Slow Computer / Malware - Already ran S&D [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Slow Computer / Malware - Already ran S&D [Closed] Help appreciated.

#1 Chronotrigga

Group: Member
Posts: 25
Joined: 16-November 08

Posted 16 November 2008 - 09:24 AM

Background Information: Was searching a file on google for my friend using Mozilla Firefox. One of the sites I went to, for some reason, got me Malware, etc.. and now my computer is slow, and receives random popups from IE. The first thing I did was boot into Safe Mode and run S&D. I did not save the results, but there were few. After running S&D and booting into normal mode, the problem still occured. I ran msconfig and removed some suspicious files from startup, which included: DW_Start, TA_Start, fpeauwbakyn.dll, dwwnw64r.exe, Virtumundo, and a few others. After removing them from startup, my computer obviously runs a little bit faster but the problem still persists.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:35 AM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\new\Application Data\gadcom\gadcom.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{8A-AB-B0-03-ZN}] C:\Documents and Settings\Adam\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{3a3203f5-9e5e-b77d-0e18-c46177b5ffff}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sijukaouiyyaami.dll" DllStart
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [xtgwtazbotwwdhw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fpeuwbakynn.dll"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\new\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Adam\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Submit Coupon - file://C:\Program Files\Microsoft\Frequent Shopper Coupon Clipper\FrequentShopperCouponClipperWinIE.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O18 - Protocol: bw+0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll fctvrs.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 23485 bytes

Any help appreciated. I'll respond ASAP!

#2 heir

Group: Malware Removal
Posts: 5,427
Joined: 19-February 08

Posted 16 November 2008 - 09:53 AM

Hello Chronotrigga!

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

I'm currently looking over your log. I am still in training here, so there might be a delay between my replies as they need to be checked by an expert before I can post them. I'll need a bit of time to research your log fully, so please bear with me.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal - HijackThis™ Logs Go Here.
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

#3 Chronotrigga

Group: Member
Posts: 25
Joined: 16-November 08

Posted 16 November 2008 - 10:06 AM

Sounds good. Thanks for the potential help!

#4 Chronotrigga

Group: Member
Posts: 25
Joined: 16-November 08

Posted 16 November 2008 - 06:23 PM

Heir, anything? Please tell me what to do. I was hoping I could get rid of this by the end of tonight since I have an English Project I need to do and Word runs slow, but I don't think the fix is going to happen any time soon, heh. Of course, I will respond ASAP if you tell me what to do.

#5 heir

Group: Malware Removal
Posts: 5,427
Joined: 19-February 08

Posted 18 November 2008 - 12:29 PM

Hello Chronotrigga!

I've review your log.
Let's start cleaning then.

Step 1.
Run SDFix:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum

Step 2.
Scan with Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Scan with RSIT:

Download random's system information tool (RSIT) by random/random from here.
It is important that is saved to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both C:\rsit\log.txt (<<will be maximized) and C:\rsit\info.txt (<<will be minimized)

Step 4.
Things I would like to see in your reply:

The content of C:\SDFix\Report.txt from Step 1.
The content of C:\lopR.txt from Step 2.
The content of C:\rsit\log.txt and C:\rsit\info.txt from Step 3.

#6 Chronotrigga

Group: Member
Posts: 25
Joined: 16-November 08

Posted 18 November 2008 - 09:23 PM

Report.txt

SDFix: Version 1.240
Run by new on Tue 11/18/2008 at 07:53 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\nxqtqoafhgweti.exe - Deleted
C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\rtc.dat - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted

Folder C:\Temp\tn3 - Removed

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 20:25:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\pvutskfy.exe"="C:\\WINDOWS\\system32\\pvu"
"C:\\WINDOWS\\TEMP\\win16E.tmp.exe"="C:\\WINDOWS\\TEMP\\win16E.tmp.exe:*:Enabled:win16E.tmp"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\trant.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\spyguard.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcpriv.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcant.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcant.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\trant.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\ppldr.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\spyguard.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcpriv.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcant.exe"="C:\\Documents and Settings\\Ming-Shiun Pan\\Application Data\\pcant.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Thu 14 Aug 2008 104 ..SHR --- "C:\WINDOWS\system32\8152023460.sys"
Sat 27 Oct 2007 408,014 A.SH. --- "C:\WINDOWS\system32\ddeeg.bak1"
Tue 13 Nov 2007 656,749 ..SH. --- "C:\WINDOWS\system32\ddeeg.bak2"
Thu 14 Aug 2008 4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 31 Mar 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 13 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 13 Nov 2007 72,704 ..SHR --- "C:\Documents and Settings\Ming-Shiun Pan\Application Data\??pPatch\iexplore.exe"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Marsha Pan\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Marsha Pan\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Marsha Pan\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Fri 20 Apr 2007 8 A..H. --- "C:\Documents and Settings\Marsha Pan\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Sun 15 Jun 2008 8 A..H. --- "C:\Documents and Settings\new\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sun 15 Jun 2008 8 A..H. --- "C:\Documents and Settings\new\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sun 15 Jun 2008 8 A..H. --- "C:\Documents and Settings\new\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Sun 15 Jun 2008 8 A..H. --- "C:\Documents and Settings\new\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
Thu 17 Jul 2008 8 A..H. --- "C:\Documents and Settings\new\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"

Finished!

#7 Chronotrigga

Group: Member
Posts: 25
Joined: 16-November 08

Posted 18 November 2008 - 09:30 PM

LopR.txt

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.60GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
USER : new ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan Online (Activated)
Firewall : McAfee Personal Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:52 Go (Free:19 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Tue 11/18/2008|22:18 )

--------------------\\ Listing folders in APPLIC~1

[08/10/2004|02:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[06/15/2008|02:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[11/07/2005|02:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[11/07/2005|02:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[09/22/2008|11:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/07/2005|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[05/21/2006|02:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[09/03/2008|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[09/03/2008|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/10/2008|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[11/07/2005|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[12/31/2007|02:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Dell
[02/19/2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/18/2008|06:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[11/07/2005|02:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> GTek
[11/07/2005|02:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/15/2008|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[11/07/2005|02:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[11/16/2008|09:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/15/2007|08:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[05/22/2006|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[06/18/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/04/2006|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/10/2004|02:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[11/08/2007|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/07/2005|02:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[07/05/2007|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/18/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[09/08/2008|06:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[08/10/2004|02:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[06/15/2008|02:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intel
[11/07/2005|02:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/07/2005|02:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Sun

[08/10/2004|01:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/22/2006|09:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[05/21/2006|02:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Webroot

[01/04/2007|08:14] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Absoft
[12/01/2005|06:46] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Adobe
[12/01/2005|06:46] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> AdobeUM
[11/28/2006|08:10] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Aim
[07/17/2006|02:48] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Apple Computer
[07/23/2007|07:49] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> COREL
[08/01/2006|09:04] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Corel Photo Album
[07/10/2006|10:15] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> CyberLink
[12/31/2007|12:17] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> FileZilla
[11/08/2006|07:15] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Google
[04/12/2007|07:42] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Gtek
[02/07/2007|08:34] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Help
[08/10/2004|02:08] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Identities
[06/15/2008|02:59] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Intel
[07/03/2006|09:31] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Lavasoft
[07/17/2006|02:49] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Leadertech
[12/15/2005|12:28] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Logitech
[09/23/2006|07:59] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Macromedia
[05/05/2006|06:33] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> McAfee.com
[10/20/2006|10:47] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Microsoft
[08/01/2008|02:57] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Mozilla
[11/29/2005|10:15] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Netscape
[12/18/2006|11:02] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> NJStar
[07/17/2006|02:49] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Sonic
[11/07/2005|02:10] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Sun
[10/20/2006|10:47] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Ventrilo
[07/11/2006|07:46] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> vlc
[05/20/2006|07:54] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Webroot
[05/21/2006|01:54] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> Webshots
[04/16/2007|09:15] C:\DOCUME~1\MARSHA~1\APPLIC~1\<DIR> yahoo!

[04/01/2006|04:40] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Absoft
[07/24/2008|09:45] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Adobe
[11/27/2005|12:05] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> AdobeUM
[09/27/2006|07:17] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Apple Computer
[12/29/2005|07:45] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Azureus
[03/16/2007|03:55] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Corel
[11/11/2005|09:09] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> CyberLink
[10/30/2006|07:10] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Google
[04/12/2007|07:25] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Gtek
[07/06/2007|11:51] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Help
[08/10/2004|02:08] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Identities
[06/15/2008|02:56] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Intel
[05/05/2006|02:51] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Lavasoft
[11/11/2005|09:06] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Leadertech
[12/13/2005|11:03] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Logitech
[11/11/2005|06:39] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Macromedia
[12/02/2005|07:30] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> McAfee.com
[10/19/2007|10:15] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Microsoft
[10/20/2007|08:18] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Move Networks
[09/21/2007|09:02] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Mozilla
[11/24/2005|10:26] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Netscape
[05/29/2006|08:58] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> NJStar
[11/11/2005|09:06] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Sonic
[11/07/2005|02:10] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> Sun
[01/02/2006|01:40] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> vlc
[04/16/2007|09:02] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> yahoo!
[11/13/2007|11:17] C:\DOCUME~1\MING-S~1\APPLIC~1\<DIR> ??pPatch

[06/15/2008|02:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Intel
[07/10/2007|10:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[06/28/2008|10:13] C:\DOCUME~1\new\APPLIC~1\<DIR> Adobe
[06/28/2008|10:13] C:\DOCUME~1\new\APPLIC~1\<DIR> AdobeUM
[10/10/2008|08:55] C:\DOCUME~1\new\APPLIC~1\<DIR> Apple Computer
[10/09/2008|06:00] C:\DOCUME~1\new\APPLIC~1\<DIR> Azureus
[06/28/2008|09:58] C:\DOCUME~1\new\APPLIC~1\<DIR> Corel Photo Album
[10/03/2008|05:33] C:\DOCUME~1\new\APPLIC~1\<DIR> Creative
[07/01/2008|10:30] C:\DOCUME~1\new\APPLIC~1\<DIR> CyberLink
[10/01/2008|04:24] C:\DOCUME~1\new\APPLIC~1\<DIR> FileZilla
[06/20/2008|01:03] C:\DOCUME~1\new\APPLIC~1\<DIR> Google
[06/15/2008|06:03] C:\DOCUME~1\new\APPLIC~1\<DIR> GTek
[06/27/2008|09:50] C:\DOCUME~1\new\APPLIC~1\<DIR> gtk-2.0
[08/10/2004|02:08] C:\DOCUME~1\new\APPLIC~1\<DIR> Identities
[06/15/2008|02:59] C:\DOCUME~1\new\APPLIC~1\<DIR> Intel
[11/15/2008|11:51] C:\DOCUME~1\new\APPLIC~1\<DIR> IUpd721
[11/16/2008|09:49] C:\DOCUME~1\new\APPLIC~1\<DIR> Lavasoft
[06/15/2008|06:03] C:\DOCUME~1\new\APPLIC~1\<DIR> Logitech
[06/15/2008|06:04] C:\DOCUME~1\new\APPLIC~1\<DIR> Macromedia
[11/16/2008|09:58] C:\DOCUME~1\new\APPLIC~1\<DIR> Malwarebytes
[09/30/2008|06:18] C:\DOCUME~1\new\APPLIC~1\<DIR> McAfee.com
[10/23/2008|08:37] C:\DOCUME~1\new\APPLIC~1\<DIR> Microsoft
[11/10/2008|08:05] C:\DOCUME~1\new\APPLIC~1\<DIR> mIRC
[07/29/2008|11:40] C:\DOCUME~1\new\APPLIC~1\<DIR> Mozilla
[11/07/2005|02:10] C:\DOCUME~1\new\APPLIC~1\<DIR> Sun
[07/10/2008|03:16] C:\DOCUME~1\new\APPLIC~1\<DIR> vlc
[07/20/2008|08:28] C:\DOCUME~1\new\APPLIC~1\<DIR> WinRAR
[09/08/2008|06:04] C:\DOCUME~1\new\APPLIC~1\<DIR> yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/18/2008 10:15 PM][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[08/15/2008 12:00 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[09/01/2008 12:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[11/14/2008 06:30 PM][--a------] C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MOMMY-Ming-Shiun Pan).job
[11/11/2005 06:31 PM][--a------] C:\WINDOWS\tasks\ISP signup reminder 1.job
[11/18/2008 08:08 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/07/2005|02:16] C:\Program Files\<DIR> Adobe
[11/28/2006|08:10] C:\Program Files\<DIR> AIM
[11/09/2008|08:55] C:\Program Files\<DIR> All2WAV Recorder
[05/21/2006|02:11] C:\Program Files\<DIR> Anti-Virus-Pro
[09/21/2007|09:01] C:\Program Files\<DIR> AOD
[11/07/2005|01:57] C:\Program Files\<DIR> Apoint
[09/03/2008|10:45] C:\Program Files\<DIR> Apple Software Update
[06/15/2006|06:01] C:\Program Files\<DIR> Azureus
[09/22/2008|11:01] C:\Program Files\<DIR> Bonjour
[11/07/2005|02:12] C:\Program Files\<DIR> Broadcom
[11/08/2007|06:40] C:\Program Files\<DIR> CCleaner
[09/22/2008|10:27] C:\Program Files\<DIR> Common Files
[08/10/2004|02:02] C:\Program Files\<DIR> ComPlus Applications
[11/07/2005|01:58] C:\Program Files\<DIR> CONEXANT
[10/03/2008|05:28] C:\Program Files\<DIR> Creative
[11/07/2005|02:15] C:\Program Files\<DIR> CyberLink
[11/07/2005|02:30] C:\Program Files\<DIR> Dell
[04/12/2007|07:25] C:\Program Files\<DIR> DellSupport
[11/07/2005|02:15] C:\Program Files\<DIR> Digital Line Detect
[11/08/2008|07:00] C:\Program Files\<DIR> DivX
[11/24/2005|10:15] C:\Program Files\<DIR> FILES
[12/31/2007|12:07] C:\Program Files\<DIR> FileZilla Client
[06/28/2008|10:30] C:\Program Files\<DIR> FileZilla FTP Client
[09/18/2008|08:28] C:\Program Files\<DIR> Google
[10/20/2006|11:28] C:\Program Files\<DIR> Gunbound Revolution
[09/22/2008|10:36] C:\Program Files\<DIR> iDump
[10/03/2008|05:28] C:\Program Files\<DIR> InstallShield Installation Information
[11/07/2005|02:14] C:\Program Files\<DIR> Intel
[11/07/2005|02:12] C:\Program Files\<DIR> Intel, Inc
[10/15/2008|05:55] C:\Program Files\<DIR> Internet Explorer
[11/07/2005|02:22] C:\Program Files\<DIR> Intuit
[09/22/2008|11:06] C:\Program Files\<DIR> iPod
[07/29/2008|10:05] C:\Program Files\<DIR> IrfanView
[09/22/2008|11:06] C:\Program Files\<DIR> iTunes
[11/07/2005|02:10] C:\Program Files\<DIR> Java
[05/05/2006|02:50] C:\Program Files\<DIR> Lavasoft
[11/07/2005|02:21] C:\Program Files\<DIR> Learn2.com
[07/11/2008|04:49] C:\Program Files\<DIR> LittleFighter2
[12/13/2005|10:59] C:\Program Files\<DIR> Logitech
[11/16/2008|09:57] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[11/15/2007|08:29] C:\Program Files\<DIR> McAfee
[11/15/2007|08:21] C:\Program Files\<DIR> McAfee.com
[08/15/2008|09:06] C:\Program Files\<DIR> Messenger
[09/16/2008|09:55] C:\Program Files\<DIR> Microsoft
[11/24/2005|10:33] C:\Program Files\<DIR> Microsoft ActiveSync
[08/10/2004|02:04] C:\Program Files\<DIR> microsoft frontpage
[09/08/2008|05:54] C:\Program Files\<DIR> Microsoft Games
[11/24/2005|10:32] C:\Program Files\<DIR> Microsoft Office
[11/10/2008|08:04] C:\Program Files\<DIR> mIRC
[11/07/2005|02:15] C:\Program Files\<DIR> Modem Helper
[06/04/2006|08:24] C:\Program Files\<DIR> Moffsoft Calculator 2
[08/10/2004|02:02] C:\Program Files\<DIR> Movie Maker
[11/18/2008|08:32] C:\Program Files\<DIR> Mozilla Firefox
[11/26/2005|08:59] C:\Program Files\<DIR> MSN
[08/10/2004|02:01] C:\Program Files\<DIR> MSN Gaming Zone
[11/15/2006|10:49] C:\Program Files\<DIR> MSXML 4.0
[06/16/2008|06:41] C:\Program Files\<DIR> MSXML 6.0
[11/08/2007|06:40] C:\Program Files\<DIR> MUSICMATCH
[08/10/2004|02:02] C:\Program Files\<DIR> NetMeeting
[09/21/2007|09:00] C:\Program Files\<DIR> Netscape
[11/07/2005|02:15] C:\Program Files\<DIR> NetWaiting
[12/18/2006|11:02] C:\Program Files\<DIR> NJStar CJK Viewer
[05/29/2006|08:58] C:\Program Files\<DIR> NJStar Communicator
[11/24/2005|10:30] C:\Program Files\<DIR> Office XP
[05/21/2006|01:35] C:\Program Files\<DIR> Online Services
[06/14/2007|08:30] C:\Program Files\<DIR> Outlook Express
[03/18/2007|09:14] C:\Program Files\<DIR> PartyGaming
[03/30/2006|04:23] C:\Program Files\<DIR> PartyPoker
[07/25/2008|01:14] C:\Program Files\<DIR> Plaxo
[06/16/2008|07:37] C:\Program Files\<DIR> Qcikujuy
[11/14/2007|09:03] C:\Program Files\<DIR> Qnyqquer
[09/22/2008|10:59] C:\Program Files\<DIR> QuickTime
[11/07/2005|02:21] C:\Program Files\<DIR> Real
[11/07/2005|01:58] C:\Program Files\<DIR> Sigmatel
[09/09/2008|05:28] C:\Program Files\<DIR> Sonic
[11/16/2008|12:05] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/08/2008|06:01] C:\Program Files\<DIR> Steam
[11/24/2005|10:31] C:\Program Files\<DIR> The Weather Channel FW
[09/10/2008|06:13] C:\Program Files\<DIR> TI Education
[11/16/2008|10:13] C:\Program Files\<DIR> Trend Micro
[08/10/2004|02:08] C:\Program Files\<DIR> Uninstall Information
[11/09/2008|08:37] C:\Program Files\<DIR> Utherverse Digital Inc
[10/20/2006|10:45] C:\Program Files\<DIR> Ventrilo
[01/02/2006|01:38] C:\Program Files\<DIR> VideoLAN
[11/07/2005|02:21] C:\Program Files\<DIR> Viewpoint
[07/10/2008|12:21] C:\Program Files\<DIR> Vuze
[11/07/2005|02:28] C:\Program Files\<DIR> WebCyberCoach
[05/21/2006|01:54] C:\Program Files\<DIR> Webshots
[01/02/2006|01:42] C:\Program Files\<DIR> Webteh
[05/28/2006|06:48] C:\Program Files\<DIR> Winamp
[06/18/2008|10:16] C:\Program Files\<DIR> Windows Live
[09/13/2008|04:04] C:\Program Files\<DIR> Windows Media Connect 2
[11/17/2008|03:00] C:\Program Files\<DIR> Windows Media Player
[05/21/2006|01:35] C:\Program Files\<DIR> Windows NT
[08/10/2004|02:02] C:\Program Files\<DIR> WindowsUpdate
[07/20/2008|08:28] C:\Program Files\<DIR> WinRAR
[11/07/2005|02:25] C:\Program Files\<DIR> WordPerfect Office 12
[08/10/2004|02:04] C:\Program Files\<DIR> xerox
[11/27/2007|08:07] C:\Program Files\<DIR> Xobqtpml
[09/08/2008|06:03] C:\Program Files\<DIR> Yahoo!
[11/13/2007|11:17] C:\Program Files\<DIR> yjgpwzod
[11/07/2005|02:19] C:\Program Files\<DIR> Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/27/2005|12:05] C:\Program Files\Common Files\<DIR> Adobe
[11/07/2005|02:22] C:\Program Files\Common Files\<DIR> AnswerWorks 4.0
[05/21/2006|02:10] C:\Program Files\Common Files\<DIR> AOL
[09/03/2008|10:44] C:\Program Files\Common Files\<DIR> Apple
[11/07/2005|02:24] C:\Program Files\Common Files\<DIR> Borland Shared
[09/08/2008|05:57] C:\Program Files\Common Files\<DIR> Corel
[11/24/2005|10:33] C:\Program Files\Common Files\<DIR> Designer
[09/22/2008|10:27] C:\Program Files\Common Files\<DIR> eSellerate
[11/07/2005|02:24] C:\Program Files\Common Files\<DIR> InstallShield
[11/07/2005|02:22] C:\Program Files\Common Files\<DIR> Intuit
[11/07/2005|02:09] C:\Program Files\Common Files\<DIR> Java
[12/13/2005|10:58] C:\Program Files\Common Files\<DIR> Logitech
[11/15/2007|08:24] C:\Program Files\Common Files\<DIR> McAfee
[06/18/2008|10:15] C:\Program Files\Common Files\<DIR> Microsoft Shared
[09/21/2007|09:01] C:\Program Files\Common Files\<DIR> mozilla.org
[08/10/2004|02:02] C:\Program Files\Common Files\<DIR> MSSoap
[11/07/2005|02:21] C:\Program Files\Common Files\<DIR> Nullsoft
[08/10/2004|01:57] C:\Program Files\Common Files\<DIR> ODBC
[11/07/2005|02:21] C:\Program Files\Common Files\<DIR> Real
[08/10/2004|02:02] C:\Program Files\Common Files\<DIR> Services
[11/07/2005|02:24] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/10/2004|01:57] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/13/2005|12:09] C:\Program Files\Common Files\<DIR> SWF Studio
[06/14/2007|08:30] C:\Program Files\Common Files\<DIR> System
[09/10/2008|06:13] C:\Program Files\Common Files\<DIR> TI Shared
[11/07/2005|02:18] C:\Program Files\Common Files\<DIR> TiVo Shared
[06/18/2008|10:15] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[09/10/2008|06:11] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 61 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\new\LOCALS~1\Temp\nsh35.tmp
C:\DOCUME~1\new\LOCALS~1\Temp\nsl5B.tmp
C:\DOCUME~1\new\Cookies\new@advertising[2].txt
C:\DOCUME~1\new\Cookies\new@traveladvertising[1].txt
C:\DOCUME~1\new\Cookies\new@adopt.euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 22:20:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak2
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip

[F:4][D:89]-> C:\DOCUME~1\new\LOCALS~1\Temp
[F:190][D:0]-> C:\DOCUME~1\new\Cookies
[F:6606][D:12]-> C:\DOCUME~1\new\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 11/18/2008|22:22 - Option : [1]

--------------------\\ Scan completed at 22:22:31

#8 Chronotrigga

Group: Member
Posts: 25
Joined: 16-November 08

Posted 18 November 2008 - 09:34 PM

rsit/log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by new at 2008-11-18 22:33:08
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 20 GB (37%) free of 54 GB
Total RAM: 503 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:18 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\new\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\new.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {89e4682a-de5a-9d89-2ba4-343386aa1ee8} - {8ee1aa68-3343-4ab2-98d9-a5eda2864e98} - C:\WINDOWS\system32\gnfcwt.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{8A-AB-B0-03-ZN}] C:\Documents and Settings\Ming-Shiun Pan\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Submit Coupon - file://C:\Program Files\Microsoft\Frequent Shopper Coupon Clipper\FrequentShopperCouponClipperWinIE.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab
O18 - Protocol: bw+0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3BD5B8FB-91F4-402D-8FA5-EA479A9845BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll gnfcwt.dll
O20 - Winlogon Notify: hgggdaw - hgggdaw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 23318 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MOMMY-Ming-Shiun Pan).job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ee1aa68-3343-4ab2-98d9-a5eda2864e98}]
C:\WINDOWS\system32\gnfcwt.dll [2008-11-16 124928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2003-08-18 114743]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-30 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"VSOCheckTask"=c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe [2004-07-01 139264]
"VirusScan Online"=c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe [2004-08-17 180224]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160]
"{8A-AB-B0-03-ZN}"=C:\Documents and Settings\Ming-Shiun Pan\Local Settings\Temp\T0CHD001.exe CHD001 []
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3018abac]
C:\WINDOWS\system32\lwfikpbu.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Config]
C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\new\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-07-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-07-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-07-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2005-12-19 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2005-05-20 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-11-07 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-06-19 1271032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xtgwtazbotwwdhw]
C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{8A-AB-B0-03-DW}]
c:\windows\system32\dwwnw64r.exe CHD001 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2008-10-15 161264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2005-12-19 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-05-25 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^new^Start Menu^Programs^Startup^DW_Start.lnk]
C:\WINDOWS\system32\dwwnw64r.exe CHD001 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^new^Start Menu^Programs^Startup^TA_Start.lnk]
C:\DOCUME~1\MING-S~1\LOCALS~1\Temp\T0CHD001.exe CHD001 []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" c:\windows\system32\ldcore.dll gnfcwt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hgggdaw]
hgggdaw.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\WINDOWS\system32\pvutskfy.exe"="C:\WINDOWS\system32\pvu"
"C:\WINDOWS\TEMP\win16E.tmp.exe"="C:\WINDOWS\TEMP\win16E.tmp.exe:*:Enabled:win16E.tmp"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\system32\winav.exe"="%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\trant.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\ppldr.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\spyguard.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcpriv.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcant.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcant.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\system32\winav.exe"="%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\trant.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\trant.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\ppldr.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\ppldr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\spyguard.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\spyguard.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcpriv.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcpriv.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcant.exe"="C:\Documents and Settings\Ming-Shiun Pan\Application Data\pcant.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-18 22:33:08 ----D---- C:\rsit
2008-11-18 22:18:16 ----A---- C:\lopR.txt
2008-11-18 22:17:08 ----D---- C:\Lop SD
2008-11-18 19:46:33 ----D---- C:\WINDOWS\ERUNT
2008-11-18 19:42:10 ----D---- C:\SDFix
2008-11-16 22:42:26 ----A---- C:\WINDOWS\system32\gnfcwt.dll
2008-11-16 22:42:24 ----A---- C:\WINDOWS\system32\irwnkses.dll
2008-11-16 22:39:11 ----SH---- C:\WINDOWS\system32\ucslxavq.ini
2008-11-16 22:39:06 ----A---- C:\WINDOWS\system32\qvaxlscu.dll
2008-11-16 21:58:01 ----D---- C:\Documents and Settings\new\Application Data\Malwarebytes
2008-11-16 21:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-16 21:57:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-16 21:49:12 ----D---- C:\Documents and Settings\new\Application Data\Lavasoft
2008-11-16 10:13:33 ----D---- C:\Program Files\Trend Micro
2008-11-16 00:32:44 ----A---- C:\WINDOWS\system32\rjwnw64m.exe
2008-11-16 00:05:34 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-15 23:51:19 ----D---- C:\Documents and Settings\new\Application Data\IUpd721
2008-11-15 23:50:11 ----A---- C:\WINDOWS\system32\3b3b6fd2-.txt
2008-11-15 23:40:54 ----A---- C:\WINDOWS\system32\rcntktdl.exe
2008-11-15 23:40:51 ----A---- C:\WINDOWS\system32\g63.exe
2008-11-15 23:40:03 ----D---- C:\WINDOWS\system32\wpd
2008-11-15 23:40:03 ----D---- C:\WINDOWS\system32\pc
2008-11-15 23:40:02 ----D---- C:\WINDOWS\system32\icx
2008-11-15 23:40:02 ----D---- C:\WINDOWS\system32\dom
2008-11-15 23:40:02 ----D---- C:\WINDOWS\system32\bit3
2008-11-15 23:39:52 ----D---- C:\WINDOWS\system32\sX3i19
2008-11-14 06:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-14 06:58:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 19:55:08 ----D---- C:\Program Files\mIRC
2008-11-10 19:55:08 ----D---- C:\Documents and Settings\new\Application Data\mIRC
2008-11-09 20:37:40 ----D---- C:\Program Files\Utherverse Digital Inc
2008-10-23 23:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-18 22:33:16 ----D---- C:\WINDOWS\Prefetch
2008-11-18 20:47:31 ----D---- C:\WINDOWS\Temp
2008-11-18 20:32:53 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 20:32:50 ----SHD---- C:\WINDOWS\Installer
2008-11-18 20:32:32 ----D---- C:\Config.Msi
2008-11-18 20:25:41 ----D---- C:\Temp
2008-11-18 20:08:54 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 20:01:16 ----D---- C:\WINDOWS\system32
2008-11-18 19:46:33 ----D---- C:\WINDOWS
2008-11-18 19:43:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 06:50:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-17 03:03:37 ----D---- C:\WINDOWS\system32\drivers
2008-11-17 03:00:36 ----D---- C:\Program Files\Windows Media Player
2008-11-16 21:57:22 ----AD---- C:\Program Files
2008-11-16 10:07:53 ----RASH---- C:\boot.ini
2008-11-16 10:07:53 ----A---- C:\WINDOWS\win.ini
2008-11-16 10:07:53 ----A---- C:\WINDOWS\system.ini
2008-11-16 10:01:26 ----D---- C:\WINDOWS\pss
2008-11-16 00:05:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-14 06:59:40 ----HD---- C:\WINDOWS\inf
2008-11-14 06:59:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-14 06:59:15 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-14 06:59:08 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 06:56:23 ----D---- C:\WINDOWS\WinSxS
2008-11-09 20:55:37 ----D---- C:\Program Files\All2WAV Recorder
2008-11-08 19:00:43 ----D---- C:\Program Files\DivX
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 11:08:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 17:47:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-29 17:47:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-24 06:21:16 ----SD---- C:\WINDOWS\Tasks
2008-10-23 20:37:16 ----SD---- C:\Documents and Settings\new\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-03-02 109608]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-15 21425]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-11-07 8552]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 catchme;catchme; \??\C:\DOCUME~1\new\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-20 1049180]
R3 NaiFiltr;NaiFiltr; C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys [2002-03-13 23296]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-05-20 25600]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-05-20 36480]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-05-20 68352]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 P0630VID;Creative WebCam Live!; C:\WINDOWS\system32\DRIVERS\P0630Vid.sys [2004-07-29 91830]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-03 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-03 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2007-02-13 540776]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2007-01-05 361560]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2007-03-09 2213416]
R2 mcpromgr;McAfee Protection Manager; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [2007-01-05 493144]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-06-19 841256]

#9 heir

Group: Malware Removal

Posts: 5,427

Joined: 19-February 08

Posted 19 November 2008 - 01:30 AM

Your last post got cut off.

Please post the end part of C:\rsit\log.txt again.
From, ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
to, -----------------EOF-----------------

Also, please post the content of C:\rsit\info.txt.

#10 Chronotrigga

Group: Member

Posts: 25

Joined: 16-November 08

Posted 20 November 2008 - 09:18 PM

Here is the rest of the rsit\log.txt file

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine; c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe [2005-03-24 122880]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-04 356352]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2002-03-13 225375]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#11 Chronotrigga

Group: Member

Posts: 25

Joined: 16-November 08

Posted 20 November 2008 - 09:20 PM

rsit\info.txt

info.txt logfile of random's system information tool 1.04 2008-11-18 22:33:22

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absoft Pro Fortran 9.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE8088A5-6E5C-4CEB-9DBA-0D001541BA74}\Setup.exe" -l0x9
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Live! Driver (1.01.01.0730)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Desktop Weather by The Weather Channel-->C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Digital Content Portal-->MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Frequent Shopper Coupon Clipper-->MsiExec.exe /I{467B07BB-A0BE-4B58-A366-77B60B3C17E4}
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
IMSL Math and Stat Libraries-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92520D5F-67D5-44B4-8274-56F8DF0D7E16}\Setup.exe" -l0x9
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Little Fighter 2 1.9c-->C:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee VirusScan-->c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Age of Empires II Trial Version-->"C:\Program Files\Microsoft Games\Age of Empires II Trial\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Moffsoft Calculator 2-->"C:\Program Files\Moffsoft Calculator 2\unins000.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Netscape (7.2)-->C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NJStar Communicator-->C:\Program Files\NJStar Communicator\uninst.exe
NJWIN - NJStar CJK Viewer-->C:\Program Files\NJStar CJK Viewer\uninst.exe
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
Plaxo Toolbar for Outlook and Outlook Express-->C:\Program Files\Plaxo\2.6.1.11\uninstall.exe
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The SAS System v6.12-->C:\WINDOWS\uninst.exe -fC:\SAS\DeIsL1.isu
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vuze-->C:\Program Files\Vuze\uninstall.exe
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Webshots Desktop-->C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: McAfee VirusScan Online (outdated)
FW: McAfee Personal Firewall (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Qloud\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#12 heir

Group: Malware Removal

Posts: 5,427

Joined: 19-February 08

Posted 21 November 2008 - 04:04 AM

The end part of C:\rsit\log.txt doesn't match the upper part that you posted. The parts must be from two different logs.
Did you run the tool again to produce a new log? Please don't run the tool yourself.
Please post the upper part of that log. I need complete logs to be able to analyze them correctly.

Open the log (C:\rsit\log.txt) with Notepad and post the complete log again.

If it cuts off don't worry about it it's OK this time, cause then I can see if the bottom part you posted matches the upper part.

#13 Chronotrigga

Group: Member

Posts: 25

Joined: 16-November 08

Posted 21 November 2008 - 04:53 PM

Hm.. that's strange.

Please download the attachment for rsit/log.txt. I have also added info.txt incase anything has changed.

Attached File(s)

log.txt (50.13K)
Number of downloads: 158

info.txt (31.78K)
Number of downloads: 257

#14 heir

Group: Malware Removal

Posts: 5,427

Joined: 19-February 08

Posted 22 November 2008 - 06:06 AM

Hello Chronotrigga!

Quote
--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip

The source of your infections is likely related to cracks and keygens found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Quote
Please download the attachment for rsit/log.txt. I have also added info.txt incase anything has changed.
Please don't attach logs if don't specifically ask you to. It affects my research.

A question before we start cleaning your computer.

Do you recognize/use any of these programs?

NJStar Communicator
NJWIN - NJStar CJK Viewer

Step 1.
Scan a file:

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

C:\WINDOWS\system32\8152023460.sys

Click on the Upload button
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Step 2.
Run Combofix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 3.
Scan with HijackThis:

Please scan with HijackThis again and post the fresh log in your reply.

Step 4.
Things I would like to see in your reply:

Answer to the question in the beginning of this post
The content of the report from the filescan from Step 1.
The content of C:\ComboFix.txt from step 2.
The content of the fresh log from HijackThis from Step 3.

#15 Chronotrigga

Group: Member

Posts: 25

Joined: 16-November 08

Posted 22 November 2008 - 01:42 PM

I have not cracked/keygened anything on this computer. I'm not sure how it got there. Like I have stated before, I was surfing on the internet to find a downloadable file for my friend and had been affected by spyware/malware. I am aware that the word 'crack' is found in Virtumonde, however, after a quick research on google, results show that Virtumonde is a trojan, so I'm not sure what is going on, hm. I apologize for adding the rsit/info as an attachment; the post still cut half of the information out, so I sped up the process by attaching it -- in addition, the attachment, obviously a .txt, is not a virus.

As for these two programs,

NJStar Communicator
NJWIN - NJStar CJK Viewer

although I have not used them for awhile, I still need them. I will get right to completing the tasks you have assigned for me, thank you!

Back to Virus, Spyware, Malware Removal

Share this topic:

2 Pages

1

2

→

Please log in to reply

Related Topics:

goaway.exe Newme.exe bbjj.househot.com [CLOSED] Misc Sypware - Final Step in Clean Up [CLOSED] Need help - I have vcodec virus [CLOSED] VIRUSES! VIRUSES! NEW COMPUTER! Winfixer...and slow internet explorer [RESOLVED] Glacial internet connection, some programs crashing Fking antivirusxp08 [CLOSED] Extremely annoying random reboots

Slow Computer / Malware - Already ran S&D [Closed] - Geeks to Go Forums