Step 1 - ATF Cleaner:
Result - ATF CLeaner would not run. When I double-clicked on the exe, it would flash on screen for
a second then dissapear.
Step 2 - Create a Restore point:
Result - Windows would not let me create or return to a restore point.
Step 3 - Malwarebytes' Anti-Malware:
Result -
Malwarebytes' Anti-Malware 1.16
Database version: 845
10:55:30 PM 6/9/2008
mbam-log-6-9-2008 (22-55-30).txt
Scan type: Quick Scan
Objects scanned: 55255
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Trojan.Agent) ->
Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\PeDevice (Adware.Popups) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\PeDevice\pae_url.xml (Adware.Popups) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\hldrrr.exe (Rootkit.Agent) -> Delete on reboot.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Step 4 - Returned to Step 1 - ATF Cleaner:
Result - Successful
Step 5 - SUPERAntiSpyware Home Edition:
Result -
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/10/2008 at 00:18 AM
Application Version : 4.15.1000
Core Rules Database Version : 3478
Trace Rules Database Version: 1469
Scan type : Complete Scan
Total Scan Time : 01:03:34
Memory items scanned : 337
Memory threats detected : 0
Registry items scanned : 6825
Registry threats detected : 0
File items scanned : 134722
File threats detected : 3
Adware.Tracking Cookie
C:\Documents and Settings\Guest Account\Cookies\guest [email protected][2].txt
Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\DRIVERS\MDELK.EXE
Trojan.Downloader-Gen/Win
C:\WINDOWS\SYSTEM32\UNSVCHOSTS.LZMA
Step 6 - Online Panda Activescan:
Result -
;*************************************************************
ANALYSIS: 2008-06-10 11:30:11
PROTECTIONS: 1
MALWARE: 15
SUSPECTS: 0
;*************************************************************
PROTECTIONS
Description Version Active Updated
;======================================================
ESET NOD32 antivirus system 2.70 2.70 Yes Yes
;======================================================
MALWARE
Id Description Type Active Severity Disinfectable
Disinfected Location
;======================================================
00101945 HackTool/Samdump HackTools No 0 No
No C:\Andrew's new Desktop\Portable Apps March
08\PortableApps\RockXP\RockXP4.exe[pwdump2\samdump.dll]
00101946 HackTool/Samdump HackTools No 0 No
No C:\Andrew's new Desktop\Portable Apps March
08\PortableApps\RockXP\RockXP4.exe[pwdump2\pwdump2.exe]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes
No C:\Andrew's new Desktop\Portable Apps March
08\PortableApps\FirefoxPortable\Data\profile\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes
No C:\Andrew's new Desktop\Portable Apps March
08\PortableApps\FirefoxPortable\Data\profile\cookies.txt[.atdmt.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes
No C:\Andrew's new Desktop\Portable Apps March
08\PortableApps\FirefoxPortable\Data\profile\cookies.txt[.tribalfusion.com/]
00159881 Application/Pskill.A HackTools No 0 Yes
No D:\Z - Sony HD and Recovery\Current Sony HD\WINDOWS\system32\pskill.exe
00288208 Application/HideWindow.S HackTools No 0 Yes
No D:\Z - Sony HD and Recovery\Current Sony HD\WINDOWS\system32\cmdow.exe
00321319 HackTool/RockXp4 HackTools No 1 No
No C:\Andrew's new Desktop\Portable Apps March
08\PortableApps\RockXP\RockXP4.exe[RockXP4_.exe]
02002613 Trj/Keylog.LH Virus/Trojan No 1 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1093985.dll
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\WINDOWS\system32\drivers\downld\157203.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\WINDOWS\system32\drivers\downld\143968.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\WINDOWS\system32\drivers\downld\128750.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\WINDOWS\system32\drivers\downld\132375.exe
02898934 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\WINDOWS\system32\drivers\downld\141281.exe
02898935 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1094014.sys
02898935 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1094038.sys
02898935 W32/Bagle.RP.worm Virus/Worm No 0 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1094059.sys
02901938 HackTool/RockXp4 HackTools No 1 Yes
No C:\Andrew's new Desktop\Portable Apps March 08\PortableApps\RockXP\RockXP4.exe
02913360 W32/Bagle.SP.worm Virus/Worm No 1 Yes
Yes C:\WINDOWS\system32\drivers\downld\122531.exe
02913360 W32/Bagle.SP.worm Virus/Worm No 1 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1093987.exe
02913360 W32/Bagle.SP.worm Virus/Worm No 1 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1093992.exe
02913360 W32/Bagle.SP.worm Virus/Worm No 1 Yes
Yes C:\WINDOWS\system32\drivers\downld\125671.exe
02927698 W32/Bagle.KV.worm Virus/Worm No 1 Yes
Yes C:\WINDOWS\system32\drivers\downld\130015.exe
02927698 W32/Bagle.KV.worm Virus/Worm No 1 Yes
Yes C:\WINDOWS\system32\drivers\downld\126359.exe
03053909 W32/Bagle.KV.worm Virus/Worm No 1 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1093984.exe
03053909 W32/Bagle.KV.worm Virus/Worm No 1 Yes
Yes C:\System Volume
Information\_restore{9F6EEA46-37AE-4F1F-AA1C-ACAF08232234}\RP564\A1094147.exe
;======================================================
SUSPECTS
Sent Location
;======================================================
;======================================================
VULNERABILITIES
Id Severity Description
;======================================================
182048 HIGH MS07-069
176382 HIGH MS07-057
170906 HIGH MS07-045
170904 HIGH MS07-043
164913 HIGH MS07-033
160623 HIGH MS07-027
;======================================================
Step 7 - Reboot:
Result - Computer still showing problems. Anti-Virus and Firewall would not run. Various .exe
disabled.
Step 8 - Hijack This:
Result -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:57 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Advanced SmartCheck\Client\SmCh_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sentinel Web\OPTISAFE_Service.Exe
C:\WINDOWS\system32\cchservice.exe
C:\Program Files\Sentinel Web\UPSInt.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Sentinel Web\Sentinel.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\cc32\webtmr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\Save My Work\SaveMyWork.exe
C:\WINDOWS\Tray\wintmr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HDD Temperature\DTemp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f539.mail....e...=Inbox&YN=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI
RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber
Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series
Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [UPSMON] C:\Program Files\Sentinel Web\Sentinel.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Enterra Icon Keeper] "C:\Program Files\Enterra Icon Keeper\IcnKeepr.exe" ssp /s
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ChicoSys] C:\WINDOWS\system32\cc32\webtmr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [SaveMyWork] C:\Program Files\Save My Work\SaveMyWork.exe
O4 - HKCU\..\Run: [CCWinTray] C:\WINDOWS\Tray\wintmr.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common
Files\Ahead\Lib\NMFirstStart.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common
Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - Startup: DTEMP.lnk = C:\Program Files\HDD Temperature\DTemp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Add all items to the auction list - res://C:\Program
Files\RKD\AuctionNavigator\BidCtxtClick.dll/202
O8 - Extra context menu item: Add this item to the auction list - res://C:\Program
Files\RKD\AuctionNavigator\BidCtxtClick.dll/201
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI
RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber
Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI
Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program
Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -
file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} -
http://www.intercasino.co.uk/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino £££ - {03588886-5C50-4645-BD5D-F105F84417DE} -
http://www.intercasino.co.uk/ (file missing) (HKCU)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative....030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1189976167406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1189976126937
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) -
http://www.seagate.c.../npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative....15030/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logme...ivex/RACtrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple
Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries,
Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -
C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DirectX Service (DirectJicg) - Unknown owner - C:\WINDOWS\system32\directx.exe
(file missing)
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program
Files\DynDNS Updater\DynDNS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -
Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program
Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\PerfectDisk2008\PD91Engine.exe
O23 - Service: SmartCheck service (SmartCheckSvc) - URL Toy Software - C:\Program Files\Advanced
SmartCheck\Client\SmCh_svc.exe
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\Sentinel Web\OPTISAFE_Service.Exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows-CCHook-Service - Salfeld Computer - C:\WINDOWS\system32\cchservice.exe
--
End of file - 13094 bytes
Step 9 - Uninstall Log:
Result -
ABBYY FineReader 5.0 Sprint
AccessDiver v4.301
Ad-Aware 2007
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Preview
Adobe Premiere Pro CS3 Preview
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advanced SmartCheck Client
Album Cover Art Downloader 1.6.0
All Media Fixer 7.0
Allway Sync version 6.2.2
AnyDVD
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Decoder
ATI Display Driver
ATI Multimedia Center 9.16
ATI Remote Wonder 3.04
Auto Gordian Knot 2.45
AviSynth 2.5
AVIVO Codecs
Azureus Vuze
BOINC
Brother MFL-Pro Suite
CC File Transfer 2.5
CCleaner (remove only)
CD Check 3.0.1.43
Cheat Solitare
Child Control
Clock Tray Skins 3.8
CloneDVD 4.0
Cool MP3 Splitter
Core Center
Creative Jukebox Driver
Creative MediaSource 5
DaemonScript
DAO
DFE-538TX
Directory Printer 3.71
D-Link PCI Fast Ethernet Adapter
dMC AccurateRip
DVD Decrypter (Remove Only)
DVD Ripper Platinum 4
DynDNS Updater 3.1
eBay Auction Sniper and Auto Search 3.1
eMulev0.49a.-MorphXTv11.0
EncSpot Pro 2.1
Enterra Icon Keeper 1.0.0.2
EPSON Copy Utility 3
EPSON Perf 2480 - 2580 Guide
EPSON Scan
EPSON Smart Panel
ESET Online Scanner
Everest Ultimate Edition 3.00.626
Exact Audio Copy 0.95b4
Fantasy Wars
Final Draft 7
Flash Favorite 1.5
getPlus®_ocx
GoodSync
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HashTab 2.0.5
HD Tach version 3
HDD Regenerator
HeavyLoad 2.1
Heroes of Might and Magic V Collector Edition
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows XP (KB929120)
iCF Skin Pack
iColorFolder
InfoView
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
K-Lite Mega Codec Pack 3.8.0
LAN Utility
LiveUpdate 2.6 (Symantec Corporation)
Logitech G15 Keyboard Software 1.04
LogMeIn
Magic File Renamer 6.12 Professional Edition
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MP3 Splitter & Joiner
Mp3tag v2.39
MPEG Encoder 3
MPEG Joiner
MSI Live Update 3
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
NOD32 antivirus system
NOD32 FiX
Norton PartitionMagic 8.0
Notmad Explorer (remove only)
Now3D
Omni Encoder
OPTI-SAFE Sentinel Web for Windows
Panda ActiveScan 2.0
Paragon Drive Backup 8.5 Professional
PeerGuardian 2.0
PerfectDisk 2008 Professional
PerformanceTest v6.1
Piky Basket 2.0
QuickTime
RAMTester Utility 2005
Reasonable NoClone 2007 Enterprise
Reasonable NoClone 2007 Enterprise
Recommended Tools Pack
RegVac Registry Cleaner 4.02 (Trial Version)
Save My Work 1.0.45
ScanToWeb
Seagate SeaTools English Online
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Shutdown Monster 4.0.5.2
SolveigMM Video Splitter
SoulSeek Client 156c
SoulSeekkor's TQ Defiler
SplitMovie 1.4
Stress Prime 2004 0.40.95.13
Stress Test Tool Box August 2007
SUPERAntiSpyware Free Edition
SurfOffline (remove only)
ThumbsPlus version 7 SP2
Titan Quest
Titan Quest Immortal Throne
TitanTV Client components for ATI
TQVault 2.11
TuneUp Utilities 2007
Turbo Lister 2
UltimateDefrag
UltraISO V7.65 ME
Unlocker 1.8.5
v3.9.8.5128
ViceVersa Pro 2 (Build 2014)
VobSub v2.23 (Remove Only)
Winamp
Windows Imaging Component
Windows Installer Clean Up
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
WinZip 10 Pro
Wisdom-soft ScreenHunter 5.0 Free
XviD MPEG4 Video Codec (remove only)
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Toolbar
YouTube Downloader 2.2
ZoneAlarm Pro
Edited by ajdedo, 10 June 2008 - 01:36 PM.