnkbuh.ini
2008-09-24 22:41 . 2008-09-25 20:13 1,171 --ahs---- C:\WINDOWS\system32\wavuosre.ini
2008-09-24 20:57 . 2008-09-24 20:57 699 --ahs---- C:\WINDOWS\system32\pxnhabof.ini
2008-09-24 18:53 . 2008-09-24 20:36 527 --ahs---- C:\WINDOWS\system32\jkloietj.ini
2008-09-22 18:07 . 2008-09-22 18:07 3,752 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-21 23:21 . 2008-09-21 23:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-09-21 15:50 . 2008-09-21 15:51 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-20 18:06 . 2008-09-20 18:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 22:11 . 2008-09-22 17:54 345 --ahs---- C:\WINDOWS\system32\dddJlRCf.ini
2008-09-18 19:09 . 2008-10-10 20:27 <DIR> d-------- C:\WINDOWS\system32\winf
2008-09-18 19:09 . 2008-09-18 19:09 <DIR> d-------- C:\WINDOWS\system32\UES
2008-09-18 19:09 . 2008-10-10 15:08 <DIR> d-------- C:\WINDOWS\system32\p
2008-09-18 19:09 . 2008-10-10 20:24 <DIR> d-------- C:\WINDOWS\system32\np5
2008-09-18 19:04 . 2008-10-10 20:24 <DIR> d-------- C:\WINDOWS\system32\mC02
2008-09-18 19:04 . 2008-09-18 19:09 <DIR> d-------- C:\temp\mtc2
2008-09-18 19:03 . 2008-09-18 19:03 71 --a------ C:\Documents and Settings\nancy\3151.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 22:53 --------- d-----w C:\Program Files\GameBiz2
2008-10-15 00:45 21,504 ----a-w C:\Documents and Settings\nancy\39dll.dll
2008-10-15 00:45 157,696 ----a-w C:\Documents and Settings\nancy\supersound.dll
2008-10-14 02:27 --------- d-----w C:\Documents and Settings\nancy\Application Data\Free Download Manager
2008-10-03 04:17 --------- d-----w C:\Documents and Settings\nancy\Application Data\OpenOffice.org2
2008-10-02 00:32 --------- d-----w C:\Program Files\The Tower of Babel
2008-09-25 23:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-24 00:28 --------- d-----w C:\Program Files\EarthLink TotalAccess
2008-09-22 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-21 18:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-20 16:40 --------- d-----w C:\Program Files\Phun
2008-09-12 20:36 --------- d-----w C:\Program Files\Galactic Capitalism
2008-09-05 23:58 --------- d-----w C:\Program Files\Axon Data
2008-09-01 03:37 --------- d-----w C:\Program Files\Risk
2008-08-31 02:28 --------- d-----w C:\Program Files\Zombie Cow Studios
2008-08-29 18:26 8,992 ----a-w C:\Documents and Settings\nancy\Device.dat
2008-08-29 00:30 --------- d-----w C:\Program Files\VDMSound
2008-08-28 22:04 --------- d-----w C:\Program Files\DOSBox-0.72
2008-08-26 03:56 --------- d-----w C:\Program Files\Cheat Engine
2008-08-25 10:55 --------- d-----w C:\Program Files\Carbiz demo
2008-08-19 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 20:23 --------- d-----w C:\Program Files\Cat Daddy Games
2008-08-19 17:26 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-08-19 17:20 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-19 17:20 --------- d-----w C:\Documents and Settings\nancy\Application Data\DAEMON Tools
2008-08-17 23:39 --------- d-----w C:\Program Files\Guerrilla War
2008-08-17 23:38 --------- d--h--w C:\Program Files\InstallJammer Registry
2008-08-17 23:28 --------- d-----w C:\Program Files\Sk8Park
2008-08-17 03:17 --------- d-----w C:\Program Files\M17
2008-08-17 00:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 17:26 --------- d-----w C:\Program Files\Widelands
2008-03-31 00:17 336 ----a-w C:\Program Files\temp995.bat
2007-09-29 04:04 714,936 ----a-w C:\Documents and Settings\Guest\Application Data\New Compressed (zipped) Folder.zip
1987-09-18 16:31 26,785 ----a-w C:\Documents and Settings\nancy\ELECTION.EXE
1987-09-18 16:12 26,705 ----a-w C:\Documents and Settings\nancy\PE.EXE
1987-09-18 15:46 57,425 ----a-w C:\Documents and Settings\nancy\MAP.EXE
1987-09-18 04:59 51,185 ----a-w C:\Documents and Settings\nancy\CAMPAIGN.EXE
1987-09-18 02:26 26,689 ----a-w C:\Documents and Settings\nancy\DEBATE.EXE
1987-09-18 02:23 39,921 ----a-w C:\Documents and Settings\nancy\NOMINATE.EXE
1987-09-17 22:30 5,921 ----a-w C:\Documents and Settings\nancy\START.EXE
1987-04-07 15:48 70,680 ----a-w C:\Documents and Settings\nancy\BRUN30.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Documents and Settings\nancy\Desktop\utorrent.exe" [2008-08-13 267056]
"SetEn"="C:\WINDOWS\system32\fmpifcfs.exe" [2008-10-09 73728]
"StrUtil"="C:\WINDOWS\system32\evcjargp.exe" [2008-10-11 86016]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberLat Ram Cleaner"="C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1" [X]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 270336]
"VolControl"="C:\Program Files\Volume Control\Volume Control.exe" [2007-01-24 102400]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk.disabled [2006-10-19 1757]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"genensh"= {11A78ACD-33E4-C376-034C-0BA3359F114C} - C:\Program Files\hxdmjaf\genensh.dll [2008-10-05 122880]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"Twain"=C:\Program Files\Twain\Twain.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"PLNRNote"="C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe"
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"a496ad42"=rundll32.exe "C:\WINDOWS\system32\adwmjkpv.dll",b
"flockbox"=F:\My Lockbox\flockbox.exe /a
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"C:\\Program Files\\Freeciv-2.0.9-gtk2\\civserver.exe"=
"C:\\Documents and Settings\\Nancy_2\\Desktop\\Freeciv-2.0.9-gtk2\\civserver.exe"=
"C:\\Documents and Settings\\nancy\\Desktop\\Freeciv-2.0.9-gtk2\\civserver.exe"=
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"=
"C:\\Program Files\\Globulation_2\\glob2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\nancy\\Desktop\\utorrent.exe"=
"C:\\Documents and Settings\\nancy\\Desktop\\KMIVBR2\\KMI.Cstore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-18 17264]
R2 EarthLinkMonitor;EarthLink Monitor Service;C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [2005-01-26 65604]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\WINDOWS\system32\DRIVERS\ADSFilter.sys [ ]
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
S3 oflpydin;oflpydin;C:\DOCUME~1\nancy\LOCALS~1\Temp\oflpydin.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0349ac28-2945-11dd-ad90-e1fb8d0daab6}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\nancy\Application Data\Mozilla\Firefox\Profiles\bv0y59pm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 20:44:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-15 20:52:21
ComboFix-quarantined-files.txt 2008-10-16 00:52:16
ComboFix2.txt 2008-10-16 00:16:34

Pre-Run: 56,019,890,176 bytes free
Post-Run: 55,987,298,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

184 --- E O F --- 2008-10-13 03:51:36
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:43 PM, on 10/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Volume Control\Volume Control.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
C:\WINDOWS\system32\fmpifcfs.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - (no file)
O2 - BHO: (no name) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - (no file)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {9579D574-D4D8-4335-9560-FE8641A013BD} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll (file missing)
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [VolControl] C:\Program Files\Volume Control\Volume Control.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat\CyberLat RAM Cleaner 1.1\CyberLat Ram Cleaner 1,1.exe
O4 - HKCU\..\Run: [SetEn] C:\WINDOWS\system32\fmpifcfs.exe
O4 - HKCU\..\Run: [StrUtil] C:\WINDOWS\system32\evcjargp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FreshDownload - {9F9E33E8-0F27-4A98-9C61-940FDFE31DC2} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://free-game-downloads.mosw.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219878245281
O17 - HKLM\System\CCS\Services\Tcpip\..\{5381478A-BFC0-4AAF-9FBC-EE4FE4B8714B}: NameServer = 207.69.188.185 207.69.188.186
O21 - SSODL: genensh - {11A78ACD-33E4-C376-034C-0BA3359F114C} - C:\Program Files\hxdmjaf\genensh.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8059 bytes
 
You must log in or register to reply here.
Back
Top