Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help...possible infection?!


  • Please log in to reply

#1
davis05x3

davis05x3

    New Member

  • Member
  • Pip
  • 5 posts
I am currently running a Hewlett Packard Pavilion XT958 and I am having major issues. It is running super slow and I can't get certain programs and games to work. Can someone please help me identify this problem? :)
Here is a copy of my hijack this logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:35 PM, on 10/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autopogo1.com/page.php?10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Finders Keepers\Images\stg_drm.ocx
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132420680718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132421218249
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Finders Keepers\Images\armhelper.ocx
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10962 bytes


Any information that you have would be greatly appreciated. Also if anyone knows of any free antivirus programs that would also be helpful. Thanks

-Darla Davis
  • 0

Advertisements


#2
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
davis05x3, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your issues.

If I have not responded to you in a time period longer than 4 days, please feel free to PM me.

I will be reviewing your post and will get back to you shortly.

Thanks and I look forward to working with you. :)
  • 0

#3
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
First, let's get a better log.

STEP ONE
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#4
davis05x3

davis05x3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi there! Thanks so much for your fast response. Here is a copy of those files from the scan I just ran.

INFO

info.txt logfile of random's system information tool 1.04 2008-10-27 15:55:41

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Gadgets 2.8-->C:\PROGRA~1\AIMGAD~1\UNWISE.EXE C:\PROGRA~1\AIMGAD~1\INSTALL.LOG
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Big City Adventure-Sydney Australia 1.00-->C:\Program Files\ToGo Game\Big City Adventure-Sydney Australia\Uninstall.exe
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Blasterball 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A20CB6-144D-4523-9112-01E5AE3A81B9}\Setup.exe"
BlasterBall Wild-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42450D0B-8F0B-4EA2-90F6-6047F634ACC7}\setup.exe"
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
DVDInfoPro-->MsiExec.exe /I{64E41792-E142-4337-BEF9-A324C6FDB783}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Finders Keepers-->C:\Program Files\Finders Keepers\uninstall.exe
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GoBack Personal Edition-->C:\Program Files\Roxio\GoBack\Setup.exe /u
HexDump plug-in for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\hexdump\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\hexdump\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp center-->C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Learning Adventure-->c:\program files\HPSelect\Frontend\uninstall.exe
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_a86c004\Setup.exe /APR-REMOVE
Lexmark 3400 Series-->C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
LimeWire 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.70 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE /s C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Logitech User's Guide-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Logitech\UsrGuide\UGUninst.isu" -c"C:\Program Files\Logitech\UsrGuide\UGUnInst.dll"
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Marine Aquarium 2.5, Goldfish, Sharks & Carousel Bundle-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Prolific Publishing, Inc.\Marine Aquarium 2.5, Goldfish Aquarium & Sharks, Terrors of the Deep Bundle\Uninst.isu"
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2001-->MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! for Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works and Money 2001 Setup Launcher-->C:\Program Files\Microsoft Works and Money 2001\Setup\Launcher.exe d:\
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
netMarket-->D:\netmarkt\netmarkt\setup.exe -fNETMKTUN.ins
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PCFriendly-->C:\program files\PCFriendly\inuninst.exe
PerformanceTest v4.0-->"C:\Program Files\PerformanceTest\unins000.exe"
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
PigPen-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F20ADFD-5679-11D5-A8E1-00A0CC663B7C}\setup.exe"
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
Python 1.5 combined Win32 extensions-->C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG
Python 1.5.2 (final)-->C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG
Quicken Financial Center-->C:\PROGRA~1\QUICKE~1\rem\UNWISE.EXE /s C:\PROGRA~1\QUICKE~1\rem\INSTALL.LOG
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real War Rogue States-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF75089-392B-4771-B791-17316E27EBA6}\setup.exe" -l0x9
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
S3 Gamma-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage4 Family Display Switch2 Utility-->S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\INSTALL.LOG
SimAQUARIUM2 Tank-2 Screensaver-->"C:\Program Files\SimAQUARIUM2\unins000.exe"
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins002.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Tcl 8.0.5 for Windows-->C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08DA21BF-9912-409E-B802-943C6DC2DA81}\Setup.exe" -l0x9
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
VX2 Cleaner plug-in for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\Plugins\VX2CLE~1\INSTALL.LOG
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Yahoo! Address AutoComplete-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
Yahtzee-->MsiExec.exe /I{1C7E1037-0AC0-4941-A9DF-3CD766334583}

======Hosts File======

127.0.0.1 localhost
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[IE-SpyAd]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 m3.abnad.net
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com

======Security center information======

AV: Norton Internet Security (disabled) (outdated)
FW: Norton Internet Security (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program files\PC-Doctor for Windows XP\WINDSAPI;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 0 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=000a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------





LOG

Logfile of random's system information tool 1.04 (written by random/random)
Run by Darla at 2008-10-27 15:54:46
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 35 GB (48%) free of 74 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:15 PM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Documents and Settings\Darla\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Darla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autopogo1.com/page.php?10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Finders Keepers\Images\stg_drm.ocx
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132420680718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132421218249
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Finders Keepers\Images\armhelper.ocx
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Liv
  • 0

#5
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Looks like part of your log was cut off there. Can you post the rest of the log.txt log?

Edited by Gravity Gripp, 27 October 2008 - 02:17 PM.

  • 0

#6
davis05x3

davis05x3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry about that! I don't know what happened. Here it is again:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Darla at 2008-10-27 20:50:36
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 35 GB (48%) free of 74 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:29 PM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darla\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Darla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.autopogo1.com/page.php?10
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[email protected]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = C:\Program Files\CreataCard\Gold\fmrmd32.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Fleet - http://download.game...s/y/fltt3_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Finders Keepers\Images\stg_drm.ocx
O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} - http://www.ea.com/do...trap/iegils.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132420680718
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132421218249
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} (JFC Classes) - http://igweb04.iamga.../cabs/swing.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Finders Keepers\Images\armhelper.ocx
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinn.../familyfeud.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10994 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Darla.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-09-23 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"zzzHPSETUP"=D:\Setup.exe []
"StorageGuard"=C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-06-15 212992]
"QD FastAndSafe"=C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe []
"PS2"=C:\WINDOWS\system32\ps2.exe []
"NvCplDaemon"=NvQTwk []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2001-08-07 143360]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2001-08-23 196608]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2001-08-07 90112]
"GhostStartTrayApp"=C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe []
"EM_EXEC"=C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2002-07-01 28672]
"checktime"=c:\program files\HPSelect\Frontend\ct.exe [2001-08-13 45056]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe []
"Pure Networks Port Magic"=C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-04-05 99480]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe []
"CHotkey"=C:\WINDOWS\mHotkey.exe [2004-10-20 550912]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"lxcymon.exe"=C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2007-06-25 291504]
"EzPrint"=C:\Program Files\Lexmark 3400 Series\ezprint.exe [2007-06-25 82608]
"LXCYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-25 51048]
"osCheck"=C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe []
"Aim6"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-09-19 4347120]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
CreataCard Gold 2 Forget Me Not Reminders.lnk - C:\Program Files\CreataCard\Gold\fmrmd32.exe
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\AlienGUIse\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6809e580-a3a7-11d1-9a00-00a0c945b006}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"DriveConfiguration"=0B32071FBF15A5B0078B942A0B6E5CC1BA427DC4BD5E06DAA94C638B787277033AF1EA1308
CDC5793A4E3C61D9A7CA2B57D6846F7ECBA63FA7CC73AC2C183C8B20CBBE783D01B01C1D3E9DACC6A
D0EF0B2DFE84D10A05828420A5D90E3DA104B732487285745F991211A2360126FEAF3DDBB4183AE0A
4DB16B3AC7623A6AA3CD43B0EFD2B70AFD8E1198C42C9C0884FE3551A9CC52A4F26C43C09FD292B8C
416EA842BC964A07355CF73FEEAAA505E2437410AE8D003568E7E51A246C865D1B4C9BDFCDE851B68
487DCFB65D81385A11C6894EC539C9086B121DA9EAAB4A77C493768DF6DE2EE2D11FC0AE27E55A5CE
495D4958609ACACA2CF4E301D87E46E9F8D6F3745D917E49723BF96B94ADDC2E5F689EE187CD3B50C
035A1167E51ADA325886898C4ED742A099A312D453B174437D0C1BF56EE656EB2E4F5F48EDCCF6941
66D00F3CA1EC652D5CC93A7E0CA7F7AE87286A4EF0FDD57F1FA855E190420A6351404FE67118E1B1E
03B8DF4575EEDABA1D1E1202BF0FFF3B4EF3DA52543F179D7695BA30CCEFD4A564853A416B1CA79EA
3C5FDEB11BD94EDF591D244FF86FCF0C0374B145F8043F98D9B4055BB8952CE8AB44ABA83D2152908
0C49258A60FE38FD44DF2F898C801E838DF2A4BF9B83967057302E04C0C63AB95A0781045AABEEF71
4029D0BB3DA361C2CA37AB574D11B8EF182D1532F61AAA7D5CAA169D72E7336EDBAAE2F43330BFC72
25FD10AF3C8A2F42F25A2E3A6A0EFBB7609CD2DC69B336FC70B33923A35FA7C53C5AA63EB28C8B5C3
1C7F21E48AB0DBBE2C73CE67800DE51853767703926B37F718B9AC6E789C51CA64BC0AAC2EA50F145
91060E6CDF143D148C609DA26F50D732FB000430B5FAE17789C4ED5A0EF07EA4704359DDAD1580C90
5FB4B32ABA4BAE7C1010A0583A98675C37BA0B6958540DD4B245CDAA46DC9FC40CC51B757EB05A6AB
D6D4CCBB5C5D1F973AB80247BF703EA3BE7E388DB7AE98DFAD4799B5DAED5F75A1C68B0DC4DC0E7CD
7C33A94F57B1FFEB197147E4F9F947834B44CB49C72715E8B1A575106F1409482E371259D6C8CF60C
B91936A7D50A66D1BE5A913A0542E368511B5F1EE9629B702461CF83200C2C94B72A6F3CAFB5B5F23
18291D17D245C9BDB0ECCFFD5F9C817A3857B35E723A8DF9B323D1847682AE1777473006CE28400C3
123EC579327C6F91E9979EC35979A7E09E1BAB5303ED6DA8767860503A42049EDCF2731668B437E7D
CDF5FB6DDD5D29DA92BE3744D0B254F18D680474F0D847E2271FE5DDF69C92066A5E795AADD01D020
A5AC0A038C89FADC44D5FA6F130AABA6CD048DD60063CD446E305DE8C0C34A7178E44B8828309559E
1BEF750EF032220C3F3480A3169EA5CDCC9EA38EEE4E8960C1CCB8C88C89ECDCDD9D99E7049BE91F4
EE865980DB45C86F97B8B60BCE2C5199479BB5971619BC41136E18598B059F283505E5C067BD10858
945E8ECCA622E8113AB2F2F39EA98BC77C58C931B9EF4C67FB71753DA3B9A6AA699B8A96049502657
579261DE5904DA46ED2623A4635139D5B6E514C0C1A37DDBAF5820F1B4BCE222FA99752BDF3029E75
DD80516C9E8165EC1D7078F5FA2F22BB36E7626716F0AEA95E608909E31342DA8AF245971B7293268
88D516497F5D709F8D42D287E93145B80227DCC0B8D89090CB52473B94DE36FBF3276975889EA03E2
61C5D9D84C93B93363D8118DCE6F7A89AAAF9FE95C8CDC91FEA14299BE22B2A1064443FEFAB019583
6A94A72F06240CF702739441BABF94DD55E57E44F5CCB51D30019F06C49FFB908672758B9C5C7785E
CF7438DD47B3F3C1CE38FF7294BE96E95739DA568386C14C3722013B60754E05A417C2C697DCB7145
2753853CE66F6F0A135E7A9F7030892317E6AA38B0D5EE7FE74B775D1D75D2FF5E80879B94FFEFF9F
A8D4633D3B301B85B0B6297DDFEA649FBC8AC4DF11D420B72AAB1BE9D9BC410440E7130AAC8BC258B
27D9625D58919AD6CAE6D6AEE3FAC4A6F12D52C963867BF23954618EB9159DA36496D311285C8918D
743391BD865A4A4951C3D6AA7540CD80B627C01660D841009F88BDC3CD5D0BDCAD6099EC1644A5473
14292EC0D720CE98703237BB2CD226C3CD00A665C7B5DFF4AF812F26F0737C1BC039C89B5288059F4
DBE2B14957EC789DBC93D581466D3969C49F311D4E2A6C2A507B55DC12F0D262BE06806F96A2ADE58
D6891BD21AF18BCC8EA76F53A4ACD118D3E418B8D477D9411178F0F25BC5D043DB2E17254BD9658B9
565E46F299C4D4F7C0B0F1E0AAB8EC5EBC8351088B65E04A3C07273986151CDE2B6F439E03450E5D9
967E9A3E1A1A9330EDE98F42E4BE25806C9E58B0C4226BD76A1DF600D27F3A385E79B2DD958BE2EA1
968DA94A94DADD9E3C9F9EDF7DC14E67567A8CE0FE0A0F7A04A488E6E65AF73AC2250484359F2C8D3
BECD5BF412EEE7C196DDE897C57CC31A423257791049D6F30195D39B71579C58953360C92FCC7A15C
5DF036D1FE9DB47AD2E803587F378BAF6EEF05C36FBA2FA7A10FC6031737E19882B638430B4852A61
F77B4F1F7804C7BCD2A80B9E609C8C423EE7488170C39A1260465651958E41153E8368CEC906B4A74
D93060A5A090DFAB7A369A8A72911416C68F20B0ADFD8B04DBB92D90D0651FFB11B527EF25DBDECE1
28CCA82C082FB69D29B0CAE30F13A29587409974DEA37AF09550D492EEC37309C9B556719774E7A0A
D8DC7BB6586B8941ED0B93685F772BD131CD36CD7A5F9F97633512B70D4FFA7A57A810717AD8F2DF1
7C46D7C9B9867322669934356A1565F08803FE40959240758CDA24D681EA621615752FA4C68CA7422
3156C138E7A90F5409EB5108D1572AF6A94F94F2CA6F7F692A1BCC706D99CD2201395306C3D31506D
5CAE8CE2C55D004790489B9F4A17767195EA356511062ECC20475BB5561BC21F7FA93898C40AC80E2
CB659E2623C8A3EB937E1A96D7D25D82C9908C7D57C09097F6F995CBD4C7D8120EE734BFEE618F572
6F09B8A4A4499D4BF1E3907095C8D0B774951A0254F342022C20DFFEFAAE8944A57CF5BD3EE561C48
5373338AF67DDD0660303AF1267E0395734E624DEFEA4D25945EDDEC1A737F4E25341E71AC1F8FD5E
A09C8D7D101FCDA99512CEE5333D324896B23943B75291D66B2E55C43A3EEBE662562CC41F57C6662
AA2DF6880D3FB4D64AB2015A74D381227AEB6F796477D327D0CFD7C80A29FAEE3CD63D64D27C78ACC
18EB7C1A9902F44F1FBCAEA9B642758AB4AB55DC265B704ADB79A05623A35EA6D5E1E39F97D88C355
941830223999C9511197D0C9BE802E51A90DF1188AE884A88EE4DA7A637CA6EDF237E2964B2BAFC9B
953FBD3567B31D25A9F8682E07B00C1EEB2874BBCF87749FB94CE74701F797665A055C7F102288B28
F9B83D62512B3C909759F049B305373EDA2068383CEFA7C5754A411209F0D35D45F78316C953A45F4
E7BE15AA919B2F90850F220671A1ACE59912DB141F917256812E8E6663918A468FEC1FD43A2ED09E8
87985F753D7764A28294AAF935F80BC9DEF0F9E927F496808E505AA1C52FD46FF95CA757FB2D81E53
0D7F390B0673FF1030894100826D4C015A930F56C170802FF1E93BC6140C6CA74FFEF04FFF34B7F94
3E66DB5BAC159BA8EDD85FDB1EE1F0366BE1FF304DB2AEFF68CB6A407950A7020DCEDDAE4C2E5393B
AAAAAECA7236A3676731682E07AD1ED20B13D532A55DF12D0686D2B6233FB42BB9E4D3E28EAED305F
A2A60A1A7EA11F9957A9320619503C7C6999B5364399132C095723C708DC079852A914D726BFACC0C
9CA93997C31B6E96260E7EE20D3A9AFAC93C319AF5D35B8FFC4E78C9DB4514B229880EBE5455FA432
DCEC38CA7A99528DB2AFA88504E43C97A4929CF809533B49342FF5CBE9BAC6E76E3BFB278B9F04B67
FF24DE63259BF7DEAB6BA8ABE12D7258F2F669BE208894D651CA93CECB76845D3C122653FD213F749
79A3C86879918A93E557FE76C52320C7E95D7ADB865A307B29ADC1B7F5F48E53447BF2E88F8E16C2D
3004E461067011BF73CF495C10DF9E0F216A0210D378AFC5C2C3C6D8BE6B378DCFEBE053764CF9983
698AFE253920F1CDAA4262DE1951967CF108C4C9F61A1407023F2BDE5454DB23FD11C2773B7242380
CC73CEFF1293D3FC3A04080467E9517F3502C140FADA035B4B42F937C3FDA2E4FFBD41AEED4EBCF24
71242305AAD30620C9501368C1D5DB595ADF16C55FF8654EF7C6BC861FBB3E9593F9D414AC154A6C0
B0D962F0373D9094FE13C9F6F325014A4A66AB40C22824DA2B8F4E7B25467B412A708E95CFE25C014
68F5841289543709C71953274CC16331D12CFB1EB0DEB778F81B001A36DB4E1838E4D615F25496A8E
FADFA525A1E6DFC9FC45B2C101AB624FBD800541991BE7C3DD352C77729DB7C8EC2E4B7AC7FEF086F
195D9992689EE032CE7C7E097DC7F35683B2F01B298A91FF14F696D9CC8C82EFEFA73AD412E1C23CC
066FDBCEBD48941BB02327381ED36AB12C7753B32CAB61D61EFB373B779D8AD7225F3E0EC5DADECC8
445F9E7308C855FB28A4245E6790E50B966597F3BEDD900F6447F517E7AA9A54A019989C26B26C799
71B18B5D395BC44DD875CD6A16384DD072B75C476611E716EDEB5517411E6A11E995AC6C41F3F9853
A7F3869F07D23380FB6EFA691117F598F0FD8925799D510C0FB1B31BA30505B2960889AF4A7008B58
180F78830259C45E71468AAAF8B2814EAEE723EF77C80EC2854EAA9E1E95390C569FFF1A45C109F02
A1B1E8336E81F84640BF6870950C965ACF573DF17693484AE53A7D400D6F5A59C1349C626F084E3AA
1831A82F43BB2990B8DD8287105BBA0B3CF0EEDCCA87AB5C6395AD9BA0994764C7DF80CD8AD906221
5D776DA159B14781363C0AF002325C911133449CC69D1D06368CC3D42991218E4592531EA93C9846E
CF0060956C39C96329C51AD4EA8AEE28B9FB417E0C9547D3A446D1CD2E80E1A7C5889949C22A2A71F
BAF4754DDA4DA88BCDCF72166B80E1AFEA664F708E8C4A9C09771B2B0E7608A81ACA440121E2A64C7
D9A6252327CDB79A82C5F7A055DA5206039572E3862A43DB9D29C32698E0E04CF2B6F295DDE1EE701
FE1DC151F4E8B6A40D483236D7C3B2EF52D8C4E9A726605E47DC2B8BB6CD70E35CC9199AD5C3FB815
138BBC8D64B04934C0E7FF3E5D95225A4636FDD7E652F259864ACCCA71055E052EC774F40D6A0AF50
0EABC83AC287E12C0E78D3A861BA518B76375F294D4501932F825141616B1FA01B4F3200D5BE1F4F9
9A5929C24D5A15731F9574573D4E7DBCCAAE8663CFF10D20E125741F897EB2CA9A5649ECC27278166
087B14195FD4DB69EF27F2B6182872F454628C8471A5B5A4A2445CAAF1167E426A215FAC46829CE55
CBF8B2F351DC85EED71DF56270B6436DB20B350DB1B38F476E7986C9F11777CE9842D942AEE770263
FB5C4372BDBD2CA7A1301FBEFDF5806E012EDF54493A17C0E5E0A21B9CBB19F25137E8DA110703B49
449591DD921D2AEB237733C7E7630DA0602773973E85AE21304109ADFADD8586C7A7CEFAC1F56DBCE
0B03E87FF0F250435A5FDEE629ED17408464FDF5DCA79749E439E9CA5F08942BEC3F87DB720954F6F
36E18E6C4F9D815F562A366AF260B4CD7320EA096695E64566BA48F0341DF5A80AE2105B2D0A26ACC
2F5A898E2269F59F1479B8A2B6DEC8D7F9C152AA18E7E785BB06901236E2721F3B0958CAF55A5A0DF
BDBF97671CFF04E1B272497124FB52A7CE5483A75A50EE879263CAF8726320298290C8E862D3940AA
743CB0EE5EDD9FD0DD54494FA38E2A546144ABB62EA88FDE6C3155525719505D1051783490DEC7B42
C03B96122AAE6B45B8CDF3404DC23E24915F65F58C62C0FC75F75969C47EA03D8E8F6067123BF12D8
F95AFCE5971AC662C6CA211C02D2C539EE935B8312DB0B720D89589DCDB66DC26747566AEB181388A
5FF3B3F1E95AB0A029F8FF7C7D8013781E1EFBB9ADB894F80F73FE297B7A4C5AD1FA80DD2E71B6A9B
D299FFED0FF31482F699D46AFB8826B079A6085E0E2954F9C2B8CF11DB7FBA5370386FD86503372EF
FBC257CB0AEE0C4705EF740A0743A91914AEEEF8AD80E412A216015B28A33F342B30118FE6E29B53B
07C22021924C299356A5FB83886DD0243E19594C77ED8FEE067BCB3DB691D9858B14853B33D0E02E4
36C72CA37F97F7CF8EF09C107B5819BB566D25F7BE26691EAF5BED669C88D1C1BECE3D02AB3A9A402
A4A037F46ADF68DA14B502B0B8595786D53BEDA645D1A97F975857A1CE3F82E1FC0F7AF5C085EFF1E
EF5E1ABF79C32B0D457800F2A94CBC5404F6CC3B50571C32F7008AEFE8F49A36E9AF6CFA2F67ECC52
C91495BA8A7A89A13299519A51AE1CA42786C7A7F0FF6319C37452F2556F9225FB0129CE581B2C393
49244AA3681EA116EA436956A4EC2B1980284988150135A17B02E0DA5DF576074FF1487D62950978F
68E3EBAD05F95F0756C61A46B95088C543269FF8063F927BDCD98FA7B31CE6B2E4454E1F4BBD6E878
A5F72616FD959140804FE020BC453F7E6A1F47E5FD512D017B9D3A4C8CD97BE9D0F2B9D07631AB2C0
BBD956B018F622712CE901902EDA7B9B9447131096BF01192985B44E3286342E17BBA886D05D64541
A2F2571B2A57751E46D9AE7582A41239A339AF953AB3BF28794F1FAA462B03D38E4EE878DCE995CBF
72ADC99D6F67CE6A79994E12FD5A988C7AD83180179E8C88F39ABB6612AE5220E9783DA75F201F5A4
2374C4F820CE0686BE5E5BBAC696FB3E4C11A81E3CD4E12936D5599A9CB9A8F8E9E2953F3A44A9A12
F54E8D01D57BC06A86E89A6F63B3E7211AEDAFE8D1C2E656A92E53A3B68C3C288192A607251E25095
481998334FA93C8EA89AB2959BE895C3C6869D45B5A2CF5BB32BF100DF919541CD82CC661B9F9FA76
8CC1E5BFB416EA1CB2FCC519E52D0326ECAF36D10274F4117C3A7F9F754A71B66C16DE3083547EF4A
72BF3C8E69D55189078BBAEA51A7B83DB3B4370E954A0051308F953001A0FEE9083A67475F1F37967
611FAC2D6861E0E05FBFA09AA8B0EBEF1C08D2C31A918F6CC2DCD5A579E8067FC91486B1CEE3EAB38
438158115E7EBE0E1A6EBDDF791F7D60F3F85EC00E37952EE22F7E9F03B08EF89E32520A8C351F667
0E53ACD52379BE88A35F039E096E552F192A345D4F4965BFE71740963387B1FDECAF943D30C129E13
9BBED5005F113BF163BF44D8E4DF3D21A7EF953BDE9019522271B407AA200E07C3CC691967914351A
A49DB8654A6F007D07DCC8A45658165028173011F9A168B6171F9EC5F5304FCE3EDFDF29362511FD1
9B12DDDFDE3CC247A33C197AA3B39592B73177382ECDDAA466F73070DC418BEFECA8C91BF524D1CFB
97E193702626B848BB5EAE41D2850B1F90E79E8766A25DEEB4DF92ECF5FC8F61FBB11430000C9C9A6
A45AD8748CEB8B65DAE29542AA07A7539431ABFDB5B6AA9D42012C25BCA452C9D0A7CFFB7B20359A7
1047267C03D9AB8B1FDE770EF51FD2EEBF973C57E7790EDD06652377A0DB547E734313D0036857408
58B36FC4594C9510E04AED0B8EA00A9B7088EA73B87AF3F88D1128ADB11AF0EF62EB19E27EF61CABE
A9EA3E03348483C76B6A0987E9078162D445EA01D106391865D20B1634FF767D09A9B2AB797D339AB
977B958C1477CB0A8D74DBFC8A4167C23E57D0C4BC8D64AC5CE8DFD260B432F8D7D48338C256743A7
64AA8AA41D583EA50813204D0D7ECE2543077C177C8EDE3C214C084D056FC10AF6ECC938AF3409571
85824D57E9561571811969DE43FA8D6133003B59859EEAF302874F9EACC325BFA5032AA64D326AC1A
B4CBF100E7399D9F440FB9D2A57C64A353E3AB2F16FBA3C78ABCFDA4592703B99718195411E5B99B5
CB7B083A07A8197F113A94B99F1C8751C52346D9199EB145152FB558BDD9155C81596B1664BA69F95
E24659AFFF415645612978D117FB448E52E653D31159636DE832B1B89B4419520E4A3B63D591FEBDE
F121C8DC755D01ADD21798D7C238A3ABA9A1502FBDBF265C6A608E8AF5C591285FF8E3B08C5F21DAA
4925710BA6AC523AC5AE33C4A03A215BA02F5691A0D90A8683EEF95F09FAE9B392346A9CF5FD28306
AD57EA2976A73CB39A32F3C2121F6FC8D39CF584F672F73117DC96FDFB9965BC754070DE8AD47D9ED
398917D2324B6EF6AB9FC54D9D2BE2947FB2680D4E6F395ADCCBC7A43CDB1EB3F2DDBD6829644EE85
F33E0C4890F6778B7C4C624132E2B64279731240896710FC6FA4CBB9B3A69EF137D22D486207AABE7
E7751285FB535E1460E3FBD041D743E639A76950BC1734E9DFE1E683C992DDF2A1523FB1EA286F8F3
F9350AA288FC9D6ECF66E15E0AD286F010C9C40C7B8F9F3709F86909427D88E15B8F79D75B2B15F27
CAF149BD4ECCF52347C4AA0515671954D219FA2D288C36C1134C59744C5D36434321E15AB68E9B02B
34DF01E062A9DED426C0AE62BC802CED4C7E69D1101C109AB85BEE740EF0B2E3D699F1B5F8B16D34E
10296A026DB51DC6A63F99567822DA38ED80DA7E00D295BE3E35322055996A6D5170E61730DFD6245
581C4EEC652FA57758DC46D6AFBD369122B49DB9CE7F111F938C17C5BB0EE792DC50704AFF499CBC0
171D53E3AD4C895565D6569BA9F94377B1C23C17D7635692ABFA8686799A412C79B745BFFF7959B9B
5A0D8EEF14FE9F4F797B6682879A6F75C8CB3D2D7A688EFFEE8DE1032E2936C6E255153F75E5D1057
33D0E95BE366681DBC161F782ECBC99CCC1626E3127B72140BDE5059409705603D211C118CAC127C4
70149F5035C8BA96DE9E0A712968E572B36466D519C8B5B35E9E88788DD2EA989F8A3B7E9EB57995C
50BE7BDAB7D6409C38C7A40E9ED15767BDE8D6AC6C5C251BF146BD6F46FAB5EC211E590C76CD2159A
0FD19CBACD7E22C51C8570EBBBB8E5A19860759AF0D1F2F3B8428AAD3CDB9161060E81952F012B40F
8DE2FA1CDB7DD2CA7F21122586950BCC1C7A3B44635A6067F37DCF830D045587CED3305550059B037
EC25E416214F449408B21478A15CFC5C6AE108A584F4F2B91138A46BE053F995BA4C44C4BC61F713D
54117B52CC624F96069C5B976635F971711E687F89DF48D99DB18C8327170B0EA3B7A9C4BEE2787F3
FB31138CB6AFCEFEB7E6B5E28063F63A6146FA6099E1A33DBE82D395BB5F8C2D7DE7CD1FCDC40B20D
6C9E03613D1C8BC07A679622F2173753592D76166617C7466F640E422D79C1407107B1371D84D6567
71570785504DAD397E224E323E1FE216F0336A74358A3295F9546053E6DD187BC18B88F14B6F97D3B
34B0BA2093C9C01F59D4DBAA927FC02145D37FE592751867FBDB5286AC67B700AC13966D2A51C596C
C437DBABF51A0DC1F2A71DB2FF210C08CD86B595C89D1F0BA6A855A275BFC670E12F98D560E70DDA6
6DD58B6D8ADB097C483A29F4F3CAB2CEFC8065CDAD3C3D0BDA419B1B245FDF16CE4F3D4B57925AE1B
A9B2EEE6EA485B4DE9F59EE9283A019569EC6276885611DB3CD0207C30AAA8DA75055DAA74F11E212
8D2C96F8A0854894CCF1A2CC963721F3C6886B8318A63A13A614CDCE3975405E84C2BD8A5B939F2CD
14E9DC5FB44845D676CE8F95A05F7B8ED283268C1A251290F51FC3DF228410C45685788D3191BAD67
1C09F0A66721B26A53394C001E28248B713388FE9B101854EE86F472742F0597510A22F690B69F31C
3B3E828018CAB7F196EF33EDE28836BF1C067612290E1356492C7F0892728D7C9D62CBD97F0D1265F
B7D5B03F551D4F92AA733F71F3F4B5557DCDD9DC9EEB049916FE4CEE60B83D94C8359D80B5306BCDF
9251FDC3F11BBFDF06EA64F4F7C8FAE3612B30679D58449BF3CAD4740AD7F28FA391762D87EB987BB
E1CBE17024992D1735E58AE8C3C7E33561A75E0DC25C0FADE6A4B8DCAF6FDB2E73C900ED4B6A19BE9
31CF03AB9C01592ADF3BE42367859985F8E67728A086170BEA1085DF535A4ECA0248DA65B3EDFC06F
5F4C845953FA5B95ACDA203F2E10E0E2D614294697CC2E54D8F85E4BB4A9052FF0EC94FC64D9A0B1D
6AE77628A950094319F67235FD6324747C6EAB309A5E3C936752914876DFF33A91FC989EAB1B30331
699BBC8F6589DFFF6AAF4523A7229539485C538FA57879638D3B36DE28AAC65F28D10C5573EA3550F
230E095181CD7F19EE721027C047ECBBC5356D9E34E5A561E42439E9BC8C732B6B61923559B9656ED
DE0181EB0FA4D31A2EA6E378B7342B0859DBF87585B20DC366A3606EEA97C03D9C9968524B2B7D07E
35BA5F43CE7DACD9D643FE38FA5783A9ECF29ECD585F82E21A5D0042AEC59D2CE86DE8C7E54B0B644
1DE9F048AC9C51AF5C1729250AA0A1138FD317F8C6DDDC3E921CAB0CDB82586DA2D3549F3F0F90DB7
B99F595B78A5C2EF8B3EBFE334F7B8C94A9A605C2F5345C20111A50E152F8409A154FB32B898D3037
CE852768FAB55C8CAA59F7D321C71A4273A5B5C9CDFB3519713A7011EF8CA64D571C2944183D0DD47
09B31637A9CA3208067812E537CC9DE97862132820849EEED3952B4BF9B077CF6F8C6D927CA3AF770
69373B206C49088394BD856180EA9D5C30B29BF9CDA914CE764F74B9693F011798F5225CA32E151FB
BC2BF9B2C9B0AC128046F93D0CBC841750BE584CD6F87F94097ED036A56C09CA6BC91E4419B2D02E9
9B48035797946E79BA73EBBCC2E052252DCDF1EFC45ACDF7EADEFED13F15B3CB0C03AFD8C0710BAE0
AD7BA2EB815D223A713DB526FCEBFC9EE96311273AF418205CA2184BA0C80989EE012FE5B849A6D42
E603DBBB16F87B2B189EE3088DAC58E07D4B278792BEA5B6AC7038AB0BC11D6A97C105FC44B82A943
F458F33FBB16C4EC9233C61E00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\UT2004\System\UT2004.exe"="C:\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1156388222\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1156388222\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\CallWave\IAM.exe"="C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave"
"C:\Program Files\Common Files\AOL\1156388222\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1156388222\EE\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\SYSTEM32\lxcycoms.exe"="C:\WINDOWS\SYSTEM32\lxcycoms.exe:*:Enabled:Lexmark Communications System"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.inf - open -
.inf - install -
.ini - open - notepad.exe %1
.txt - open - notepad.exe %1

======List of files/folders created in the last 3 months======

2008-10-27 15:54:46 ----D---- C:\rsit
2008-10-24 12:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 19:47:00 ----D---- C:\Program Files\Trend Micro
2008-10-21 23:31:49 ----D---- C:\Program Files\Dell
2008-10-21 23:31:48 ----D---- C:\WINDOWS\system32\Dell
2008-10-19 18:53:57 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-19 18:52:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-19 17:08:22 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-19 17:08:20 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-16 12:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 12:07:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 12:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 12:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 12:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 12:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-07 21:33:56 ----D---- C:\Program Files\MySpace
2008-09-23 13:23:49 ----D---- C:\Documents and Settings\Darla\Application Data\Symantec
2008-09-23 13:18:54 ----D---- C:\Program Files\Windows Sidebar
2008-09-23 13:16:22 ----D---- C:\Program Files\Norton Internet Security
2008-09-23 13:11:52 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-23 12:40:39 ----D---- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-09-15 02:27:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-15 02:02:49 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-15 02:02:48 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-15 02:02:48 ----A---- C:\WINDOWS\system32\java.exe
2008-09-11 15:39:33 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-11 12:02:13 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 12:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 02:22:41 ----D---- C:\Documents and Settings\Darla\Application Data\Yahoo!
2008-09-07 01:26:46 ----D---- C:\Program Files\NOS
2008-09-07 01:26:46 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-03 00:02:38 ----A---- C:\WINDOWS\system32\lxcyvs.dll
2008-09-03 00:02:32 ----A---- C:\WINDOWS\system32\lxcycoin.dll
2008-09-03 00:01:50 ----A---- C:\WINDOWS\system32\lxcydrs.dll
2008-09-03 00:01:50 ----A---- C:\WINDOWS\system32\lxcycnv4.dll
2008-09-03 00:01:50 ----A---- C:\WINDOWS\system32\lxcycaps.dll
2008-09-03 00:01:09 ----D---- C:\Program Files\Lexmark 3400 Series
2008-09-03 00:00:46 ----A---- C:\WINDOWS\system32\lxcyinst.dll
2008-09-03 00:00:46 ----A---- C:\WINDOWS\system32\lxcyinpa.dll
2008-09-03 00:00:46 ----A---- C:\WINDOWS\system32\lxcyiesc.dll
2008-09-03 00:00:46 ----A---- C:\WINDOWS\system32\lxcyhcp.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcyutil.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcyusb1.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcyserv.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcyprox.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcypplc.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcypmui.dll
2008-09-03 00:00:45 ----A---- C:\WINDOWS\system32\lxcylmpm.dll
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcyjswr.dll
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcyinsr.dll
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcyinsb.dll
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcyins.dll
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcyih.exe
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcyhbn3.dll
2008-09-03 00:00:44 ----A---- C:\WINDOWS\system32\lxcygf.dll
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycur.dll
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycub.dll
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycu.dll
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycoms.exe
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycomm.dll
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycomc.dll
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycfg.exe
2008-09-03 00:00:43 ----A---- C:\WINDOWS\system32\lxcycfg.dll
2008-09-02 23:59:45 ----D---- C:\drivers
2008-09-02 23:16:58 ----A---- C:\WINDOWS\system32\LXMASUI.DLL
2008-08-19 22:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom
2008-08-19 01:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-08-15 23:08:55 ----D---- C:\Documents and Settings\Darla\Application Data\Pogo Games
2008-08-14 12:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 12:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 12:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 12:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 12:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-14 12:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-14 01:05:13 ----D---- C:\Documents and Settings\Darla\Application Data\PlayFirst
2008-08-14 01:05:13 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-13 21:13:03 ----D---- C:\Program Files\Microsoft Digital Image 2006
2008-08-13 12:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-13 12:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-08 00:20:13 ----D---- C:\Documents and Settings\Darla\Application Data\iWinArcade

======List of files/folders modified in the last 3 months======

2008-10-27 16:05:50 ----D---- C:\Program Files\Mozilla Firefox
2008-10-27 15:55:00 ----D---- C:\WINDOWS\Prefetch
2008-10-27 14:57:07 ----D---- C:\WINDOWS\Temp
2008-10-24 12:15:16 ----D---- C:\Program Files\lx_cats
2008-10-24 12:14:33 ----AD---- C:\WINDOWS
2008-10-24 12:07:43 ----D---- C:\WINDOWS\SYSTEM32
2008-10-24 12:06:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 12:06:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 12:01:24 ----D---- C:\WINDOWS\INF
2008-10-24 12:01:16 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-24 12:00:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 19:47:00 ----D---- C:\Program Files
2008-10-23 19:08:42 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-23 19:07:56 ----D---- C:\Program Files\SpywareBlaster
2008-10-23 16:44:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-21 23:31:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-20 02:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 18:55:39 ----SHD---- C:\WINDOWS\Installer
2008-10-19 18:55:38 ----D---- C:\Config.Msi
2008-10-19 18:53:58 ----D---- C:\WINDOWS\system32\drivers
2008-10-19 18:53:58 ----D---- C:\Program Files\Lavasoft
2008-10-19 18:52:54 ----D---- C:\Program Files\Common Files
2008-10-19 18:47:37 ----D---- C:\Documents and Settings\Darla\Application Data\Lavasoft
2008-10-19 17:23:59 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-18 18:56:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 12:08:37 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 12:03:04 ----D---- C:\Program Files\Internet Explorer
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-14 14:59:17 ----D---- C:\Documents and Settings\Darla\Application Data\iWin
2008-10-08 03:00:49 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-03 02:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-10-03 02:14:26 ----D---- C:\UT2004
2008-10-03 01:52:45 ----D---- C:\Program Files\ToGo Game
2008-09-27 13:30:26 ----D---- C:\Program Files\Yahoo!
2008-09-26 16:04:46 ----D---- C:\Program Files\Symantec
2008-09-24 15:42:58 ----D---- C:\WINDOWS\FONTS
2008-09-24 02:02:45 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-23 13:26:02 ----SD---- C:\WINDOWS\Tasks
2008-09-23 12:35:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-15 02:31:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-15 02:31:09 ----D---- C:\Program Files\Common Files\Adobe
2008-09-15 02:28:30 ----D---- C:\Documents and Settings\Darla\Application Data\Adobe
2008-09-15 02:14:38 ----D---- C:\Program Files\Adobe
2008-09-15 02:02:45 ----D---- C:\Program Files\Java
2008-09-12 01:36:22 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-11 15:39:33 ----D---- C:\WINDOWS\Debug
2008-09-11 12:02:15 ----D---- C:\WINDOWS\WinSxS
2008-09-05 13:02:19 ----D---- C:\Documents and Settings\Darla\Application Data\Mozilla
2008-08-31 23:45:17 ----D---- C:\Program Files\LimeWire
2008-08-26 12:47:51 ----D---- C:\WINDOWS\HELP
2008-08-25 23:20:58 ----SD---- C:\Documents and Settings\Darla\Application Data\Microsoft
2008-08-25 19:25:26 ----D---- C:\Program Files\Lexmark Fax Solutions
2008-08-24 12:09:02 ----RSD---- C:\WINDOWS\assembly
2008-08-24 12:07:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-20 01:38:47 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 01:38:45 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 01:38:45 ----A---- C:\WINDOWS\system32\browseui.dll
2008-08-20 01:38:44 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-08-20 01:38:44 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-20 01:38:43 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 01:38:43 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-20 01:38:42 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-20 01:38:41 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-20 01:38:40 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-20 01:38:40 ----A---- C:\WINDOWS\system32\danim.dll
2008-08-20 01:38:39 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-08-19 23:13:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-08-19 05:20:32 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-08-17 00:15:28 ----D---- C:\Program Files\Oberon Media
2008-08-15 23:21:37 ----D---- C:\Program Files\Microsoft Works
2008-08-15 23:08:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-14 06:00:45 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 05:22:13 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-13 12:07:08 ----D---- C:\Program Files\Messenger
2008-08-08 22:02:57 ----D---- C:\Program Files\Common Files\AOL
2008-08-08 21:57:30 ----D---- C:\Documents and Settings\Darla\Application Data\AOL
2008-08-08 21:57:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-08-08 21:27:36 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-08 14:26:19 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-08-07 23:39:43 ----A---- C:\WINDOWS\win.ini
2008-08-05 00:28:06 ----D---- C:\unzipped

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 GBFSHook;GBFSHook; C:\WINDOWS\system32\drivers\GBFSHook.sys [2002-01-21 15024]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-09 119808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2002-07-02 23854]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2002-07-02 40508]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2002-07-02 6030]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2002-07-02 70382]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-08-16 818873]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-09-24 463848]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20081003.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\wg11tnd5.sy
  • 0

#7
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Your logs look clean. Let's get a couple more scans just to make sure.


STEP ONE
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

STEP TWO
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

  • 0

#8
davis05x3

davis05x3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I am so sorry I haven't posted a response yet. My internet has been messed up and I have been out of town but I will get those scans in to you today sometime! Thanks again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP