Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

browser hijacker virus [CLOSED]

Started by mferrozzo , Sep 02 2008 08:33 PM

  • This topic is locked This topic is locked

#1
mferrozzo
Posted 02 September 2008 - 08:33 PM

mferrozzo

    Member

  • Member
  • PipPip
  • 25 posts
HI,

Need some help with a hijacker virus. After googling or doing yahoo search, the links show up, but when I <click> them, they are redirected to a different site. Also, some sites like this one are shut off.
We've run superantivirus, ewido, and spybot and got rid of some things, but the main problem exists.

downloaded hijack this and ran a scan, here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:00 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienwareGuise\AlienGUIse\wbload.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\Lycosa\razertra.exe
E:\Steam\Steam.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla FireFox\firefox.exe
E:\FlashGet\FlashGet.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Administrator\Application Data\U3\000015A08A63C56C\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Clean Space Tray Agent] C:\PROGRA~1\CLEANS~1\csta.exe startup
O4 - HKCU\..\Run: [Arma] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\DOBE~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "E:\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [neos] C:\WINNT\neos.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Policies\Explorer\Run: [{CCFBCCAB-0A21-1033-0425-030514020001}] "C:\Program Files\Common Files\{CCFBCCAB-0A21-1033-0425-030514020001}\Update.exe" mc-110-12-0000509
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\FlashGet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-01AA0055595A} - http://www.truesuite...leanInstall.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINNT\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: wampapache - Apache Software Foundation - E:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - E:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\kyjedix.html
O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\hogybavuv.html

--
End of file - 13275 bytes

Thanks for your help

Mike F.
  • 0

Advertisements

#2
fenzodahl512
Posted 02 September 2008 - 10:47 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.




NEXT


Please download RSIT by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




Please post these logs in your next reply.. Post each log in separate post..

1. SDFix
2. RSIT log.txt
3. RSIT info.txt
  • 0

#3
mferrozzo
Posted 03 September 2008 - 09:06 PM

mferrozzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Hi fenzodahl512,

I followed the directions and actually the problems seem to be gone. Tried a few different search engines and links are all going where they should, no redirecting.

Here's the first report for the SDfix: The two for RSIT will follow in 2 more posts as you requested. Also please include an address in your response so that I can send a donation. thanks, mike F.



SDFix: Version 1.221
Run by Administrator on Wed 09/03/2008 at 06:04 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found:
C:\WINNT\system32\drivers\tdssserv.sys - Rootkit clbdriver!

Name :
tdssserv

Path :
\systemroot\system32\drivers\TDSSserv.sys

tdssserv - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\WINNT\system32\phcla7j0enf7.bmp - Deleted
C:\Program Files\altcmd\altcmd.inf - Deleted
C:\Program Files\altcmd\uninstall.bat - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA03.tmp - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4A.tmp.vbs - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA00.tmp.vbs - Deleted
C:\WINNT\system32\a.exe - Deleted
C:\Program Files\Setup.exe - Deleted
C:\WINNT\system32\IEserv.exe - Deleted
C:\WINNT\system32\inst.dat - Deleted
C:\WINNT\system32\mc.dat - Deleted
C:\WINNT\system32\plugin1.dat - Deleted
C:\WINNT\system32\web.dat - Deleted
C:\WINNT\system32\drivers\tdssserv.sys - Deleted
C:\WINNT\system32\tdssinit.dll - Deleted
C:\WINNT\system32\tdssl.dll - Deleted
C:\WINNT\system32\tdsslog.dll - Deleted
C:\WINNT\system32\tdssmain.dll - Deleted
C:\WINNT\system32\tdssserf.dll - Deleted
C:\WINNT\system32\tdssservers.dat - Deleted



Folder C:\Program Files\altcmd - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 18:15:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Steam\\SteamApps\\thecyk0\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\thecyk0\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\WINNT\\system32\\PnkBstrA.exe"="C:\\WINNT\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINNT\\system32\\PnkBstrB.exe"="C:\\WINNT\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\\iTunes\\iTunes.exe"="E:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Steam\\SteamApps\\thecyk0\\counter-strike source\\hl2.exe"="E:\\Steam\\SteamApps\\thecyk0\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\cpufreak\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\cpufreak\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"E:\\mIRC\\mirc.exe"="E:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Steam\\SteamApps\\pballairsoft1991\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\pballairsoft1991\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Limewire\\LimeWire.exe"="C:\\Program Files\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\NEXON\\MapleStory.exe"="E:\\NEXON\\MapleStory.exe:*:Enabled:MapleStory"
"E:\\NEXON\\Patcher.exe"="E:\\NEXON\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"E:\\LOTRO\\lotroclient.exe"="E:\\LOTRO\\lotroclient.exe:*:Disabled:lotroclient"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"E:\\Starcraft\\Starcraft\\StarCraft.exe"="E:\\Starcraft\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Nexon\\MapleStory\\Patcher.exe"="C:\\Nexon\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"="C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Nexon\\MapleStory\\MapleStory.exe"="C:\\Nexon\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"
"E:\\MapleStory\\OdinMS.exe"="E:\\MapleStory\\OdinMS.exe:*:Enabled:MapleStory"
"C:\\OdinMS\\OdinMS.exe"="C:\\OdinMS\\OdinMS.exe:*:Enabled:MapleStory"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\\Nexon\\MapleStory\\OdinMS.exe"="E:\\Nexon\\MapleStory\\OdinMS.exe:*:Enabled:MapleStory"
"C:\\Program Files\\Steam\\SteamApps\\cpufreak\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\cpufreak\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"E:\\LocalMS setup\\LocalMS 0.50\\LocalMS.exe"="E:\\LocalMS setup\\LocalMS 0.50\\LocalMS.exe:*:Enabled:MapleStory"
"E:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="E:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"E:\\My Maplestory Private Server\\MapleStoryServer\\Debug\\MapleStoryServer.exe"="E:\\My Maplestory Private Server\\MapleStoryServer\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"E:\\My Maplestory Private Server\\TitanMSVer006\\MapleStoryServer\\Debug\\MapleStoryServer.exe"="E:\\My Maplestory Private Server\\TitanMSVer006\\MapleStoryServer\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"C:\\Program Files\\Steam\\SteamApps\\a_jap\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\a_jap\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Steam\\SteamApps\\a_jap\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\a_jap\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"E:\\Warcraft III\\Warcraft III.exe"="E:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"="E:\\Warcraft III\\ftinst.tmp\\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\\Steam\\Steam.exe"="E:\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\RarSFX0\\hl.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\RarSFX0\\hl.exe:*:Enabled:Half-Life Launcher"
"H:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="H:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
"E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="E:\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\\Steam\\steamapps\\thecyk0\\day of defeat source\\hl2.exe"="E:\\Steam\\steamapps\\thecyk0\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\Launcher.exe"="E:\\Launcher.exe:*:Enabled:Hellgate: London"
"C:\\WINNT\\neos.exe"="C:\\WINNT\\neos.exe:*:Enabled:enable"
"E:\\ProjectPowder\\Run.exe"="E:\\ProjectPowder\\Run.exe:*:Enabled:ProjectPowder"
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"="C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"E:\\S4League\\S4Client.exe"="E:\\S4League\\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\\Program Files\\alaplaya\\S4League\\S4Client.exe"="C:\\Program Files\\alaplaya\\S4League\\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\\Program Files\\Outspark\\Project Powder\\Run.exe"="C:\\Program Files\\Outspark\\Project Powder\\Run.exe:*:Enabled:ProjectPowder"
"E:\\Perfect World\\Perfect World International\\Program Files\\Perfect World Entertainment\\Perfect World International\\patcher\\patcher.exe"="E:\\Perfect World\\Perfect World International\\Program Files\\Perfect World Entertainment\\Perfect World International\\patcher\\patcher.exe:*:Enabled:Perfect World"
"E:\\FlashGet\\FlashGet.exe"="E:\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\WINNT\\system32\\a.exe"="C:\\WINNT\\system32\\a.exe:*:Disabled:a"
"C:\\WINNT\\system32\\sysrest32.exe"="C:\\WINNT\\system32\\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="E:\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 8 Oct 2002 49,223 A..H. --- "C:\Program Files\America Online 8.0\aolphx.exe"
Tue 8 Oct 2002 36,939 A..H. --- "C:\Program Files\America Online 8.0\aoltray.exe"
Tue 8 Oct 2002 40,960 A..H. --- "C:\Program Files\America Online 8.0\RBM.exe"
Tue 8 Oct 2002 233,539 A..H. --- "C:\Program Files\America Online 8.0\waol.exe"
Fri 11 Mar 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 8 Oct 2002 49,225 A..H. --- "C:\Program Files\America Online 8.0\COMIT\cswitch.exe"
Thu 9 Nov 2006 20,480 A..H. --- "C:\Program Files\alaplaya\S4League\HShield\9abb02c.dll"
Thu 9 Nov 2006 20,480 A..H. --- "C:\Program Files\alaplaya\S4League\HShield\c0a79ac.dll"
Tue 12 Aug 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Tue 12 Aug 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg_old.reg"
Tue 12 Aug 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient_old.reg"
Tue 12 Aug 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 28 Feb 2008 19,968 ...H. --- "C:\Documents and Settings\Administrator\My Documents\Michael's Stuff\School Shtuff\~WRL0371.tmp"
Mon 7 Jan 2008 22,016 ...H. --- "C:\Documents and Settings\Administrator\My Documents\Michael's Stuff\School Shtuff\~WRL2046.tmp"
Wed 27 Feb 2008 19,968 ...H. --- "C:\Documents and Settings\Administrator\My Documents\Michael's Stuff\School Shtuff\~WRL2287.tmp"
Tue 8 Oct 2002 106,496 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"

Finished!
  • 0

#4
mferrozzo
Posted 03 September 2008 - 09:16 PM

mferrozzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
logtxt report:


Logfile of random's system information tool (written by random/random)
Run by Administrator at 2008-09-03 18:24:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 40 GB (52%) free of 76 GB
Total RAM: 2031 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:11 PM, on 9/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienwareGuise\AlienGUIse\wbload.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\MSN\MSNIA\dslmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINNT\system32\WDBtnMgr.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\PROGRA~1\CLEANS~1\csta.exe
E:\Steam\Steam.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Clean Space Tray Agent] C:\PROGRA~1\CLEANS~1\csta.exe startup
O4 - HKCU\..\Run: [Arma] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\DOBE~1\nslookup.exe" -vt yazr
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [LDM] E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "E:\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - E:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\FlashGet\FlashGet.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-01AA0055595A} - http://www.truesuite...leanInstall.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINNT\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINNT\system32\PnkBstrA.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: wampapache - Apache Software Foundation - E:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - E:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\kyjedix.html
O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\hogybavuv.html

--
End of file - 13047 bytes

Scheduled tasks folder

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Symantec NetDetect.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - E:\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - E:\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-08-24 439872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"Keyboard Preload Check"=C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:Keyboard Preload Check []
"Hot Key Kbd 9910 Daemon"=C:\WINNT\system32\SK9910DM.EXE [2001-01-03 66048]
"GWMDMpi"=C:\WINNT\GWMDMpi.exe [2002-08-06 53248]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2002-08-06 90112]
"DSL Connection Tool"=C:\Program Files\MSN\MSNIA\dslmon.exe [2002-10-26 110592]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"LyraHD2TrayApp"=C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe [2005-03-31 290816]
"UpdReg"=C:\WINNT\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe []
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NapsterShell"=C:\Program Files\Napster\napster.exe /systray []
"NvCplDaemon"=C:\WINNT\System32\NvCpl.dll [2006-10-22 7700480]
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-03-11 155648]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-03-11 114688]
"nwiz"=C:\WINNT\system32\nwiz.exe [2006-10-22 1622016]
"NvMediaCenter"=C:\WINNT\System32\NvMcTray.dll [2006-10-22 86016]
"WD Button Manager"=C:\WINNT\system32\WDBtnMgr.exe [2007-04-15 339968]
"Logitech Hardware Abstraction Layer"=C:\WINNT\KHALMNPR.EXE [2004-12-10 49152]
"DT HPW"=C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe [2007-04-25 280064]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-10-03 684032]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"Lycosa"=C:\Program Files\Razer\Lycosa\razerhid.exe [2007-11-20 147456]
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe [2007-05-07 159744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 200767]
"Clean Space Tray Agent"=C:\PROGRA~1\CLEANS~1\csta.exe [2005-05-15 274432]
"Arma"=C:\DOCUME~1\ADMINI~1\MYDOCU~1\DOBE~1\nslookup.exe -vt yazr []
"igndlm.exe"=C:\Program Files\IGN\Download Manager\DLM.exe [2007-03-05 1103480]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []
"LDM"=E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe []
"Steam"=E:\Steam\Steam.exe [2008-05-19 1271032]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - E:\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-03-11 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienwareGuise\AlienGUIse\fastload.dll [2001-12-21 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\SteamApps\thecyk0\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\thecyk0\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\WINNT\system32\PnkBstrA.exe"="C:\WINNT\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINNT\system32\PnkBstrB.exe"="C:\WINNT\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\iTunes\iTunes.exe"="E:\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Steam\SteamApps\thecyk0\counter-strike source\hl2.exe"="E:\Steam\SteamApps\thecyk0\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\cpufreak\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\cpufreak\counter-strike source\hl2.exe:*:Enabled:hl2"
"E:\mIRC\mirc.exe"="E:\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\SteamApps\pballairsoft1991\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\pballairsoft1991\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Limewire\LimeWire.exe"="C:\Program Files\Limewire\LimeWire.exe:*:Enabled:LimeWire"
"E:\NEXON\MapleStory.exe"="E:\NEXON\MapleStory.exe:*:Enabled:MapleStory"
"E:\NEXON\Patcher.exe"="E:\NEXON\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"E:\LOTRO\lotroclient.exe"="E:\LOTRO\lotroclient.exe:*:Disabled:lotroclient"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"E:\Starcraft\Starcraft\StarCraft.exe"="E:\Starcraft\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"E:\MapleStory\OdinMS.exe"="E:\MapleStory\OdinMS.exe:*:Enabled:MapleStory"
"C:\OdinMS\OdinMS.exe"="C:\OdinMS\OdinMS.exe:*:Enabled:MapleStory"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"E:\Nexon\MapleStory\OdinMS.exe"="E:\Nexon\MapleStory\OdinMS.exe:*:Enabled:MapleStory"
"C:\Program Files\Steam\SteamApps\cpufreak\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\cpufreak\team fortress 2\hl2.exe:*:Enabled:hl2"
"E:\LocalMS setup\LocalMS 0.50\LocalMS.exe"="E:\LocalMS setup\LocalMS 0.50\LocalMS.exe:*:Enabled:MapleStory"
"E:\wamp\bin\apache\apache2.2.8\bin\httpd.exe"="E:\wamp\bin\apache\apache2.2.8\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"E:\My Maplestory Private Server\MapleStoryServer\Debug\MapleStoryServer.exe"="E:\My Maplestory Private Server\MapleStoryServer\Debug\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"E:\My Maplestory Private Server\TitanMSVer006\MapleStoryServer\Debug\MapleStoryServer.exe"="E:\My Maplestory Private Server\TitanMSVer006\MapleStoryServer\Debug\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"C:\Program Files\Steam\SteamApps\a_jap\counter-strike\hl.exe"="C:\Program Files\Steam\SteamApps\a_jap\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\Program Files\Steam\SteamApps\a_jap\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\a_jap\counter-strike source\hl2.exe:*:Enabled:hl2"
"E:\Warcraft III\Warcraft III.exe"="E:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\Warcraft III\ftinst.tmp\Warcraft III.exe"="E:\Warcraft III\ftinst.tmp\Warcraft III.exe:*:Enabled:Warcraft III"
"E:\Steam\Steam.exe"="E:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\hl.exe"="C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\hl.exe:*:Enabled:Half-Life Launcher"
"H:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="H:\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"E:\Call of Duty 4 - Modern Warfare\iw3mp.exe"="E:\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Steam\steamapps\thecyk0\day of defeat source\hl2.exe"="E:\Steam\steamapps\thecyk0\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Launcher.exe"="E:\Launcher.exe:*:Enabled:Hellgate: London"
"C:\WINNT\neos.exe"="C:\WINNT\neos.exe:*:Enabled:enable"
"E:\ProjectPowder\Run.exe"="E:\ProjectPowder\Run.exe:*:Enabled:ProjectPowder"
"C:\Program Files\RealVNC\VNC4\winvnc4.exe"="C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32"
"E:\S4League\S4Client.exe"="E:\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\Program Files\Outspark\Project Powder\Run.exe"="C:\Program Files\Outspark\Project Powder\Run.exe:*:Enabled:ProjectPowder"
"E:\Perfect World\Perfect World International\Program Files\Perfect World Entertainment\Perfect World International\patcher\patcher.exe"="E:\Perfect World\Perfect World International\Program Files\Perfect World Entertainment\Perfect World International\patcher\patcher.exe:*:Enabled:Perfect World"
"E:\FlashGet\FlashGet.exe"="E:\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"C:\WINNT\system32\a.exe"="C:\WINNT\system32\a.exe:*:Disabled:a"
"C:\WINNT\system32\sysrest32.exe"="C:\WINNT\system32\sysrest32.exe:*:Enabled:enable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="E:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

List of files/folders created in the last three months

2008-09-03 18:24:02 ----DC---- C:\rsit
2008-09-03 18:23:47 ----AC---- C:\RSIT.exe
2008-09-03 17:57:54 ----D---- C:\WINNT\ERUNT
2008-09-03 17:40:54 ----DC---- C:\SDFix
2008-09-02 16:54:06 ----D---- C:\Program Files\Trend Micro
2008-09-01 10:20:12 ----A---- C:\WINNT\ntbtlog.txt
2008-08-27 10:49:52 ----A---- C:\WINNT\system32\msexcr.ini
2008-08-22 20:48:20 ----D---- C:\Documents and Settings\All Users\Application Data\Razer
2008-08-22 20:48:15 ----D---- C:\Program Files\DIFX
2008-08-22 20:47:33 ----D---- C:\Program Files\Razer
2008-08-22 20:47:13 ----D---- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-08-21 12:43:03 ----D---- C:\Program Files\CPU-Z
2008-08-21 08:39:53 ----A---- C:\WINNT\system32\unicows.dll
2008-08-19 22:18:48 ----D---- C:\Program Files\alaplaya
2008-08-18 23:54:29 ----D---- C:\Program Files\Common Files\DirectX
2008-08-18 21:51:24 ----D---- C:\Program Files\RealVNC
2008-08-18 21:49:21 ----D---- C:\Program Files\VNC
2008-08-18 20:53:42 ----D---- C:\Program Files\Outspark
2008-08-18 11:58:16 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-18 11:58:10 ----D---- C:\Program Files\SUPERAntiSpyware
2008-08-18 11:58:10 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-18 00:21:26 ----D---- C:\Documents and Settings\Administrator\Application Data\rhcga7j0enf7
2008-08-18 00:21:18 ----D---- C:\Program Files\rhcga7j0enf7
2008-08-17 23:46:59 ----DC---- C:\google.com
2008-08-17 23:46:54 ----DC---- C:\AntivirAsistant
2008-08-15 23:06:19 ----A---- C:\WINNT\system32\javaws.exe
2008-08-15 23:06:19 ----A---- C:\WINNT\system32\javaw.exe
2008-08-15 23:06:19 ----A---- C:\WINNT\system32\java.exe
2008-08-12 17:08:56 ----A---- C:\WINNT\system32\xfcodec.dll
2008-08-06 13:33:26 ----D---- C:\Program Files\Apple Software Update
2008-07-16 13:20:14 ----D---- C:\Program Files\Bonjour
2008-07-14 23:54:12 ----DC---- C:\Documents and Se?tings
2008-07-06 22:45:42 ----AC---- C:\bgch.exe
2008-07-06 21:55:40 ----D---- C:\Program Files\DivX
2008-07-04 12:58:33 ----D---- C:\Program Files\CCleaner
2008-07-04 12:57:09 ----A---- C:\Program Files\ccsetup209.exe
2008-06-19 08:35:59 ----D---- C:\Documents and Settings\Administrator\Application Data\SPORE Creature Creator
2008-06-10 19:04:26 ----A---- C:\WINNT\system32\ssldivx.dll
2008-06-10 19:04:26 ----A---- C:\WINNT\system32\libdivx.dll

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2002-10-03 240640]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2002-10-03 134426]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sdcplh;sdcplh; C:\WINNT\System32\drivers\sdcplh.sys [2005-09-21 40576]
R1 Sk9920nt;PS/2 Keyboard Filter Driver for NT 4.0; C:\WINNT\System32\DRIVERS\Sk9920nt.sys [2000-09-12 6208]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2002-10-03 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\system32\System32\drivers\ws2ifsl.sys []
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2003-06-02 8552]
R2 aswFsBlk;aswFsBlk; C:\WINNT\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 HidUsb;HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINNT\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINNT\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINNT\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2003-01-08 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2003-01-27 494160]
R3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-01-08 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2003-01-09 136448]
R3 DAdderFltr;DeathAdder Mouse; C:\WINNT\system32\drivers\dadder.sys [2007-04-12 10880]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2002-10-03 25674]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-01-09 116416]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 GTWModem;GTW V.92 Voicemodem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2002-08-06 1107680]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2003-01-27 819760]
R3 hamachi;Hamachi Network Interface; C:\WINNT\System32\DRIVERS\hamachi.sys [2007-11-13 25280]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-03-13 90395]
R3 LycoFltr;Lycosa Keyboard; C:\WINNT\System32\Drivers\Lycosa.sys [2007-09-27 21888]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2007-01-01 28256]
R3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 OmniUsb;Ideazon USB Zboard Driver; C:\WINNT\System32\DRIVERS\OmniUsb.sys [2005-09-22 28800]
R3 OmniUsbl;Ideazon USBl Zboard Driver; C:\WINNT\System32\DRIVERS\OmniUsbl.sys [2005-09-22 9696]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2003-01-09 113840]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINNT\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2002-10-08 33588]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 210dc75e-c6fc-43c8-83ce-a0c4cfcfa649;210dc75e-c6fc-43c8-83ce-a0c4cfcfa649; \??\D:\CDS300\cds300.dll []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BCMModem;BCM V.90 56K Modem; C:\WINNT\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 EagleNT;EagleNT; \??\C:\WINNT\System32\drivers\EagleNT.sys []
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2005-12-08 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINNT\system32\drivers\hap17v2k.sys [2005-12-08 179712]
S3 jatmlano;jatmlano; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jatmlano.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINNT\System32\Drivers\L8042Kbd.sys [2004-12-10 13056]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINNT\System32\Drivers\L8042mou.sys [2004-12-10 52992]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINNT\System32\DRIVERS\LHidKE.Sys [2004-12-10 24704]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINNT\System32\Drivers\LHidUsbK.Sys [2004-12-10 36480]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINNT\System32\Drivers\LMouKE.sys [2004-12-10 68992]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2002-10-03 30406]
S3 MsnDslLn;Microsoft MSN™ DSL 1000 Modem Driver; C:\WINNT\System32\DRIVERS\MsnDslLn.sys [2002-07-08 28832]
S3 MsnDslUs;Microsoft MSN™ DSL 1000 Modem Interface Device Driver; C:\WINNT\System32\DRIVERS\MsnDslUs.sys [2002-07-08 46880]
S3 npkcusb;npkcusb; \??\E:\WillzMS\npkcusb.sys []
S3 OmniDrv;Ideazon Keyboard Driver; C:\WINNT\System32\DRIVERS\OmniDrv.sys [2005-09-22 30976]
S3 PCDRDRV;Pcdr Helper Driver; \??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys []
S3 pdiddcci;DDC/CI monitor; C:\WINNT\System32\DRIVERS\pdiddcci.sys [2007-04-24 11776]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Sk99202k;PS/2 Keyboard Filter Driver for Win2000; C:\WINNT\System32\DRIVERS\Sk99202k.sys [2000-09-11 7552]
S3 STEAMDVR;STEAMDVR; \??\C:\Program Files\Steam\bin\x86\SteamDvr.sys []
S3 TIEHDUSB;TIEHDUSB; C:\WINNT\system32\drivers\tiehdusb.sys [2005-01-17 49536]
S3 TVICHW32;TVICHW32; \??\C:\WINNT\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINNT\System32\DRIVERS\usb8023.sys [2004-08-03 12672]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 XDva037;XDva037; \??\C:\WINNT\system32\XDva037.sys []
S3 XDva189;XDva189; \??\C:\WINNT\system32\XDva189.sys []
S3 XTrapD12;XTrapD12; \??\C:\WINNT\System32\XTrapD12.sys []

List of services

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINNT\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-04-25 73728]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\System32\nvsvc32.exe [2006-10-22 159810]
R2 PnkBstrA;PnkBstrA; C:\WINNT\system32\PnkBstrA.exe [2007-12-26 66872]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\System32\wdfmgr.exe [2005-01-28 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2002-10-08 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 DNADownloader;DNADownloader; C:\Program Files\GameSpot\DownloadManager_Win32.exe [2007-08-28 708608]
S2 npkcsvc;npkcsvc; C:\WINNT\System32\npkcsvc.exe [2004-03-31 172544]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINNT\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 usprserv;User Privilege Service; C:\WINNT\System32\svchost.exe [2004-08-04 14336]
S3 wampapache;wampapache; E:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; E:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe [2008-01-18 5750784]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
  • 0

#5
mferrozzo
Posted 03 September 2008 - 09:17 PM

mferrozzo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
info.txt:


info.txt logfile of random's system information tool 2008-09-03 18:24:14

Uninstall list

-->C:\WINNT\IsUninst.exe -f"c:\program files\wildtangent\games\gamechannel\nice2.isu"
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINNT\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 9 ActiveX-->C:\WINNT\System32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENW~1\ALIENG~1\thememgr.exe /uninstallwise
AOL Coach Version 1.0(Build:20020823.1)-->C:\WINNT\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BannedStory 3.0-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall bs.BannedStory B138736892407FF2891DACB3EC40AB4373DCB810.1
BannedStory-->MsiExec.exe /I{62C81505-65E8-BBFF-5A9B-23958770F694}
BeClean-->"C:\Program Files\BeClean\unins000.exe"
Blackhawk Striker-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {C4AE01B9-84F3-489F-A990-68306BC5548C}
Blasterball 2-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {3DA2C525-0A4A-4634-8656-8F442FD2C44A}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Clean Space 9-->C:\PROGRA~1\CLEANS~1\UNWISE.EXE C:\PROGRA~1\CLEANS~1\INSTALL.LOG
Command & Conquer Red Alert 2-->C:\Westwood\RA2\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge-->C:\Westwood\RA2\Uninstll.EXE
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Creative Driver-->C:\WINNT\System32\ctdrvins /s /u /g
Dark Orbit-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {19906F9F-2E4F-4389-BB6E-205FE12B4BAA}
DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
Diablo II-->C:\WINNT\DIIUnin.exe C:\WINNT\DIIUnin.dat
Disney's Lilo and Stitch Pinball-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {33C279DD-AA04-406D-B122-CBE750316CEB}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Do More 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2B7C41F-C63D-4935-B323-B60673724D63}\SETUP.EXE" -l0x9
DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Encyclopædia Britannica 2003 Student Edition-->"C:\Program Files\Britannica 2003\Student Edition CD\Uninstaller.exe"
EphPod-->E:\PROGRA~1\EphPod\UNWISE.EXE E:\PROGRA~1\EphPod\INSTALL.LOG
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ewido anti-spyware 4.0-->C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
FlashGet 1.9.6.1073-->E:\FlashGet\uninst.exe
GameSpot Download Manager-->"E:\Gamespot Download Manager\GameSpot\uninstall.exe"
Garry's Mod-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Gateway Drivers and Applications Recovery-->C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway Rhapsody-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
GemMaster 2-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {080E0356-D231-41FC-8F31-9760FC4487D9}
GTW V.92 Voicemodem-->C:\WINNT\GWMDMU.exe verbose
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
Hellgate: London Demo-->MsiExec.exe /X{65DF3688-6EF3-4C86-83DE-54AB46029F07}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP My Display-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
IGN Download Manager 2.2.2-->C:\Program Files\IGN\Download Manager\uninst.exe
Index.dat Suite-->"C:\Program Files\Index.dat Suite\unins000.exe"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lehvak Screen Saver-->C:\WINNT\Lehvak.scr /u
LimeWire 4.18.5-->"E:\Limewire\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Lyra Jukebox Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9
MapleStory-->MsiExec.exe /I{0A41BC21-EA0F-4B0B-BEA4-2997B80DB0D9}
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
MGI PhotoSuite 8.1 (Remove Only)-->C:\WINNT\IsUninst.exe -f"c:\program files\Uninst.isu"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINNT\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB886906)-->"C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\M886906\M886906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINNT\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2003-->MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Halo Trial-->"C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2003-->MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft MSN™ DSL 1000 Modem-->C:\Program Files\Microsoft Network\DSL 1000 USB Modem\MSNUnist.exe -w7 Microsoft\MSN™ DSL 1000 Modem
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU-->MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe d:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
mIRC-->E:\mIRC\uninstall.exe _?=E:\mIRC
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla FireFox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Network Play System (Patching)-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
nProtect KeyCrypt-->C:\WINNT\System32\npkuninst.exe
NVIDIA Drivers-->C:\WINNT\System32\nvudisp.exe UninstallGUI
Outspark Sharp Launcher-->MsiExec.exe /X{B5560986-7A6A-4CCA-A808-853D2CED3796}
Panda ActiveScan-->C:\WINNT\System32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Pig Pen-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {5F2A75DB-87B7-4E3B-9C8B-1E1059154C84}
pressplay-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47D684C4-817D-11D5-818F-009027864C7F}\Setup.exe" -l0x9 ppc
Project Powder-->MsiExec.exe /X{E83816B1-57FC-4999-B9B6-A422AFFAD876}
PS/2 Millennium Keyboard-->SKUninst.exe SK_PS2MillenniumKeyboard
Quicken 2003 New User Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6247A653-067B-4117-A88B-764B16329DC5} anything
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Razer DeathAdder™ Mouse-->C:\Program Files\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\Setup.exe -runfromtemp -l0x0009 -removeonly
Razer Lycosa-->C:\Program Files\InstallShield Installation Information\{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}\Setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RelevantKnowledge-->C:\winnt\system32\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
Rose Online Evolution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{326A2DF2-7823-45D0-BFCC-31B6A5E38095}\setup.exe" -l0x9 -removeonly
S4 League-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}\setup.exe" -l0x9
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINNT\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINNT\$NtUninstallKB913446$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\System32\Macromed\SHOCKW~1\Install.log
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK-->"E:\Steam\steam.exe" steam://uninstall/211
Space Rocks-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {5531CF62-6C27-4F13-8592-E370AA1000CE}
SPORE™ Creature Creator Trial Edition-->"C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINNT\SCunin.exe C:\WINNT\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"E:\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TouchCopy-->MsiExec.exe /I{9F1385C3-E388-4600-B21D-2C4A01280A69}
TrackMania Nations Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/11020
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
USB Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57EC14EF-9A27-11D6-85E9-F476176AA204}\Setup.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Warfare-->"C:\Program Files\wildtangent\apps\gamechannel.exe" \removeitem {A198A102-87F7-4966-809A-45134182A3B1}
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
WampServer 2.0-->"E:\wamp\unins000.exe"
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
Wheel of Fortune 2003-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C04175C-B66B-416E-AF20-A71DBA1459A1}\setup.exe"
WildTangent GameChannel (remove only)-->"C:\Program Files\WildTangent\Apps\uninstallgamechannel.exe"
Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINNT\system32\DRVSTORE\flter2k_4C07D910D9DBDDE4C982515D19B35AAA0D3BCD8B\flter2k.inf
Windows Imaging Component-->"C:\WINNT\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINNT\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINNT\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINNT\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINNT\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRar\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\YPSR\unypsr.exe

Hosts File

127.0.0.1 localhost

Security center information

AV: avast! antivirus 4.8.1229 [VPS 080903-0]

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"sourcesdk"=e:\steam\steamapps\thecyk0\sourcesdk
"VProject"=e:\steam\steamapps\thecyk0\counter-strike source\cstrike
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
"HellgateEnv"=E:\

-----------------EOF-----------------
  • 0

#6
fenzodahl512
Posted 03 September 2008 - 10:23 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.
  • 0

#7
fenzodahl512
Posted 09 September 2008 - 03:47 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP