Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (it's free).
      
2 Pages V   1 2 >  
 Closed TopicStart new topic
Keylogger (i think) i am not sure what is it but i need help [RESOLVED, a keylogger of some description (i think)
Aussietim
post Oct 6 2008, 10:06 AM
Post #1


Member
**
Posts: 36
From: Australia
OS: Windows XP



hey, my problem is
i was on MSN the other night and a close friend sent me a file it said something like "hey do you think i look good in this photo" and it sent me a file, i accepted because i though they were a close friend they wouldn't be sending me viruses. just to be safe i downloaded the file thinking that it would go to the desktop because that is where all my downloads go. i couldn't scan it so i left it at that, the next day i have about 30 people saying that i have some virus because that file i downloaded had now come onto my computer and it was trying to send people this file with this F**King virus on it. it is beggening to become annoying people randomly say stuff like i have a virus when are you going to get rid of it all that stuff.
i scaned the computer with zonealarm pick nothing up!
i also scanned with Malwarebytes anti-malware it also picked nothing up!
i also downloaded free version of super anti-spyware scanned and it also picked nothing up!
help me please!
Regards Tim
Go to the top of the page
 
+Quote Post
Aussietim
post Oct 6 2008, 10:37 PM
Post #2


Member
**
Posts: 36
From: Australia
OS: Windows XP



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37, on 7/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\gidakupe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~2\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Tim Steer\Desktop\Geeks to go\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nemmes] C:\WINDOWS\system32\gidakupe.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [nemmes] C:\WINDOWS\system32\gidakupe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = F:\Programs\XFire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Blue Coat K9 Web Protection (dtzksaeefnae) - Unknown owner - C:\WINDOWS\system32\koorouquaj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7794 bytes
Go to the top of the page
 
+Quote Post
fenzodahl512
post Oct 7 2008, 01:48 AM
Post #3


Trusted Helper
Group Icon
Posts: 4,397
OS: Windows XP
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...



Please download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:

1. AVG8
2. Spyware Doctor
3. Zone Alarm
4. SUPERAntiSpyware

  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.

(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.





Post me these logs in your next reply.. Post each log in separate post

1. Lop S&D
2. RSIT log.txt
3. RSIT info.txt
Go to the top of the page
 
+Quote Post
Aussietim
post Oct 7 2008, 04:42 AM
Post #4


Member
**
Posts: 36
From: Australia
OS: Windows XP



info.txt logfile of random's system information tool 1.04 2008-10-07 21:39:18

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced System Optimizer-->"G:\Programs\Advanced System Optimizer 2.20.4.746\unins000.exe"
AdVantage (Powering DAEMON Tools)-->"C:\Program Files\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"
AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
Anti-Keylogger Elite Version 3.3.3-->"C:\Program Files\Anti Keylogger Elite\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Auto Gordian Knot 2.45-->E:\Programs\AutoGK\uninst.exe
AviSynth 2.5-->"E:\Programs\AviSynth 2.5\Uninstall.exe"
BB FlashBack-->"C:\Documents and Settings\All Users\Application Data\{726649E6-8F90-456E-B22B-3DFDD02D58C8}\BB FlashBack.exe" REMOVE=TRUE MODIFY=FALSE
BB FlashBack-->C:\Documents and Settings\All Users\Application Data\{726649E6-8F90-456E-B22B-3DFDD02D58C8}\BB FlashBack.exe
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Cabela's Big Game Hunter - Alaskan Adventures-->MsiExec.exe /I{17D2AF72-1448-4C43-A1C4-842757E4DEB6}
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Conexant D480 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Conflict Desert Storm II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}\Setup.exe" -l0x9
Conflict Vietnam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DDAA520-414B-4671-BE8A-12428ACF76A3}\setup.exe" -l0x9
Crash Analysis Tool-->MsiExec.exe /X{D5F881C2-B134-474E-AA60-B25DD218AE0D}
CTU: Marine Sharpshooter-->F:\Games\LARGEG~1\UNWISE.EXE F:\Games\LARGEG~1\INSTALL.LOG
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DiRT Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEBC7B8D-BC69-46F7-A872-7698D03127C8}\setup.exe" -l0x9 -removeonly
DVDFab Platinum 4.0.3.0 Final Registered-->"E:\Programs\DVDFab Platinum 4\unins000.exe"
FlatOut Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6230
GameThrust-->"F:\Programs\GameThrust\unins000.exe"
Grand Theft Auto Vice City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
igLoader-->C:\Program Files\igLoader\uninstall.exe
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jeep 4x4: Trail of Life-->C:\WINDOWS\uninst.exe -f"e:\games\small games\jeep\DeIsL1.isu" -c"e:\games\small games\jeep\_ISREG32.DLL"
Jeep Mountain Madness-->C:\WINDOWS\uninst.exe -f"f:\games\small games\jeep mountain madness\DeIsL1.isu" -c"f:\games\small games\jeep mountain madness\_ISREG32.DLL"
John Deere American Farmer TM v1.0-->"E:\Games\Large Games\John Deere American Farmer\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medal of Honor Pacific Assault™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Need for Speed™ Carbon Demo-->E:\Games\Small Games\Need For Speed Carbon Demo\NFS Carbon Demo\EAUninstall.exe
No-IP.com DUC (remove only)-->"C:\Program Files\No-IP\DUC20.exe" -uninstall
Off Road Arena-->"C:\WINDOWS\\Off Road Arena\\uninstall.exe" "/U:C:\WINDOWS\\Off Road Arena\uninstall.xml"
Off-Road Arena-->G:\Games\SMALLG~1\OFF-RO~1\UNWISE.EXE G:\Games\SMALLG~1\OFF-RO~1\INSTALL.LOG
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U /S
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Pontifex Demo-->C:\Program Files\Pontifex Demo\uninstall.exe
San Andreas Mod Installer-->"C:\WINDOWS\San Andreas Mod Installer\uninstall.exe" "/U:E:\Programs\SAMI V1.1\Uninstall\uninstall.xml"
Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sid Meier's Railroads Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7630
Sid Meier's Railroads!-->C:\Program Files\InstallShield Installation Information\{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}\setup.exe -runfromtemp -l0x0009 -removeonly
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWAT 4 - The Stetchkov Syndicate-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{97E12F84-C033-4DA2-97D2-F540C3E292EA} uninstall
SWAT 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
Tom Clancy's Ghost Recon Advanced Warfighter® 2 DEMO-->"C:\Program Files\InstallShield Installation Information\{D8D1D630-C8E5-4B8D-82AB-A376B6C9A9E8}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Ghost Recon Advanced Warfighter® 2-->"C:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Rainbow Six Vegas-->C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Tomb Raider: Anniversary Demo 1.0-->C:\Program Files\Tomb Raider - Anniversary Demo\uninsttra.exe
Tomb Raider: Legend Demo 1.0-->E:\Games\Small Games\Tomb Raider - Legend Demo\uninsttrl.exe
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Unreal Tournament G.O.T.Y. Edition-->E:\Games\Large Games\Unreal Tournament\System\Setup.exe uninstall "UnrealTournament"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
V8 Challenge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E15143B-B333-49D2-8CE6-F1A92CBB533C}\setup.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Virtual DJ - Atomix Productions-->F:\Programs\VIRTUA~1.0\VIRTUA~1\UNWISE.EXE F:\Programs\VIRTUA~1.0\VIRTUA~1\INSTALL.LOG
VobSub v2.23 (Remove Only)-->"E:\Programs\VobSub\uninstall.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"G:\Programs\XFire\uninst.exe"
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O23 - Service: Blue Coat K9 Web Protection (dtzksaeefnae) - Unknown owner - C:\WINDOWS\system32\koorouquaj.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus (disabled)
FW: ZoneAlarm Security Suite Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
Aussietim
post Oct 7 2008, 04:43 AM
Post #5


Member
**
Posts: 36
From: Australia
OS: Windows XP



Logfile of random's system information tool 1.04 (written by random/random)
Run by Tim Steer at 2008-10-07 21:39:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 37 GB (50%) free of 73 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39, on 7/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\gidakupe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Tim Steer\Desktop\Geeks to go\RSIT.exe
C:\Documents and Settings\Tim Steer\Desktop\Geeks to go\Tim Steer.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nemmes] C:\WINDOWS\system32\gidakupe.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [nemmes] C:\WINDOWS\system32\gidakupe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = F:\Programs\XFire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Blue Coat K9 Web Protection (dtzksaeefnae) - Unknown owner - C:\WINDOWS\system32\koorouquaj.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7414 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-05 344064]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-07-18 413696]
"nemmes"=C:\WINDOWS\system32\gidakupe.exe [2008-10-04 230400]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISS_SIP]
C:\Program Files\Anti Keylogger Elite\AKE.exe [2006-03-07 1140224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]

C:\Documents and Settings\Tim Steer\Start Menu\Programs\Startup
Xfire.lnk - F:\Programs\XFire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{766d441e-0e78-11dd-b821-000f1f2a500d}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2008-10-07 21:39:05 ----D---- C:\rsit
2008-10-07 21:38:08 ----A---- C:\lopR.txt
2008-10-07 21:37:25 ----D---- C:\Lop SD
2008-10-07 13:55:32 ----D---- C:\Documents and Settings\Tim Steer\Application Data\MailFrontier
2008-10-07 13:42:37 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-10-05 20:44:18 ----SHD---- C:\RECYCLER
2008-10-05 20:07:11 ----A---- C:\ComboFix.txt
2008-10-05 19:24:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-05 18:50:55 ----D---- C:\Program Files\Anti Keylogger Elite
2008-10-05 18:32:49 ----D---- C:\Documents and Settings\Tim Steer\Application Data\msncleaner
2008-10-05 18:29:52 ----A---- C:\WINDOWS\cleanerfix.bat
2008-10-05 01:04:19 ----A---- C:\WINDOWS\system32\koorouquaj.exe
2008-10-04 21:06:09 ----A---- C:\WINDOWS\system32\gidakupe.exe
2008-09-29 19:14:39 ----D---- C:\Documents and Settings\All Users\Application Data\BlazeVideo
2008-09-29 19:14:12 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-09-21 13:27:12 ----A---- C:\WINDOWS\zllsputility.exe
2008-09-21 13:26:49 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-09-21 13:26:49 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-09-21 13:26:47 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-09-21 13:26:47 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-09-21 13:26:37 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-09-21 13:26:37 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-09-21 13:26:36 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-09-21 13:26:36 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-09-21 13:26:04 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-09-21 13:26:03 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-09-21 13:26:03 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-09-18 11:41:22 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-09-16 17:49:47 ----A---- C:\WINDOWS\iwatch.ini
2008-09-14 19:34:06 ----D---- C:\Program Files\Activision
2008-09-11 00:33:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 00:31:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-07 21:16:01 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-06 15:25:08 ----D---- C:\WINDOWS\temp
2008-09-06 15:09:41 ----D---- C:\QooBox
2008-09-06 15:09:33 ----A---- C:\WINDOWS\zip.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\VFind.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\swsc.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\swreg.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\sed.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\grep.exe
2008-09-06 15:09:33 ----A---- C:\WINDOWS\fdsv.exe
2008-09-06 14:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-06 14:30:32 ----D---- C:\Program Files\SUPERAntiSpyware
2008-09-06 14:30:32 ----D---- C:\Documents and Settings\Tim Steer\Application Data\SUPERAntiSpyware.com
2008-09-06 14:28:53 ----HD---- C:\$AVG8.VAULT$
2008-09-06 14:24:36 ----D---- C:\Program Files\AVG
2008-09-05 22:02:41 ----A---- C:\WINDOWS\system32\1389f196-.txt
2008-09-05 21:53:42 ----A---- C:\WINDOWS\system32\zapSetup_80_015_000_en.exe
2008-08-22 22:55:07 ----D---- C:\Program Files\No-IP
2008-08-22 04:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-08-20 20:16:44 ----D---- C:\Downloads
2008-08-20 18:05:08 ----D---- C:\WINDOWS\Prefetch
2008-08-20 17:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-20 17:54:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-20 17:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-20 17:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-20 17:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-20 17:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-08-20 17:53:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-20 17:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-20 17:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-20 17:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-20 17:38:18 ----D---- C:\WINDOWS\system32\scripting
2008-08-20 17:38:16 ----D---- C:\WINDOWS\l2schemas
2008-08-20 17:38:09 ----D---- C:\WINDOWS\system32\en
2008-08-20 17:38:07 ----D---- C:\WINDOWS\system32\bits
2008-08-20 17:30:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-20 17:00:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-19 18:01:25 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-19 18:01:22 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-19 18:01:20 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-19 18:01:19 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-19 18:01:08 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-19 18:01:08 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-19 18:00:21 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-19 18:00:12 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-19 18:00:00 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-19 18:00:00 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-19 18:00:00 ----N---- C:\WINDOWS\slrundll.exe
2008-08-19 17:59:59 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-19 17:59:59 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-19 17:59:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-19 17:59:53 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-19 17:59:50 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-19 17:59:49 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-19 17:59:47 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-19 17:59:47 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-19 17:59:45 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-19 17:59:45 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-19 17:59:45 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-19 17:59:43 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-19 17:59:40 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-19 17:59:33 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-19 17:59:17 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-19 17:59:16 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-19 17:59:16 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-19 17:59:16 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-19 17:59:15 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-19 17:59:15 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-19 17:59:13 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-19 17:59:13 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-19 17:58:40 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-19 17:58:40 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-19 17:58:39 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-19 17:58:39 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-19 17:58:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-19 17:58:12 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-19 17:58:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-19 17:58:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-19 17:58:11 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-19 17:58:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-19 17:57:59 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-19 17:57:58 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-19 17:57:52 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-19 17:57:41 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-19 17:57:33 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-19 17:57:33 ----A---- C:\WINDOWS\003073_.tmp
2008-08-19 17:57:31 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-19 17:57:31 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-19 17:57:31 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-19 17:57:31 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-19 17:57:30 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-19 17:57:30 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-19 17:57:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-19 17:57:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-19 17:57:19 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-19 17:57:17 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-19 17:57:17 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-19 17:57:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-19 17:57:12 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-19 17:57:06 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-19 17:57:05 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-19 17:57:03 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-19 17:57:02 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-19 17:57:02 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-19 17:56:52 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-17 19:54:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-17 19:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-17 19:53:31 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-17 19:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-17 19:47:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-17 19:46:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-17 19:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-17 18:54:36 ----D---- C:\My Video
2008-08-09 15:31:45 ----D---- C:\Documents and Settings\Tim Steer\Application Data\Xfire
2008-08-04 19:31:09 ----D---- C:\Program Files\Sun
2008-08-04 19:30:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-04 19:30:09 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-04 19:30:09 ----A---- C:\WINDOWS\system32\java.exe
2008-07-30 22:49:17 ----A---- C:\WINDOWS\system32\lfpng13n.dll
2008-07-26 14:54:10 ----D---- C:\Documents and Settings\Tim Steer\Application Data\Systweak
2008-07-18 19:28:27 ----A---- C:\WINDOWS\PC Satellite TV.ini
2008-07-18 19:27:26 ----D---- C:\Documents and Settings\Tim Steer\Application Data\vlc
2008-07-18 19:25:26 ----D---- C:\Program Files\QuickTime
2008-07-13 22:52:45 ----D---- C:\Robot
2008-07-10 02:27:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$

======List of files/folders modified in the last 3 months======

2008-10-07 21:36:20 ----D---- C:\WINDOWS\Internet Logs
2008-10-07 21:29:04 ----D---- C:\Program Files\Mozilla Firefox
2008-10-07 21:17:08 ----D---- C:\Program Files
2008-10-07 21:16:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 21:11:32 ----D---- C:\WINDOWS\system32\drivers
2008-10-07 20:52:17 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-10-07 20:27:19 ----A---- C:\rollback.ini
2008-10-07 17:57:21 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-07 13:51:28 ----D---- C:\WINDOWS\system32
2008-10-07 13:43:08 ----D---- C:\WINDOWS
2008-10-07 13:38:51 ----SHD---- C:\WINDOWS\Installer
2008-10-07 13:38:51 ----SHD---- C:\Config.Msi
2008-10-07 13:30:20 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-05 20:42:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-05 20:39:10 ----D---- C:\Documents and Settings\Tim Steer\Application Data\uTorrent
2008-10-05 20:05:57 ----RSD---- C:\WINDOWS\assembly
2008-10-05 20:05:57 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-05 19:58:29 ----RASH---- C:\boot.ini
2008-10-05 19:58:24 ----A---- C:\WINDOWS\win.ini
2008-10-05 19:58:24 ----A---- C:\WINDOWS\system.ini
2008-10-05 19:52:54 ----D---- C:\WINDOWS\system32\config
2008-10-05 19:51:41 ----D---- C:\WINDOWS\erdnt
2008-10-05 19:48:33 ----D---- C:\Program Files\Common Files
2008-10-05 19:48:32 ----D---- C:\WINDOWS\AppPatch
2008-10-05 19:25:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-05 18:58:51 ----D---- C:\WINDOWS\Minidump
2008-10-05 18:32:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-05 18:11:25 ----D---- C:\WINDOWS\WinSxS
2008-10-05 18:10:07 ----D---- C:\Program Files\Internet Explorer
2008-10-05 18:10:01 ----HD---- C:\WINDOWS\inf
2008-09-29 19:14:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-21 13:26:36 ----D---- C:\Program Files\Zone Labs
2008-09-15 16:56:00 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-09-14 20:03:09 ----D---- C:\WINDOWS\system32\DirectX
2008-09-14 19:58:00 ----A---- C:\WINDOWS\game.ini
2008-09-13 03:03:00 ----D---- C:\Documents and Settings\Tim Steer\Application Data\LimeWire
2008-09-11 00:43:43 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-11 00:31:34 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 22:43:58 ----D---- C:\Documents and Settings\Tim Steer\Application Data\Mozilla
2008-09-07 22:41:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-06 16:58:47 ----D---- C:\Documents and Settings\Tim Steer\Application Data\U3
2008-09-06 15:57:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-06 14:51:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-06 01:56:09 ----D---- C:\Program Files\Shockwave.com
2008-09-05 00:36:23 ----D---- C:\WINDOWS\system32\wbem
2008-09-05 00:36:21 ----D---- C:\WINDOWS\Registration
2008-09-01 21:20:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-27 07:28:12 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-22 17:52:58 ----D---- C:\WINDOWS\Help
2008-08-21 16:52:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-20 18:09:13 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-20 18:05:37 ----A---- C:\WINDOWS\setuplog.txt
2008-08-20 18:04:25 ----D---- C:\WINDOWS\system32\Setup
2008-08-20 18:04:10 ----RSD---- C:\WINDOWS\Fonts
2008-08-20 17:57:18 ----D---- C:\WINDOWS\security
2008-08-20 17:52:14 ----D---- C:\Program Files\Messenger
2008-08-20 17:41:49 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-20 17:41:45 ----D---- C:\WINDOWS\network diagnostic
2008-08-20 17:41:41 ----D---- C:\WINDOWS\ime
2008-08-20 17:38:24 ----D---- C:\WINDOWS\system32\en-US
2008-08-20 17:38:22 ----D---- C:\WINDOWS\system32\usmt
2008-08-20 17:38:07 ----D---- C:\WINDOWS\PeerNet
2008-08-20 17:38:06 ----D---- C:\Program Files\Movie Maker
2008-08-20 17:29:41 ----D---- C:\WINDOWS\system32\Restore
2008-08-20 17:29:40 ----D---- C:\WINDOWS\system32\npp
2008-08-20 17:29:39 ----D---- C:\WINDOWS\mui
2008-08-20 17:29:32 ----D---- C:\WINDOWS\msagent
2008-08-20 17:29:27 ----D---- C:\WINDOWS\srchasst
2008-08-20 17:29:24 ----D---- C:\Program Files\NetMeeting
2008-08-20 17:29:18 ----D---- C:\WINDOWS\system32\Com
2008-08-20 17:29:08 ----D---- C:\Program Files\Windows Media Player
2008-08-20 17:29:07 ----D---- C:\Program Files\Windows NT
2008-08-20 17:29:06 ----D---- C:\Program Files\Outlook Express
2008-08-20 17:28:51 ----D---- C:\Program Files\Common Files\System
2008-08-20 17:27:22 ----D---- C:\WINDOWS\system32\oobe
2008-08-20 17:27:14 ----D---- C:\WINDOWS\system
2008-08-20 17:11:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-20 17:00:03 ----D---- C:\WINDOWS\ehome
2008-08-19 16:49:42 ----D---- C:\WINDOWS\Debug
2008-08-17 19:45:37 ----D---- C:\WINDOWS\ie7updates
2008-08-16 12:31:12 ----SD---- C:\Documents and Settings\Tim Steer\Application Data\Microsoft
2008-08-11 22:11:06 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-08-11 22:10:32 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-08-11 22:10:20 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-08-04 19:30:08 ----D---- C:\Program Files\Java
2008-07-26 14:56:38 ----D---- C:\WINDOWS\repair
2008-07-26 01:43:57 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-07-18 23:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 23:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 23:10:40 ----A---- C:\WINDOWS\system32�