I can not get to restore or even have norton run online virus scan

Started by nash017, December 26, 2008, 01:32:40 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 ... 3 4 5 6 7
User actions

nash017

#60
January 05, 2009, 01:39:15 AM
Hi Corrine, tried in safe mode removed it, rebooted, hjt log said gone, when i connected to internet it was back, tried in tools as well but still no joy, looks like it is hidden in another program   :(

Corrine

#61
January 05, 2009, 02:18:26 AM
Then we must be missing something.  Let's take another look, but this time with RSIT.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

nash017

#62
January 05, 2009, 12:44:47 PM
Logfile of random's system information tool 1.05 (written by random/random)
Run by norman at 2009-01-05 12:34:39
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 44 GB (58%) free of 76 GB
Total RAM: 2047 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:49, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\norman\Desktop\RSIT.exe
E:\norman.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HijackThis startup scan] E:\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe

--
End of file - 8911 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Norton Security Scan for norman.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-08-24 2554944]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"=C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE [2006-09-23 207360]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-01 185896]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"HijackThis startup scan"=E:\HijackThis.exe [2008-12-27 401720]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Excursion9.5\mIRC.ExCurSioN.exe"="C:\Excursion9.5\mIRC.ExCurSioN.exe:*:Enabled:mIRC"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Steam\steamapps\rhysinator\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\rhysinator\condition zero\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\rhysinator\condition zero deleted scenes\hl.exe"="C:\Program Files\Steam\steamapps\rhysinator\condition zero deleted scenes\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\rhysinator\half-life 2\hl2.exe"="C:\Program Files\Steam\steamapps\rhysinator\half-life 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Steam\steamapps\rhysinator\half-life 2 deathmatch\hl2.exe"="C:\Program Files\Steam\steamapps\rhysinator\half-life 2 deathmatch\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Steam\steamapps\rhysinator\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\rhysinator\source sdk base\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\PhotoJoy\Bin\PjImp.exe"="C:\Program Files\PhotoJoy\Bin\PjImp.exe:*:Disabled:PhotoJoy"
"C:\Program Files\PhotoJoy\Bin\PjApp.exe"="C:\Program Files\PhotoJoy\Bin\PjApp.exe:*:Disabled:PhotoJoy"
"C:\Program Files\PhotoJoy\Bin\PhotoJoy.exe"="C:\Program Files\PhotoJoy\Bin\PhotoJoy.exe:*:Disabled:PhotoJoy"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Disabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1505667c-8af9-11dc-ad2e-4d6564696130}]
shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d117648-064c-11dd-add9-4d6564696130}]
shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94df3b7a-7294-11dc-ad0c-4d6564696130}]
shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be040102-9de9-11dc-ad48-4d6564696130}]
shell\AutoRun\command - E:\Laguna.exe


======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-01-05 12:34:39 ----D---- C:\rsit
2009-01-05 01:10:06 ----D---- C:\WINDOWS\pss
2009-01-03 21:21:19 ----SHD---- C:\RECYCLER
2009-01-03 00:24:32 ----A---- C:\ComboFix.txt
2009-01-02 16:37:40 ----A---- C:\WINDOWS\%INIVenderName% %INIProductName% Setup Log.txt
2009-01-02 01:26:35 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-02 00:54:16 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-02 00:54:16 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-02 00:54:16 ----A---- C:\WINDOWS\system32\java.exe
2009-01-01 17:40:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-01 14:48:52 ----D---- C:\WINDOWS\temp
2009-01-01 14:25:27 ----A---- C:\Boot.bak
2009-01-01 14:25:16 ----RASHD---- C:\cmdcons
2009-01-01 14:22:06 ----A---- C:\WINDOWS\zip.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\VFIND.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\SWSC.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\SWREG.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\sed.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\NIRCMD.exe.VIR
2009-01-01 14:22:06 ----A---- C:\WINDOWS\grep.exe
2009-01-01 14:22:06 ----A---- C:\WINDOWS\fdsv.exe
2009-01-01 14:21:49 ----D---- C:\WINDOWS\ERDNT
2009-01-01 14:21:49 ----D---- C:\Qoobox
2009-01-01 13:00:23 ----A---- C:\WINDOWS\Broadband Download Monitor Uninstall Log.txt
2008-12-31 19:22:44 ----D---- C:\Program Files\Webroot
2008-12-31 19:20:29 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-12-31 16:05:27 ----D---- C:\Documents and Settings\All Users\Application Data\RealNetworks
2008-12-31 16:05:25 ----D---- C:\Documents and Settings\norman\Application Data\RealNetworks
2008-12-31 14:34:06 ----D---- C:\Documents and Settings\norman\Application Data\InstallShield
2008-12-30 13:54:15 ----D---- C:\Documents and Settings\norman\Application Data\Malwarebytes
2008-12-30 13:48:06 ----A---- C:\avenger.txt
2008-12-27 14:41:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-27 14:41:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-25 20:39:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-25 20:39:47 ----D---- C:\Program Files\Norton Security Scan
2008-12-25 14:08:11 ----D---- C:\WINDOWS\WinRescue
2008-12-25 13:23:23 ----A---- C:\rsqXPdir.ini
2008-12-25 13:17:15 ----D---- C:\Program Files\backup
2008-12-25 13:15:14 ----D---- C:\Program Files\WinRescueXP
2008-12-25 13:03:44 ----D---- C:\Program Files\ParticleG
2008-12-25 12:03:32 ----D---- C:\Program Files\Dean Software
2008-12-25 12:02:06 ----D---- C:\Program Files\OSCheck
2008-12-24 21:48:08 ----D---- C:\Program Files\active ports
2008-12-24 18:54:07 ----D---- C:\Program Files\Ontrack
2008-12-22 13:34:21 ----D---- C:\Program Files\Hide IP
2008-12-22 01:43:03 ----D---- C:\Program Files\Avira
2008-12-22 01:43:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-21 12:34:13 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2008-12-21 12:34:11 ----D---- C:\Program Files\Nokia
2008-12-21 12:34:00 ----D---- C:\Documents and Settings\norman\Application Data\PC Suite
2008-12-21 12:33:49 ----D---- C:\Program Files\PC Connectivity Solution
2008-12-21 12:33:26 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2008-12-21 12:31:37 ----D---- C:\Program Files\Vodafone
2008-12-20 16:47:34 ----D---- C:\Documents and Settings\norman\Application Data\Roxio
2008-12-20 16:38:31 ----D---- C:\Documents and Settings\norman\Application Data\Research In Motion
2008-12-20 16:31:16 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-12-20 16:31:11 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-20 16:26:54 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-20 16:26:54 ----D---- C:\Documents and Settings\All Users\Application Data\Roxio
2008-12-20 16:26:53 ----D---- C:\Program Files\Roxio
2008-12-20 16:26:36 ----D---- C:\Program Files\Common Files\Roxio Shared
2008-12-20 16:13:49 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-20 16:13:41 ----D---- C:\Program Files\Research In Motion
2008-12-20 16:05:56 ----SHD---- C:\WINDOWS\ftpcache
2008-12-20 12:39:31 ----D---- C:\WINDOWS\LastGood(2)
2008-12-20 12:30:30 ----D---- C:\Documents and Settings\norman\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0MzM5fA_
2008-12-11 20:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-12-10 16:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 16:53:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 16:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 16:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-05 12:34:46 ----D---- C:\WINDOWS\Prefetch
2009-01-05 02:50:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 01:28:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 01:20:14 ----RASH---- C:\boot.ini
2009-01-05 01:20:14 ----AC---- C:\WINDOWS\win.ini
2009-01-05 01:20:14 ----A---- C:\WINDOWS\system.ini
2009-01-05 01:10:06 ----D---- C:\WINDOWS
2009-01-04 17:57:01 ----D---- C:\Documents and Settings\norman\Application Data\Xfire
2009-01-04 16:35:32 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-01-04 16:29:44 ----D---- C:\Program Files\Steam
2009-01-04 15:01:37 ----RD---- C:\Program Files
2009-01-03 18:05:21 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-03 00:24:37 ----D---- C:\WINDOWS\system32
2009-01-03 00:21:19 ----D---- C:\WINDOWS\system32\drivers
2009-01-03 00:21:17 ----D---- C:\WINDOWS\AppPatch
2009-01-03 00:21:17 ----D---- C:\Program Files\Common Files
2009-01-03 00:18:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-02 16:51:01 ----D---- C:\Program Files\Image-Line
2009-01-02 16:37:39 ----AC---- C:\WINDOWS\iun6002.exe
2009-01-02 16:36:35 ----D---- C:\unzipped
2009-01-02 16:32:35 ----D---- C:\downloads
2009-01-02 11:38:35 ----HD---- C:\WINDOWS\inf
2009-01-02 01:32:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-02 00:54:52 ----SHD---- C:\WINDOWS\Installer
2009-01-02 00:54:15 ----D---- C:\Program Files\Java
2009-01-02 00:53:03 ----D---- C:\Config.Msi
2009-01-01 14:31:58 ----D---- C:\WINDOWS\system32\config
2009-01-01 13:01:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 13:00:13 ----D---- C:\Program Files\3GP Player
2009-01-01 12:44:44 ----AC---- C:\WINDOWS\CFML.INI
2009-01-01 12:44:44 ----AC---- C:\WINDOWS\AllState.ini
2009-01-01 12:44:36 ----D---- C:\CFDOCS
2009-01-01 12:43:51 ----AC---- C:\WINDOWS\ODBC.INI
2009-01-01 12:32:00 ----AC---- C:\WINDOWS\ODBCINST.INI
2008-12-31 18:46:38 ----D---- C:\Program Files\PPStream
2008-12-31 16:03:40 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-12-31 13:28:46 ----D---- C:\WINDOWS\system32\Tools
2008-12-31 01:07:43 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-30 23:36:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-28 23:58:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-28 22:19:54 ----D---- C:\Program Files\SpywareBlaster
2008-12-27 23:47:24 ----RAHC---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-27 14:08:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 13:06:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-27 13:06:26 ----A---- C:\WINDOWS\system32\svchost.exe
2008-12-27 12:29:24 ----D---- C:\WINDOWS\Internet Logs
2008-12-25 21:24:18 ----D---- C:\Program Files\Tiscali Broadband
2008-12-25 20:39:55 ----SD---- C:\WINDOWS\Tasks
2008-12-25 17:33:40 ----A---- C:\WINDOWS\imsins.BAK
2008-12-25 16:17:00 ----D---- C:\Documents and Settings\norman\Application Data\Mozilla
2008-12-25 14:50:30 ----D---- C:\WINDOWS\network diagnostic
2008-12-25 12:03:14 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-25 11:39:43 ----AC---- C:\WINDOWS\cdplayer.ini
2008-12-25 00:58:32 ----SD---- C:\Documents and Settings\norman\Application Data\Microsoft
2008-12-24 23:33:40 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-12-23 20:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-23 18:54:51 ----SHD---- C:\System Volume Information
2008-12-23 18:54:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-22 22:20:54 ----A---- C:\WINDOWS\system32\csrss.exe
2008-12-22 12:55:07 ----D---- C:\Excursion9.5
2008-12-22 00:54:48 ----D---- C:\WINDOWS\system
2008-12-22 00:54:47 ----D---- C:\Documents and Settings
2008-12-21 12:34:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-21 10:47:08 ----D---- C:\Program Files\Xfire
2008-12-20 22:22:02 ----D---- C:\Program Files\IncrediMail
2008-12-20 16:41:10 ----A---- C:\wialog.txt
2008-12-20 16:28:37 ----RSD---- C:\WINDOWS\Fonts
2008-12-20 13:41:18 ----HD---- C:\$AVG8.VAULT$
2008-12-20 13:03:07 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 13:03:05 ----D---- C:\WINDOWS\Registration
2008-12-17 22:43:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 13:57:40 ----D---- C:\Paint Shop Pro 6
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 19:32:03 ----D---- C:\Program Files\NCH Swift Sound
2008-12-10 19:32:03 ----D---- C:\Documents and Settings\norman\Application Data\NCH Swift Sound
2008-12-10 16:58:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 16:56:22 ----D---- C:\Program Files\Internet Explorer
2008-12-08 01:48:39 ----D---- C:\Program Files\Microsoft Games
2008-12-08 01:45:31 ----D---- C:\Program Files\Electronic Arts
2008-12-08 01:34:43 ----AC---- C:\WINDOWS\Brpcfx.ini
2008-12-06 18:27:29 ----D---- C:\Documents and Settings\norman\Application Data\Google
2008-12-06 18:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-06 15:27:50 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mbmiodrvr;mbmiodrvr; \??\C:\WINDOWS\system32\mbmiodrvr.sys []
R1 nnrnstdi;nnrnstdi; C:\WINDOWS\system32\drivers\nnrnstdi.sys [2007-06-08 13312]
R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2008-07-31 103304]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-05-30 5632]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R2 PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;PowerQuest File System Monitor PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B; \??\C:\Program Files\PowerQuest\DataKeeper 5.0\PqFsmonNt.sys []
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2007-01-13 18816]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-13 43008]
R3 km_filter;km_filter; C:\WINDOWS\system32\drivers\km_filter.sys [2007-06-08 8832]
R3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-09-09 62592]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-01-13 39488]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-09-14 10368]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2001-12-31 135228]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2001-12-31 13358]
S3 A_USBETHMP;USB PowerPacket Network Adapter; C:\WINDOWS\System32\Drivers\usbethmp.sys [2002-10-24 14342]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 BrSerWDM;Brother Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hid8101;hid8101; C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-23 31899]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 iMSPCLOj;iMSPCLOj; \??\C:\DOCUME~1\norman\LOCALS~1\Temp\iMSPCLOj.sys []
S3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PLCNDIS5.SYS []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 s3chipid;s3chipid; \??\C:\DOCUME~1\norman\LOCALS~1\Temp\s3chipid.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536]
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-24 237312]
S3 vmfilter303;vmfilter303; C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC303;Kinstone USB PC Camera (Vimicro301 Neptune); C:\WINDOWS\System32\Drivers\usbVM303.sys [2006-08-31 392058]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-15 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-24 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-01 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-05-24 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-01-04 201816]
R2 ptssvc;ptssvc; C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2001-08-15 45056]
R2 WDFNet;Webroot Desktop Firewall network service; C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-12-27 14336]
S2 ClusterCATS Service;ColdFusion Monitoring Service; C:\CFusion\cfam\program\ccmgr.exe []
S2 ColdFusion Management Repository;ColdFusion Management Repository Server; C:\CFusion\jrun\bin\jrun.exe -jrundir C:\CFusion\jrun -nt ColdFusion Management Repository cfam []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-08-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-08-26 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-08-26 1108464]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-12-10 353280]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 usnsvc;Messenger Sharing USN Journal Reader service; C:\WINDOWS\system32\svchost.exe [2008-12-27 14336]

-----------------EOF-----------------

nash017

#63
January 05, 2009, 12:45:24 PM
info.txt logfile of random's system information tool 1.05 2009-01-05 12:34:54

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
313 PC File Transfer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97D5E087-3E34-4CB4-85E1-9B244E306F97} /l1033
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
ACDSee 9 Photo Manager-->MsiExec.exe /I{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Back4WinXP-->"C:\Program Files\backup\back4win\unins000.exe"
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9  -removeonly
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{9833D727-8FF5-40AE-A193-525747555FF1}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{9833D727-8FF5-40AE-A193-525747555FF1}
CaptureWizPro 3.A0-->C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe uninstal
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CopyToDVD-->"C:\Program Files\vso\CopyToDVD\unins000.exe"
Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.3-->"C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Dirlog by 1AT069 - Enio-->"C:\Program Files\Dirlog\unins000.exe"
Disk CleanUp-->C:\WINDOWS\SDUnInst.exe c:\program files\software by design\cleanup.uni
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD X Copy Platinum RF 3.2.1-->"C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue-->C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG"
DVD43 v3.9.0-->"C:\Program Files\dvd43\unins000.exe"
DX Atlas 2.25-->C:\downloads\DivxToDVD\unins000.exe
DXMan-->c:\DXMan\uninst\fimain.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Easy CD-DA Extractor 10-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml"
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
ESPR220 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR220\REF_G\DOCUNINS.EXE
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Express Burn-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Fraps-->C:\Documents and Settings\All Users\Application Data\VisualZone\Uninstall.exe
Free Solitaire 3D 1.7-->"C:\Program Files\Free Solitaire 3D\unins000.exe"
gen_msn_adv 1.1-->C:\Program Files\Winamp\Plugins\uninst.exe
Generic USB Card Reader Driver v2.2-->C:\WINDOWS\iun6002.exe "C:\Program Files\Generic\USB Card Reader Driver v2.2\irunin.ini"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
Hide IP 1.63-->"C:\Program Files\Hide IP\unins000.exe"
HijackThis 2.0.2-->"E:\HijackThis.exe" /uninstall
HiYo-->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperCD-->C:\WINDOWS\system32\unInstallHyperCD.exe
IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kinstone USB PC Camera (Vimicro301 Neptune)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe" -l0x9
Kinstone Video Power-->"C:\Program Files\Kinstone Video Power\unins000.exe"
KODAK Camera Connection Software Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{884CE4D3-71D7-494A-8206-1317201AAE04}\setup.exe"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_e4c6d5\Setup.exe /APR-REMOVE
KODAK Memory Albums-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A8F1CA0-9085-11D4-B869-0050DA73F204}\Setup.exe"
KODAK One Touch to Better Pictures-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38FBBBD4-1D2A-4037-A71C-57093B4BA889}\Setup.exe"
KODAK Picture Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51661BCF-F22A-11D4-82B4-00500494EF5C}\setup.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
LogWin3-->c:\LogWin3\uninst\fimain.exe
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Golf 3.0-->E:\games\setup\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Excursion9.5\mIRC.ExCurSioN.exe" -uninstall
Mojo Master Winamp Visualizer for Winamp (remove only)-->"C:\Program Files\Winamp\uninst-vis_MojoMaster.dll.exe"
Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe"
MP3 Player Utilities 1.47-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Muiltmedia keyboard utility 2.2D-->C:\Program Files\Muiltmedia keyboard utility\2.2D\uninst00.exe
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 7 Ultra Edition-->MsiExec.exe /X{99D328E0-51DE-465E-9307-B85CA9511033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Nielsen//NetRatings-->C:\PROGRA~1\NETRAT~1\NetSight\NSSetup.exe /uninstall
Nokia Connectivity Cable Driver-->MsiExec.exe /X{1C851E23-17F6-4B46-9F78-5AD774518B7A}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{7E819CE5-2C41-4C8D-BAF0-B49CC65C5562}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{7E819CE5-2C41-4C8D-BAF0-B49CC65C5562}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OneTouch Version 3.0-->C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
On-line Help Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6283826F-59A2-11D9-BB04-000AE6BE6EE7}\setup.exe" -l0x9
OSCheck V1.1-->"C:\Program Files\OSCheck\unins000.exe"
OtsDJ Demo 1.15.004-->"C:\WINDOWS\OTS_UI.EXE" "C:\OtsLabs\OTSDJ.osi"
Oxigen Client v5.00.0000-->MsiExec.exe /X{D6D532B2-22E1-43AA-B4B7-34D772314859}
PaperPort 6.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\ScanSoft\PaperPort\UnInstl2.dll"
PC Connectivity Solution-->MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PCTV4Me (remove only)-->C:\Program Files\PCTV4Me\uninstall.exe
PhotoJoy-->MsiExec.exe /X{15482D1C-117B-4201-8D39-985A91ED8433}
PhotoJoy-->Msiexec.exe /x{15482D1C-117B-4201-8D39-985A91ED8433} /qf /L*V "%temp%\PjUninstallLog.log"
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
Portable MP3 player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA3F91F9-0083-497D-8AEF-B5C357C8C403}\setup.exe" -l0x9
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
PPStream-->C:\Program Files\PPStream\uninst.exe
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc[1].exe -u
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealSpeak Solo for UK English Emily-->MsiExec.exe /I{A182077A-8D6B-4194-B48A-B4DC37C69907}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9  -removeonly
Registry Checkup-->"C:\Program Files\ParticleG\Registry Checkup\Uninstall.exe" "C:\Program Files\ParticleG\Registry Checkup\install.log"
Roxio Media Manager-->MsiExec.exe /X{AC93F461-132C-4A10-983D-7DAFE2917D67}
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x9
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9  -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9  -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.0-->"C:\Program Files\SpywareBlaster\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
SweetIM For Internet Explorer 1.0a-->MsiExec.exe /X{BBB1528C-2F8C-4526-9C8E-699F17AF21CA}
Switch-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tenomichi 3D Edit-->MsiExec.exe /I{0384D907-8F5A-48ad-9FFE-55196F6B4E1B}
TomTom HOME 2.5.1.36-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TRUST MI-2510T Optical Combi Tilt Mouse-->C:\Program Files\Trust\MI-2510T Optical Combi Tilt Mouse\uninst00.exe
TWIN PS TO PC CONVERTER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}\setup.exe" -l0x9
UnInstall Sound2Vision PlugIn-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Winamp\Plugins\IFU9.inf
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Verbose Uninstall-->C:\Program Files\NCH Swift Sound\Verbose\uninst.exe
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Video DVD Maker v3.8.0.18-->"C:\Program Files\Video DVD Maker\Uninstall.exe" "C:\Program Files\Video DVD Maker\install.log" -u
Virtual Desktop Manager Powertoy for Windows XP-->MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Vodafone Music Manager-->C:\PROGRA~1\Vodafone\VODAFO~1\Unwise32.exe /A C:\PROGRA~1\Vodafone\VODAFO~1\install.log
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Webroot Desktop Firewall-->MsiExec.exe /X{7F2EAC76-8BC7-473F-9E2D-3373FD693797}
Winamp Goes 3D v1.51 (Light)-->MsiExec.exe /X{AB9354BD-E732-4501-AFBD-6D8EA97F9E58}
Winamp Lyrics (Explorer Version) v1.22-->rundll32.exe C:\PROGRA~1\Winamp\Plugins\GEN_LY~2.DLL,Uninstall
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinRescue XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\WNRSQXPZ.INF, DefaultUninstall.ntx86
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O22 - SharedTaskScheduler: FGYbf743iujndsfAfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.166.68.71:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.166.68.71:80
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.166.68.71:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.166.68.71:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 61.166.68.71:80

======Hosts File======

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: Webroot Desktop Firewall (disabled)

System event log

Computer Name: nash
Event Code: 7036
Message: The TrueVector Internet Monitor service entered the running state.

Record Number: 67219
Source Name: Service Control Manager
Time Written: 20081223152152.000000+000
Event Type: information
User:

Computer Name: nash
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a start control.

Record Number: 67218
Source Name: Service Control Manager
Time Written: 20081223152147.000000+000
Event Type: information
User: nash\norman

Computer Name: nash
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a stop control.

Record Number: 67217
Source Name: Service Control Manager
Time Written: 20081223150146.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: nash
Event Code: 7036
Message: The TrueVector Internet Monitor service entered the stopped state.

Record Number: 67216
Source Name: Service Control Manager
Time Written: 20081223150146.000000+000
Event Type: information
User:

Computer Name: nash
Event Code: 7036
Message: The TrueVector Internet Monitor service entered the running state.

Record Number: 67215
Source Name: Service Control Manager
Time Written: 20081223145809.000000+000
Event Type: information
User:

Application event log

Computer Name: nash
Event Code: 108
Message:
Record Number: 4492631
Source Name: Allaire Wsm
Time Written: 20090101081329.000000+000
Event Type: error
User:

Computer Name: nash
Event Code: 108
Message:
Record Number: 4492630
Source Name: Allaire Wsm
Time Written: 20090101081329.000000+000
Event Type: error
User:

Computer Name: nash
Event Code: 108
Message:
Record Number: 4492629
Source Name: Allaire Wsm
Time Written: 20090101081329.000000+000
Event Type: error
User:

Computer Name: nash
Event Code: 108
Message:
Record Number: 4492628
Source Name: Allaire Wsm
Time Written: 20090101081319.000000+000
Event Type: error
User:

Computer Name: nash
Event Code: 108
Message:
Record Number: 4492627
Source Name: Allaire Wsm
Time Written: 20090101081319.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"sourcesdk"=c:\program files\steam\steamapps\rhysinator\sourcesdk
"VProject"=c:\program files\steam\steamapps\rhysinator\half-life 2\hl2
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

nash017

#64
January 05, 2009, 12:47:39 PM
Hi Corrine these were taken when offline, will take one when on line and if you need that i will post that as well.

nash017

#65
January 05, 2009, 01:52:02 PM
this one was taken online, i rebooted m/c but it locked up, had towait to get it started again.

Logfile of random's system information tool 1.05 (written by random/random)
Run by norman at 2009-01-05 13:49:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 44 GB (58%) free of 76 GB
Total RAM: 2047 MB (75% free)


Edit note:  the log was the same as the earlier RSIT log but without the extra information so I've removed it to avoid confusion (my confusion, that is :) ).

Corrine

#66
January 05, 2009, 10:28:52 PM
Hi, Nash.

I was looking at your logs before work this morning and during lunch.  I think our best forward step is to start fresh, so to speak from the above-posted RSIT log information.  So, based on that:

Have you uninstalled "ColdFusion Management Repository Server"?  It isn't software that is generally found on a family PC.

While we're going through this process, it would be best if you or your son did not install any new games or other software.

Please download JavaRa and unzip it to your desktop.


  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.
You already have the latest version, Java SE Runtime Environment (JRE) 6 Update 11, which is updatable so this should take care of the vulnerable versions of SunJava on the computer.

Since you have been having problems with MBAM, let's take another go with ComboFix.  Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2
Link 3

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click "Yes" to continue scanning for malware.

  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

nash017

#67
January 06, 2009, 05:06:03 PM
Hi Corrine, "ColdFusion Management Repository Server, the whole program was deleted from the remove/add program but it keeps coming up on HJT, even deleted from there but as soon as i rescan it is back :Win73:
here are the logs,  also IE running better at moment, could not download Javara from that link on the page so went online and got a copy and scanned the drive and all old files gone :
ComboFix 08-12-31.01 - norman 2009-01-06 16:50:00.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1510 [GMT 0:00]
Running from: c:\documents and settings\norman\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Webroot Desktop Firewall *disabled*
.

(((((((((((((((((((((((((   Files Created from 2008-12-06 to 2009-01-06  )))))))))))))))))))))))))))))))
.

2009-01-06 12:03 . 2009-01-06 12:03   1,100,914   --a------   c:\windows\system32\lolly.scr
2009-01-05 12:34 . 2009-01-05 12:34   <DIR>   d--------   C:\rsit
2009-01-04 16:13 . 2009-01-04 16:13   <DIR>   d--------   c:\windows\system32\config\systemprofile\Application Data\Xfire
2009-01-04 13:42 . 2009-01-04 13:42   32   --a------   c:\windows\hip
2009-01-02 01:26 . 2009-01-02 01:30   <DIR>   d--------   c:\program files\EsetOnlineScanner
2009-01-01 17:40 . 2009-01-01 17:39   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-01 17:40 . 2009-01-01 17:39   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-01-01 14:22 . 2000-08-31 08:00   28,672   --a------   c:\windows\NIRCMD.exe.VIR
2008-12-31 19:22 . 2008-12-31 19:22   <DIR>   d--------   c:\program files\Webroot
2008-12-31 19:20 . 2008-12-31 19:20   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Webroot
2008-12-31 19:06 . 2008-12-31 19:06   0   --a------   c:\windows\system32\^3
2008-12-31 16:05 . 2008-12-31 16:05   <DIR>   d--------   c:\documents and settings\norman\Application Data\RealNetworks
2008-12-31 16:05 . 2008-12-31 16:05   <DIR>   d--------   c:\documents and settings\All Users\Application Data\RealNetworks
2008-12-31 14:34 . 2008-12-31 14:34   <DIR>   d--------   c:\documents and settings\norman\Application Data\InstallShield
2008-12-30 13:54 . 2008-12-30 13:54   <DIR>   d--------   c:\documents and settings\norman\Application Data\Malwarebytes
2008-12-27 14:41 . 2008-12-27 14:41   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-27 14:41 . 2008-12-27 14:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 14:41 . 2008-12-03 19:54   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 14:41 . 2008-12-03 19:54   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-12-25 20:39 . 2009-01-05 15:00   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-25 20:39 . 2008-12-25 20:39   <DIR>   d--------   c:\program files\Common Files\Symantec Shared
2008-12-25 14:08 . 2008-12-25 14:08   <DIR>   d--------   c:\windows\WinRescue
2008-12-25 13:23 . 2008-12-25 13:23   47   --a------   C:\rsqXPdir.ini
2008-12-25 13:17 . 2008-12-25 13:17   <DIR>   d--------   c:\program files\backup
2008-12-25 13:15 . 2008-12-25 14:08   <DIR>   d--------   c:\program files\WinRescueXP
2008-12-25 13:03 . 2008-12-25 13:03   <DIR>   d--------   c:\program files\ParticleG
2008-12-25 12:03 . 2008-12-25 12:03   <DIR>   d--------   c:\program files\Dean Software
2008-12-25 12:02 . 2008-12-25 12:02   <DIR>   d--------   c:\program files\OSCheck
2008-12-24 21:48 . 2008-12-24 21:49   <DIR>   d--------   c:\program files\active ports
2008-12-24 18:54 . 2008-12-24 19:03   <DIR>   d--------   c:\program files\Ontrack
2008-12-22 13:34 . 2009-01-04 14:15   <DIR>   d--------   c:\program files\Hide IP
2008-12-22 01:43 . 2008-12-22 01:43   <DIR>   d--------   c:\program files\Avira
2008-12-22 01:43 . 2008-12-22 01:43   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Avira
2008-12-22 01:11 . 2002-07-09 17:46   726,528   --a------   C:\SETUP.EX~
2008-12-21 12:34 . 2008-12-21 12:34   <DIR>   d--------   c:\program files\Nokia
2008-12-21 12:34 . 2008-12-21 12:34   <DIR>   d--------   c:\documents and settings\norman\Application Data\PC Suite
2008-12-21 12:34 . 2007-02-22 10:15   90,624   --a------   c:\windows\system32\nmwcdcls.dll
2008-12-21 12:33 . 2008-12-21 12:33   <DIR>   d--------   c:\program files\PC Connectivity Solution
2008-12-21 12:33 . 2008-12-21 12:33   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Installations
2008-12-21 12:31 . 2008-12-21 12:31   <DIR>   d--------   c:\program files\Vodafone
2008-12-20 16:47 . 2008-12-21 12:24   <DIR>   d--------   c:\documents and settings\norman\Application Data\Roxio
2008-12-20 16:47 . 2008-12-20 16:47   <DIR>   d--------   c:\documents and settings\LocalService\Application Data\Roxio
2008-12-20 16:47 . 2009-01-05 15:05   54,156   --ah-----   c:\windows\QTFont.qfn
2008-12-20 16:47 . 2008-12-20 16:47   1,409   --a------   c:\windows\QTFont.for
2008-12-20 16:38 . 2008-12-20 16:38   <DIR>   d--------   c:\documents and settings\norman\Application Data\Research In Motion
2008-12-20 16:38 . 2009-01-05 17:14   256   --a------   c:\windows\system32\pool.bin
2008-12-20 16:31 . 2008-12-20 16:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Sonic
2008-12-20 16:31 . 2008-12-20 16:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\InstallShield
2008-12-20 16:26 . 2008-12-20 16:28   <DIR>   d--------   c:\program files\Roxio
2008-12-20 16:26 . 2008-12-20 16:26   <DIR>   d--------   c:\program files\Common Files\Sonic Shared
2008-12-20 16:26 . 2008-12-20 16:26   <DIR>   d--------   c:\program files\Common Files\Roxio Shared
2008-12-20 16:26 . 2008-12-21 12:24   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Roxio
2008-12-20 16:17 . 2007-01-18 10:24   26,496   -ra------   c:\windows\system32\drivers\RimSerial.sys
2008-12-20 16:13 . 2008-12-20 16:13   <DIR>   d--------   c:\program files\Research In Motion
2008-12-20 16:13 . 2008-12-20 16:14   <DIR>   d--------   c:\program files\Common Files\Research In Motion
2008-12-20 16:05 . 2008-12-20 16:05   <DIR>   d--hs----   c:\windows\ftpcache
2008-12-20 12:39 . 2008-12-20 12:39   <DIR>   d--------   c:\windows\LastGood(2)
2008-12-20 12:30 . 2008-12-20 12:30   <DIR>   d--------   c:\documents and settings\norman\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0MzM5fA_
2008-12-11 20:37 . 2008-12-11 20:37   42,320   --a------   c:\windows\system32\xfcodec.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 16:44   ---------   d-----w   c:\program files\Java
2009-01-06 14:24   ---------   d-----w   c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-04 17:57   ---------   d-----w   c:\documents and settings\norman\Application Data\Xfire
2009-01-04 16:39   137,992   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-01-04 16:35   201,816   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-01-04 16:29   ---------   d-----w   c:\program files\Steam
2009-01-03 18:05   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 16:51   ---------   d-----w   c:\program files\Image-Line
2009-01-02 16:37   737,280   -c--a-w   c:\windows\iun6002.exe
2009-01-01 13:01   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-01 13:00   ---------   d-----w   c:\program files\3GP Player
2008-12-31 18:46   ---------   d-----w   c:\program files\PPStream
2008-12-30 23:36   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-12-28 23:58   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 22:19   ---------   d-----w   c:\program files\SpywareBlaster
2008-12-27 14:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 13:06   14,336   ----a-w   c:\windows\system32\svchost.exe
2008-12-25 21:24   ---------   d-----w   c:\program files\Tiscali Broadband
2008-12-23 20:09   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2008-12-21 10:47   ---------   d-----w   c:\program files\Xfire
2008-12-20 22:22   ---------   d-----w   c:\program files\IncrediMail
2008-12-10 19:32   ---------   d-----w   c:\program files\NCH Swift Sound
2008-12-10 19:32   ---------   d-----w   c:\documents and settings\norman\Application Data\NCH Swift Sound
2008-12-10 16:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 01:48   ---------   d-----w   c:\program files\Microsoft Games
2008-12-08 01:45   ---------   d-----w   c:\program files\Electronic Arts
2008-12-06 15:27   ---------   d-----w   c:\program files\Google
2008-12-01 20:51   ---------   d-----w   c:\program files\FLV Player
2008-11-22 14:30   ---------   d-----w   c:\documents and settings\norman\Application Data\ppstream
2008-11-22 12:31   ---------   d-----w   c:\program files\PCTV4Me
2008-11-15 15:10   48,396   ----a-w   c:\windows\UninstVeetleTVPlayer.exe
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-19 10:27   6,688   ----a-w   c:\windows\movexe.exe
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 14:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 14:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 14:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 14:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 14:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 14:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 14:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 14:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 14:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 14:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-05-24 21:45   22,328   ----a-w   c:\documents and settings\norman\Application Data\PnkBstrK.sys
2007-05-15 17:38   82   ----a-w   c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
2003-12-18 10:33   20,102   ----a-w   c:\program files\Readme.txt
2003-09-03 06:46   10,960   -c--a-w   c:\program files\EULA.txt
2002-10-09 12:06   286,720   -c--a-w   c:\windows\inf\i386\rtscan.dll
2002-10-09 12:06   172,032   -c--a-w   c:\windows\inf\i386\viceo.dll
2002-10-09 08:11   61,440   -c--a-w   c:\windows\inf\i386\onetUSD.dll
2002-08-23 13:06   13,824   -c--a-w   c:\windows\inf\i386\Usbscan.sys
2002-08-23 12:58   36,864   -c--a-w   c:\windows\inf\i386\Vizmicro.dll
2006-09-02 00:09   56   -csha-r   c:\windows\system32\78F605413A.sys
2006-09-02 00:09   1,682   -csha-w   c:\windows\system32\KGyGaAvL.sys
2008-09-11 14:23   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
2007-04-03 15:51   9,173,280   --sha-w   c:\windows\system32\drivers\fidbox.dat
2007-04-03 15:51   103,712   --sha-w   c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((   snapshot@2009-01-01_14.45.31.18   )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-11-19 14:02:18   86,016   ------w   c:\windows\system32\DM.DLL
- 2008-12-25 14:20:38   341,032   -c--a-w   c:\windows\system32\FNTCACHE.DAT
+ 2009-01-05 01:13:01   343,424   -c--a-w   c:\windows\system32\FNTCACHE.DAT
- 2003-11-19 16:36:26   24,681   -c--a-w   c:\windows\system32\java.exe
+ 2009-01-01 17:39:24   144,792   ----a-w   c:\windows\system32\java.exe
- 2003-11-19 16:36:30   28,779   -c--a-w   c:\windows\system32\javaw.exe
+ 2009-01-01 17:39:24   144,792   ----a-w   c:\windows\system32\javaw.exe
+ 2009-01-01 17:39:24   148,888   ----a-w   c:\windows\system32\javaws.exe
+ 2007-07-27 14:49:02   196,683   ----a-w   c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02   225,355   ----a-w   c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22   139,264   ----a-w   c:\windows\system32\lnod32umc.dll
+ 2005-12-05 12:37:10   106,496   ----a-w   c:\windows\system32\lnod32upd.dll
+ 2008-02-11 09:39:26   253,952   ----a-w   c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 09:39:18   237,568   ----a-w   c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 13:53:46   110,592   ----a-w   c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 08:48:04   77,824   ----a-w   c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-12-20 13:04:56   1,218,332   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-04 15:42:56   1,218,332   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-06 11:29:17   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_730.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE" [2006-09-23 207360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 185896]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-09-01 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.MJPG"= pvmjpg20.dll
"VIDC.ACDV"= ACDV.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msvideo7"= STV680tg.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.pivc"= pivideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0lsdelete

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FLMOFFICE4DMOUSE"=c:\program files\Trust\MI-2510T Optical Combi Tilt Mouse\moffice.exe
"nwiz"=nwiz.exe /install
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Excursion9.5\\mIRC.ExCurSioN.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:DCOM(135)

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2007-11-03 13312]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2008-07-31 103304]
R2 PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;PowerQuest File System Monitor PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;\??\c:\program files\PowerQuest\DataKeeper 5.0\PqFsmonNt.sys [2002-07-12 49096]
R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2006-12-21 45056]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-02-16 2368]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2007-11-03 8832]
S2 ColdFusion Management Repository;ColdFusion Management Repository Server;"c:\cfusion\jrun\bin\jrun.exe" -jrundir "c:\cfusion\jrun" -nt "ColdFusion Management Repository" "cfam" []
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [2006-11-24 14342]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-09-05 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-09-05 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-09-05 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-09-05 10368]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2006-12-24 31899]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\norman\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS [2006-11-24 17018]
S3 s3chipid;s3chipid;\??\c:\docume~1\norman\LOCALS~1\Temp\s3chipid.sys []
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2007-04-28 428160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1505667c-8af9-11dc-ad2e-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d117648-064c-11dd-add9-4d6564696130}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94df3b7a-7294-11dc-ad0c-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be040102-9de9-11dc-ad48-4d6564696130}]
\Shell\AutoRun\command - E:\Laguna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-30 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]

2009-01-05 c:\windows\Tasks\Norton Security Scan for norman.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 16:54:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wdfproc.dll

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\wdfproc.dll
.
Completion time: 2009-01-06 16:56:32
ComboFix-quarantined-files.txt  2009-01-06 16:56:29
ComboFix2.txt  2009-01-03 00:24:32
ComboFix3.txt  2009-01-02 00:12:10
ComboFix4.txt  2009-01-01 23:44:34
ComboFix5.txt  2009-01-06 16:48:58

Pre-Run: 46,198,923,264 bytes free
Post-Run: 46,180,286,464 bytes free

301   --- E O F ---   2008-12-25 21:27:36


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:57, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
E:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe

--
End of file - 8639 bytes

nash017

#68
January 06, 2009, 05:07:59 PM
Sorry for new game, he was supposed to play it off the disc, but i think he downloaded from Steam. :hallo:

Corrine

#69
January 06, 2009, 07:24:19 PM
I should have time this evening to look at the logs.  In the meantime, be sure your firewall is enabled.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#70
January 07, 2009, 12:36:22 AM
Hi, Nash.

There were some files restored after the antivirus scan that quarantined ComboFix that can do no harm but we might as well remove them.  The new files that showed up are lolly.scr and hip.  Since there were no search results for lolly.scr, it is going. ;)  I found very few and mixed results with regard to "hip" and where it was removed there didn't seem to be problems so, unless you delete it from the script below, it is also going.  Let me know if you know that those files were specifically added and I will remove them from the script.

In your next reply, let me know what you are doing about your antivirus.  To see if Norton is now working, you need to disable Avira and test it.  However, if you decide to stay with Avira, you should uninstall Norton. 


Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code Select

File::
c:\windows\system32\lolly.scr
c:\windows\hip
c:\windows\NIRCMD.exe.VIR
c:\windows\system32\^3
C:\SETUP.EX~
c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
c:\windows\inf\i386\rtscan.dll
c:\windows\inf\i386\viceo.dll
c:\windows\inf\i386\onetUSD.dll
c:\windows\inf\i386\Usbscan.sys
c:\windows\inf\i386\Vizmicro.dll
c:\windows\system32\78F605413A.sys
c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
c:\documents and settings\norman\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0MzM5fA_

Folder::
C:\CFusion


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Please respond with an indication of the status of your computer, what you are going to do or have done with your antivirus, the ComboFix log and a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

nash017

#71
January 07, 2009, 02:17:52 PM
Hi Corrine, the Norton anti virus was a scan on line program so i have deleted that, I checked the boxs on HJT but they are still there.
Here are the 2 logs:

ComboFix 08-12-31.01 - norman 2009-01-07 14:00:03.6 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2047.1542 [GMT 0:00]
Running from: c:\documents and settings\norman\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\norman\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Webroot Desktop Firewall *disabled*

FILE ::
c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
c:\documents and settings\norman\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0MzM5fA_
C:\SETUP.EX~
c:\windows\hip
c:\windows\inf\i386\onetUSD.dll
c:\windows\inf\i386\rtscan.dll
c:\windows\inf\i386\Usbscan.sys
c:\windows\inf\i386\viceo.dll
c:\windows\inf\i386\Vizmicro.dll
c:\windows\NIRCMD.exe.VIR
c:\windows\system32\^3
c:\windows\system32\78F605413A.sys
c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
c:\windows\system32\lolly.scr
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
C:\SETUP.EX~
c:\windows\hip
c:\windows\inf\i386\onetUSD.dll
c:\windows\inf\i386\rtscan.dll
c:\windows\inf\i386\Usbscan.sys
c:\windows\inf\i386\viceo.dll
c:\windows\inf\i386\Vizmicro.dll
c:\windows\NIRCMD.exe.VIR
c:\windows\system32\^3
c:\windows\system32\78F605413A.sys
c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091120080912\index.dat
c:\windows\system32\lolly.scr

.
(((((((((((((((((((((((((   Files Created from 2008-12-07 to 2009-01-07  )))))))))))))))))))))))))))))))
.

2009-01-05 12:34 . 2009-01-05 12:34   <DIR>   d--------   C:\rsit
2009-01-04 16:13 . 2009-01-04 16:13   <DIR>   d--------   c:\windows\system32\config\systemprofile\Application Data\Xfire
2009-01-02 01:26 . 2009-01-02 01:30   <DIR>   d--------   c:\program files\EsetOnlineScanner
2009-01-01 17:40 . 2009-01-01 17:39   410,984   --a------   c:\windows\system32\deploytk.dll
2009-01-01 17:40 . 2009-01-01 17:39   73,728   --a------   c:\windows\system32\javacpl.cpl
2008-12-31 19:22 . 2008-12-31 19:22   <DIR>   d--------   c:\program files\Webroot
2008-12-31 19:20 . 2008-12-31 19:20   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Webroot
2008-12-31 16:05 . 2008-12-31 16:05   <DIR>   d--------   c:\documents and settings\norman\Application Data\RealNetworks
2008-12-31 16:05 . 2008-12-31 16:05   <DIR>   d--------   c:\documents and settings\All Users\Application Data\RealNetworks
2008-12-31 14:34 . 2008-12-31 14:34   <DIR>   d--------   c:\documents and settings\norman\Application Data\InstallShield
2008-12-30 13:54 . 2008-12-30 13:54   <DIR>   d--------   c:\documents and settings\norman\Application Data\Malwarebytes
2008-12-27 14:41 . 2008-12-27 14:41   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-27 14:41 . 2008-12-27 14:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 14:41 . 2008-12-03 19:54   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-27 14:41 . 2008-12-03 19:54   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-12-25 20:39 . 2009-01-05 15:00   <DIR>   d--------   c:\program files\Norton Security Scan
2008-12-25 20:39 . 2008-12-25 20:39   <DIR>   d--------   c:\program files\Common Files\Symantec Shared
2008-12-25 14:08 . 2008-12-25 14:08   <DIR>   d--------   c:\windows\WinRescue
2008-12-25 13:23 . 2008-12-25 13:23   47   --a------   C:\rsqXPdir.ini
2008-12-25 13:17 . 2008-12-25 13:17   <DIR>   d--------   c:\program files\backup
2008-12-25 13:15 . 2008-12-25 14:08   <DIR>   d--------   c:\program files\WinRescueXP
2008-12-25 13:03 . 2008-12-25 13:03   <DIR>   d--------   c:\program files\ParticleG
2008-12-25 12:03 . 2008-12-25 12:03   <DIR>   d--------   c:\program files\Dean Software
2008-12-25 12:02 . 2008-12-25 12:02   <DIR>   d--------   c:\program files\OSCheck
2008-12-24 21:48 . 2008-12-24 21:49   <DIR>   d--------   c:\program files\active ports
2008-12-24 18:54 . 2008-12-24 19:03   <DIR>   d--------   c:\program files\Ontrack
2008-12-22 13:34 . 2009-01-04 14:15   <DIR>   d--------   c:\program files\Hide IP
2008-12-22 01:43 . 2008-12-22 01:43   <DIR>   d--------   c:\program files\Avira
2008-12-22 01:43 . 2008-12-22 01:43   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Avira
2008-12-21 12:34 . 2008-12-21 12:34   <DIR>   d--------   c:\program files\Nokia
2008-12-21 12:34 . 2008-12-21 12:34   <DIR>   d--------   c:\documents and settings\norman\Application Data\PC Suite
2008-12-21 12:34 . 2007-02-22 10:15   90,624   --a------   c:\windows\system32\nmwcdcls.dll
2008-12-21 12:33 . 2008-12-21 12:33   <DIR>   d--------   c:\program files\PC Connectivity Solution
2008-12-21 12:33 . 2008-12-21 12:33   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Installations
2008-12-21 12:31 . 2008-12-21 12:31   <DIR>   d--------   c:\program files\Vodafone
2008-12-20 16:47 . 2008-12-21 12:24   <DIR>   d--------   c:\documents and settings\norman\Application Data\Roxio
2008-12-20 16:47 . 2008-12-20 16:47   <DIR>   d--------   c:\documents and settings\LocalService\Application Data\Roxio
2008-12-20 16:47 . 2009-01-05 15:05   54,156   --ah-----   c:\windows\QTFont.qfn
2008-12-20 16:47 . 2008-12-20 16:47   1,409   --a------   c:\windows\QTFont.for
2008-12-20 16:38 . 2008-12-20 16:38   <DIR>   d--------   c:\documents and settings\norman\Application Data\Research In Motion
2008-12-20 16:38 . 2009-01-06 17:24   256   --a------   c:\windows\system32\pool.bin
2008-12-20 16:31 . 2008-12-20 16:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Sonic
2008-12-20 16:31 . 2008-12-20 16:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\InstallShield
2008-12-20 16:26 . 2008-12-20 16:28   <DIR>   d--------   c:\program files\Roxio
2008-12-20 16:26 . 2008-12-20 16:26   <DIR>   d--------   c:\program files\Common Files\Sonic Shared
2008-12-20 16:26 . 2008-12-20 16:26   <DIR>   d--------   c:\program files\Common Files\Roxio Shared
2008-12-20 16:26 . 2008-12-21 12:24   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Roxio
2008-12-20 16:17 . 2007-01-18 10:24   26,496   -ra------   c:\windows\system32\drivers\RimSerial.sys
2008-12-20 16:13 . 2008-12-20 16:13   <DIR>   d--------   c:\program files\Research In Motion
2008-12-20 16:13 . 2008-12-20 16:14   <DIR>   d--------   c:\program files\Common Files\Research In Motion
2008-12-20 16:05 . 2008-12-20 16:05   <DIR>   d--hs----   c:\windows\ftpcache
2008-12-20 12:39 . 2008-12-20 12:39   <DIR>   d--------   c:\windows\LastGood(2)
2008-12-20 12:30 . 2008-12-20 12:30   <DIR>   d--------   c:\documents and settings\norman\Application Data\s_5849_NTN8fHx8NTN8fHwxMjQyMzg0MzM5fA_
2008-12-11 20:37 . 2008-12-11 20:37   42,320   --a------   c:\windows\system32\xfcodec.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 17:21   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2009-01-06 17:19   ---------   d-----w   c:\program files\SpywareBlaster
2009-01-06 16:44   ---------   d-----w   c:\program files\Java
2009-01-06 14:24   ---------   d-----w   c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-04 17:57   ---------   d-----w   c:\documents and settings\norman\Application Data\Xfire
2009-01-04 16:39   137,992   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2009-01-04 16:35   201,816   ----a-w   c:\windows\system32\PnkBstrB.exe
2009-01-04 16:29   ---------   d-----w   c:\program files\Steam
2009-01-03 18:05   ---------   d-----w   c:\documents and settings\All Users\Application Data\Google Updater
2009-01-02 16:51   ---------   d-----w   c:\program files\Image-Line
2009-01-02 16:37   737,280   -c--a-w   c:\windows\iun6002.exe
2009-01-01 13:01   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-01-01 13:00   ---------   d-----w   c:\program files\3GP Player
2008-12-31 18:46   ---------   d-----w   c:\program files\PPStream
2008-12-30 23:36   ---------   d-----w   c:\program files\Spybot - Search & Destroy
2008-12-27 14:08   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 13:06   14,336   ----a-w   c:\windows\system32\svchost.exe
2008-12-25 21:24   ---------   d-----w   c:\program files\Tiscali Broadband
2008-12-23 20:09   ---------   d-----w   c:\documents and settings\All Users\Application Data\avg8
2008-12-21 10:47   ---------   d-----w   c:\program files\Xfire
2008-12-20 22:22   ---------   d-----w   c:\program files\IncrediMail
2008-12-10 19:32   ---------   d-----w   c:\program files\NCH Swift Sound
2008-12-10 19:32   ---------   d-----w   c:\documents and settings\norman\Application Data\NCH Swift Sound
2008-12-10 16:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 01:48   ---------   d-----w   c:\program files\Microsoft Games
2008-12-08 01:45   ---------   d-----w   c:\program files\Electronic Arts
2008-12-06 15:27   ---------   d-----w   c:\program files\Google
2008-12-01 20:51   ---------   d-----w   c:\program files\FLV Player
2008-11-22 14:30   ---------   d-----w   c:\documents and settings\norman\Application Data\ppstream
2008-11-22 12:31   ---------   d-----w   c:\program files\PCTV4Me
2008-11-15 15:10   48,396   ----a-w   c:\windows\UninstVeetleTVPlayer.exe
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-19 10:27   6,688   ----a-w   c:\windows\movexe.exe
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 14:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 14:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 14:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 14:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 14:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 14:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 14:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 14:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 14:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 14:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-05-24 21:45   22,328   ----a-w   c:\documents and settings\norman\Application Data\PnkBstrK.sys
2003-12-18 10:33   20,102   ----a-w   c:\program files\Readme.txt
2003-09-03 06:46   10,960   -c--a-w   c:\program files\EULA.txt
2006-09-02 00:09   1,682   -csha-w   c:\windows\system32\KGyGaAvL.sys
2007-04-03 15:51   9,173,280   --sha-w   c:\windows\system32\drivers\fidbox.dat
2007-04-03 15:51   103,712   --sha-w   c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((   snapshot@2009-01-01_14.45.31.18   )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-11-19 14:02:18   86,016   ------w   c:\windows\system32\DM.DLL
- 2008-12-25 14:20:38   341,032   -c--a-w   c:\windows\system32\FNTCACHE.DAT
+ 2009-01-05 01:13:01   343,424   -c--a-w   c:\windows\system32\FNTCACHE.DAT
- 2003-11-19 16:36:26   24,681   -c--a-w   c:\windows\system32\java.exe
+ 2009-01-01 17:39:24   144,792   ----a-w   c:\windows\system32\java.exe
- 2003-11-19 16:36:30   28,779   -c--a-w   c:\windows\system32\javaw.exe
+ 2009-01-01 17:39:24   144,792   ----a-w   c:\windows\system32\javaw.exe
+ 2009-01-01 17:39:24   148,888   ----a-w   c:\windows\system32\javaws.exe
+ 2007-07-27 14:49:02   196,683   ----a-w   c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 14:49:02   225,355   ----a-w   c:\windows\system32\lnod32apiW.dll
+ 2005-12-05 19:25:22   139,264   ----a-w   c:\windows\system32\lnod32umc.dll
+ 2005-12-05 12:37:10   106,496   ----a-w   c:\windows\system32\lnod32upd.dll
+ 2008-02-11 09:39:26   253,952   ----a-w   c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 09:39:18   237,568   ----a-w   c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 13:53:46   110,592   ----a-w   c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 08:48:04   77,824   ----a-w   c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-12-20 13:04:56   1,218,332   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-04 15:42:56   1,218,332   ----a-w   c:\windows\system32\Restore\rstrlog.dat
+ 2009-01-07 11:37:12   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_710.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE" [2006-09-23 207360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-09-01 962661]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.MJPG"= pvmjpg20.dll
"VIDC.ACDV"= ACDV.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msvideo7"= STV680tg.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.pivc"= pivideo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0lsdelete

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FLMOFFICE4DMOUSE"=c:\program files\Trust\MI-2510T Optical Combi Tilt Mouse\moffice.exe
"nwiz"=nwiz.exe /install
"WinampAgent"=c:\program files\Winamp\winampa.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Excursion9.5\\mIRC.ExCurSioN.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\condition zero deleted scenes\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\rhysinator\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjImp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PjApp.exe"=
"c:\\Program Files\\PhotoJoy\\Bin\\PhotoJoy.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:DCOM(135)

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2007-11-03 13312]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2008-07-31 103304]
R2 PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;PowerQuest File System Monitor PQfsmonNT ABE675CA-49DF-11d3-93F6-00104B64D07B;\??\c:\program files\PowerQuest\DataKeeper 5.0\PqFsmonNt.sys [2002-07-12 49096]
R2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [2006-12-21 45056]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-02-16 2368]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2007-11-03 8832]
S2 ColdFusion Management Repository;ColdFusion Management Repository Server;"c:\cfusion\jrun\bin\jrun.exe" -jrundir "c:\cfusion\jrun" -nt "ColdFusion Management Repository" "cfam" []
S3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [2006-11-24 14342]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-09-05 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-09-05 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-09-05 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-09-05 10368]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.SYS [2006-12-24 31899]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\norman\LOCALS~1\Temp\iMSPCLOj.sys []
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\PLCNDIS5.SYS [2006-11-24 17018]
S3 s3chipid;s3chipid;\??\c:\docume~1\norman\LOCALS~1\Temp\s3chipid.sys []
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2007-04-28 428160]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1505667c-8af9-11dc-ad2e-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d117648-064c-11dd-add9-4d6564696130}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94df3b7a-7294-11dc-ad0c-4d6564696130}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be040102-9de9-11dc-ad48-4d6564696130}]
\Shell\AutoRun\command - E:\Laguna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-30 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-14 00:12]

2009-01-05 c:\windows\Tasks\Norton Security Scan for norman.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 14:04:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\wdfproc.dll

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\wdfproc.dll
.
Completion time: 2009-01-07 14:06:46
ComboFix-quarantined-files.txt  2009-01-07 14:06:43
ComboFix2.txt  2009-01-06 16:56:36
ComboFix3.txt  2009-01-03 00:24:32
ComboFix4.txt  2009-01-02 00:12:10
ComboFix5.txt  2009-01-07 13:58:10

Pre-Run: 46,101,520,384 bytes free
Post-Run: 46,079,991,808 bytes free

321   --- E O F ---   2008-12-25 21:27:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:12, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
E:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\2.2D\MMKEYBD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe (file missing)
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe

--
End of file - 8720 bytes



Corrine

#72
January 07, 2009, 10:49:47 PM
Let's do this to remove those two ColdFusion services:

Restart your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe Mode.
  • Login on your usual account.
    If you need further assistance with Safe Mode, see Symantec

    Launch HijackThis and do the following:

    • Open the Misc Tools Section, Click "Config" button
    • In the System Tools section, click the "Delete an NT Service" button
    • Place the bold text in the "Delete an NT Service" window exactly as it appears here:  ClusterCATS Service
    • Repeat for ColdFusion Management Repository
    Restart in normal mode and post a fresh HijackThis log.

    Is your computer back to normal?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

nash017

#73
January 09, 2009, 07:54:34 PM
Hi Corrine, have tried to delete those 2 but no joy, they are in use all the time, no matter which mode i try, preesing f8 does not bring up a joice with safe mode, just which drive would i like to start windows with, so i went the MSCONFIG way and that did not work either. Apart from that the PC seems to be running better, can't open web pages from links in emails, can look at a few more pages tho' from google.

nash017

#74
January 09, 2009, 09:43:21 PM
Thought i would do a scan and this is what i found :
Malwarebytes' Anti-Malware 1.32
Database version: 1635
Windows 5.1.2600 Service Pack 3

09/01/2009 21:17:23
mbam-log-2009-01-09 (21-17-23).txt

Scan type: Quick Scan
Objects scanned: 69752
Time elapsed: 18 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\norman\Local Settings\temp\incosnet.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\norman\Local Settings\temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\norman\Local Settings\temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Where are they coming from? and how are they getting through my defences?
Print
Go Up Pages 1 ... 3 4 5 6 7
User actions