Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot get rid of Spyware Guard 2008

Started by rbirr , Dec 18 2008 03:25 PM

  • Please log in to reply

#1
rbirr
Posted 18 December 2008 - 03:25 PM

rbirr

    New Member

  • Member
  • Pip
  • 4 posts
after several attempts of trying to remove this nasty malware AND my friend wanting his computer back ... he told me to just reinstall windows ..... I was hoping to be able to remove this for the experience and satisfaction .... oh well consider this case closed


Hi if any body can help! I have been trying to remove the Spyware Guard 2008 from a friends computer. I run Malware Bytes and it says it removes it but when I reboot it loads again, and i have tried it several times.

After reading another post on the same exact topic I downloaded some programs and created some logs that are posted below. I am basically at the OT Move it but not sure what to put into the box to move, I didnt want copy and paste what was on the other post cause I figured it was specific to that computer. here are the logs... thanks in advance for any help....

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:21 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Documents and Settings\pete\Desktop\HJTInstall.exe
C:\Documents and Settings\pete\Desktop\HiJackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\System32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [dmj] C:\WINNT\dmj.exe
O4 - HKLM\..\Run: [nczevef] C:\WINNT\nczevef.exe
O4 - HKLM\..\Run: [mvunchot] C:\WINNT\mvunchot.exe
O4 - HKLM\..\Run: [CMSZDJ] C:\WINNT\CMSZDJ.exe
O4 - HKLM\..\Run: [OUERYBLS] C:\WINNT\OUERYBLS.exe
O4 - HKLM\..\Run: [BOXHO] C:\WINNT\BOXHO.exe
O4 - HKLM\..\Run: [fmjebsp] C:\WINNT\fmjebsp.exe
O4 - HKLM\..\Run: [avyxix] C:\WINNT\avyxix.exe
O4 - HKLM\..\Run: [ebebyf] C:\WINNT\ebebyf.exe
O4 - HKLM\..\Run: [nupeb] C:\WINNT\nupeb.exe
O4 - HKLM\..\Run: [ojsjej] C:\WINNT\ojsjej.exe
O4 - HKLM\..\Run: [lej] C:\WINNT\lej.exe
O4 - HKLM\..\Run: [dkp] C:\WINNT\dkp.exe
O4 - HKLM\..\Run: [gvov] C:\WINNT\gvov.exe
O4 - HKLM\..\Run: [inwtypkf] C:\WINNT\inwtypkf.exe
O4 - HKLM\..\Run: [byj] C:\WINNT\byj.exe
O4 - HKLM\..\Run: [alofeb] C:\WINNT\alofeb.exe
O4 - HKLM\..\Run: [cliz] C:\WINNT\cliz.exe
O4 - HKLM\..\Run: [yjcvkj] C:\WINNT\yjcvkj.exe
O4 - HKLM\..\Run: [Glh$v/fNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\jsryhaup.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [742667e9] rundll32.exe "C:\WINNT\system32\rhinfakf.dll",b
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.co.../ride-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41...com/ff/inst.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.exe
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148001763625
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa....plugins/NCS.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.co...ploader_v10.cab
O20 - AppInit_DLLs: bhrooz.dll
O21 - SSODL: ieModule - {AB1A4BF6-94F3-4985-83C7-5C215CA1B566} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {B586A221-86AC-404A-BE6F-37F9852E143A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\nmwywcdtps.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 14188 bytes

















Edited by rbirr, 20 December 2008 - 07:52 PM.

  • 0

Advertisements

#2
rbirr
Posted 18 December 2008 - 03:27 PM

rbirr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here is the Rsit Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by pete at 2008-12-18 14:40:27
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 503 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:56, on 12/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\javaw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Documents and Settings\pete\Desktop\RSIT.exe
C:\Documents and Settings\pete\Desktop\pete.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gateway.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: GrandBar IE Helper - {84BA8988-33E1-4c89-A150-BF428E8D3213} - C:\Program Files\GrandPack\GrandPack2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar" com.motive.firmwareUpdater.client.SprintModemUpdate
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game3.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.co...jack2-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game3.pogo.co.../ride-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth 2 by Pogo - http://game3.pogo.co...ooth2-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.upp2ono41...com/ff/inst.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/...erInstaller.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) - http://www.worldwinn...ll/freecell.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1148001763625
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa....plugins/NCS.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinn...v46/sol/sol.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinn...apit/swapit.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - AppInit_DLLs: bhrooz.dll
O21 - SSODL: ieModule - {AB1A4BF6-94F3-4985-83C7-5C215CA1B566} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {B586A221-86AC-404A-BE6F-37F9852E143A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\nmwywcdtps.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 11536 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 2.job
C:\WINNT\tasks\ISP signup reminder 3.job
C:\WINNT\tasks\ohncczvg.job
C:\WINNT\tasks\pdjpzhyb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84BA8988-33E1-4c89-A150-BF428E8D3213}]
GrandBar IE Helper - C:\Program Files\GrandPack\GrandPack2.dll [2008-12-11 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2005-04-20 472744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-11-18 155648]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-11-18 118784]
"Gateway Ink Monitor"=C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe [2003-11-05 303180]
"Ink Monitor"=C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [2002-05-29 258118]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2005-05-10 11776]
"UserFaultCheck"=C:\WINNT\system32\dumprep 0 -u []
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2005-03-08 1695744]
"SprintModemUpdate"=javaw.exe -cp C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate.jar com.motive.firmwareUpdater.client.SprintModemUpdate []
"Motive SmartBridge"=C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe [2004-10-05 380928]
"HPHUPD08"=C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]
"HostManager"=C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe [2006-09-25 50736]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe [2008-12-18 1183232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\742667e9]
C:\WINNT\system32\rhinfakf.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\88154]
c:\juiugnfqcfqalzlx\jteseqxpam.exe [2006-08-22 1728754]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe /m=2 /w []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="bhrooz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]
ieModule - {AB1A4BF6-94F3-4985-83C7-5C215CA1B566} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll [2008-12-15 3463680]
InternetConnection - {B586A221-86AC-404A-BE6F-37F9852E143A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\nmwywcdtps.dll [2008-12-15 628224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sprint TotalAccess\TaskPanl.exe"="C:\Program Files\Sprint TotalAccess\TaskPanl.exe:*:Enabled:TaskPanl"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1147101167\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1147101167\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\IX5I36XG\incredimail_install[1].exe"="C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\Content.IE5\IX5I36XG\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"
"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open -

======List of files/folders created in the last 3 months======

2008-12-18 14:40:27 ----D---- C:\rsit
2008-12-18 14:25:03 ----A---- C:\WINNT\vmreg.dll
2008-12-18 14:25:03 ----A---- C:\WINNT\reged.exe
2008-12-18 14:25:01 ----A---- C:\WINNT\sysexplorer.exe
2008-12-18 14:25:01 ----A---- C:\WINNT\syscert.exe
2008-12-18 14:25:00 ----A---- C:\WINNT\sys.com
2008-12-18 14:25:00 ----A---- C:\WINNT\spoolsystem.exe
2008-12-18 14:24:58 ----D---- C:\Program Files\Spyware Guard 2008
2008-12-18 10:17:04 ----A---- C:\rapport.txt
2008-12-17 20:45:39 ----D---- C:\Documents and Settings\pete\Application Data\Malwarebytes
2008-12-17 20:45:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 20:45:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 20:26:41 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-17 20:09:47 ----A---- C:\WINNT\ntbtlog.txt
2008-12-17 19:41:24 ----A---- C:\rapport_search.txt
2008-12-17 19:31:31 ----A---- C:\rapport2.txt
2008-12-17 19:09:03 ----A---- C:\WINNT\system32\tmp.txt
2008-12-17 19:07:04 ----A---- C:\rapport1.txt
2008-12-17 18:13:05 ----D---- C:\Program Files\CCleaner
2008-12-16 18:40:11 ----HD---- C:\WINNT\PIF
2008-12-16 18:21:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-16 18:21:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-16 17:41:38 ----D---- C:\Program Files\ZipCentral
2008-12-16 17:33:30 ----D---- C:\Program Files\Lavasoft
2008-12-16 17:31:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-15 20:32:46 ----D---- C:\Documents and Settings\pete\Application Data\Macromedia
2008-12-15 20:32:37 ----D---- C:\Documents and Settings\pete\Application Data\Adobe
2008-12-15 20:30:28 ----D---- C:\Documents and Settings\pete\Application Data\AOL
2008-12-15 20:26:31 ----A---- C:\WINNT\system32\jkkJdExV.dll
2008-12-15 20:25:58 ----ASH---- C:\Documents and Settings\pete\Application Data\desktop.ini
2008-12-15 20:25:56 ----SD---- C:\Documents and Settings\pete\Application Data\Microsoft
2008-12-15 20:25:56 ----D---- C:\Documents and Settings\pete\Application Data\Symantec
2008-12-15 20:25:56 ----D---- C:\Documents and Settings\pete\Application Data\Sun
2008-12-15 20:25:56 ----D---- C:\Documents and Settings\pete\Application Data\Identities
2008-12-15 19:22:18 ----A---- C:\Documents and Settings\All Users\Application Data\svhost.exe
2008-12-15 19:13:10 ----D---- C:\Program Files\GrandPack
2008-12-15 17:08:08 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-15 17:06:52 ----A---- C:\WINNT\system32\kxkhhh.dll
2008-12-15 17:06:52 ----A---- C:\WINNT\system32\ahpfdpbo.dll
2008-12-13 20:04:23 ----ASH---- C:\WINNT\system32\upgvjrbc.ini
2008-12-13 20:02:51 ----A---- C:\WINNT\system32\ethcvf.dll
2008-12-13 20:02:49 ----A---- C:\WINNT\system32\mvbxcklt.dll
2008-12-13 20:01:50 ----A---- C:\WINNT\system32\7f05a397-.txt
2008-12-13 19:56:04 ----A---- C:\WINNT\system32\opnkllIc.dll
2008-11-01 15:44:40 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-10-18 10:26:29 ----A---- C:\WINNT\system32\MSSTDFMT.DLL
2008-10-18 10:26:29 ----A---- C:\WINNT\system32\IJL_11.DLL
2008-09-28 13:08:17 ----A---- C:\WINNT\system32\d3dx9_27.dll
2008-09-28 13:07:33 ----D---- C:\ProgramData
2008-09-28 12:57:02 ----D---- C:\Program Files\Electronic Arts
2008-09-26 17:51:16 ----D---- C:\WINNT\system32\CatRoot_bak
2008-09-26 17:41:02 ----D---- C:\WINNT\LastGood(2)

======List of files/folders modified in the last 3 months======

2008-12-18 14:40:48 ----D---- C:\WINNT\Prefetch
2008-12-18 14:25:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-18 14:25:03 ----AD---- C:\WINNT
2008-12-18 14:25:00 ----D---- C:\WINNT\Temp
2008-12-18 14:24:58 ----D---- C:\Program Files
2008-12-18 14:23:33 ----D---- C:\WINNT\system32\drivers
2008-12-18 10:48:22 ----D---- C:\WINNT\system32
2008-12-17 19:59:00 ----D---- C:\WINNT\Debug
2008-12-17 19:58:59 ----D---- C:\WINNT\Minidump
2008-12-17 19:09:08 ----D---- C:\Program Files\Google
2008-12-17 17:58:28 ----D---- C:\WINNT\system32\CatRoot2
2008-12-16 20:04:55 ----D---- C:\Program Files\America Online 9.0a
2008-12-16 19:45:42 ----SHD---- C:\RECYCLER
2008-12-16 18:15:02 ----SHD---- C:\WINNT\Installer
2008-12-16 18:15:02 ----HD---- C:\Config.Msi
2008-12-16 17:31:30 ----D---- C:\Program Files\Common Files
2008-12-15 20:28:58 ----SD---- C:\WINNT\Downloaded Program Files
2008-12-15 20:28:58 ----D---- C:\Program Files\Web Publish
2008-12-15 20:26:33 ----SD---- C:\WINNT\Tasks
2008-12-15 20:25:55 ----D---- C:\Documents and Settings
2008-12-15 19:52:38 ----D---- C:\Program Files\Oberon Media
2008-12-15 19:23:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-15 19:14:38 ----A---- C:\VETlog.txt
2008-12-15 19:14:19 ----A---- C:\WINNT\win.ini
2008-11-24 13:31:19 ----A---- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt
2008-11-18 17:18:32 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-15 07:55:21 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2008-10-19 14:49:33 ----D---- C:\Documents and Settings\All Users\Application Data\Beanbag Studios
2008-10-08 15:39:57 ----HD---- C:\WINNT\inf
2008-09-28 15:18:58 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-28 13:08:39 ----A---- C:\WINNT\system32\CmdLineExt.dll
2008-09-28 13:08:26 ----D---- C:\WINNT\system32\DirectX
2008-09-28 13:08:25 ----RSD---- C:\WINNT\assembly
2008-09-28 13:08:22 ----D---- C:\WINNT\Microsoft.NET
2008-09-26 18:15:35 ----D---- C:\WINNT\system32\CatRoot
2008-09-26 17:53:08 ----D---- C:\WINNT\system32\config
2008-09-26 17:52:41 ----D---- C:\WINNT\system32\wbem
2008-09-26 17:52:41 ----D---- C:\WINNT\Registration
2008-09-26 17:51:23 ----RSHD---- C:\WINNT\system32\dllcache
2008-09-26 17:51:09 ----D---- C:\Program Files\LimeWire
2008-09-26 17:51:02 ----D---- C:\Program Files\Messenger
2008-09-26 17:50:48 ----D---- C:\Program Files\Internet Explorer
2008-09-26 17:50:32 ----D---- C:\Program Files\iTunes
2008-09-26 17:50:30 ----D---- C:\Program Files\iPod
2008-09-26 17:50:07 ----D---- C:\Program Files\QuickTime
2008-09-26 17:49:29 ----D---- C:\Program Files\Apple Software Update
2008-09-26 17:49:26 ----DC---- C:\WINNT\system32\DRVSTORE
2008-09-26 17:49:08 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2008-09-26 17:49:06 ----D---- C:\Program Files\CVS
2008-09-26 17:33:27 ----D---- C:\WINNT\system32\ReinstallBackups
2008-09-26 17:31:50 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2008-09-26 17:31:42 ----HDC---- C:\WINNT\$NtUninstallKB952287$
2008-09-26 17:31:42 ----HDC---- C:\WINNT\$NtUninstallKB951072-v2$
2008-09-26 17:31:41 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2008-09-26 17:31:40 ----HDC---- C:\WINNT\$NtUninstallKB946648$
2008-09-26 17:31:39 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2008-09-26 17:31:03 ----HDC---- C:\WINNT\$NtUninstallKB954154_WM11$
2008-09-26 17:28:41 ----D---- C:\WINNT\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2005-03-08 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2005-03-08 24960]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2005-03-08 291456]
R1 Cinemsup;Cinemsup; C:\WINNT\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINNT\system32\drivers\DVDVRRdr_xp.sys [2005-03-08 141184]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2005-03-08 117760]
R1 UDFReadr;UDFReadr; C:\WINNT\system32\drivers\UDFReadr.sys [2005-03-08 202496]
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2003-12-18 8552]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-11-20 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-11-20 99002]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINNT\system32\drivers\ALCXWDM.SYS [2003-04-25 730092]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
R3 IntelC51;IntelC51; C:\WINNT\System32\DRIVERS\IntelC51.sys [2003-07-16 1075685]
R3 IntelC52;IntelC52; C:\WINNT\System32\DRIVERS\IntelC52.sys [2003-07-16 481305]
R3 IntelC53;IntelC53; C:\WINNT\System32\DRIVERS\IntelC53.sys [2003-07-16 50805]
R3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2005-03-08 23808]
R3 mohfilt;mohfilt; C:\WINNT\System32\DRIVERS\mohfilt.sys [2003-07-16 31440]
R3 pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-09-19 21248]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S1 vspf;vspf; \??\C:\WINNT\System32\drivers\vspf5.sys []
S1 vspf_hk;vspf_hk; \??\C:\WINNT\System32\drivers\vspf_hk5.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2005-03-08 24064]
S3 EPUSBSTOR;EPSON USB Storage Driver; C:\WINNT\System32\DRIVERS\epusbsto.sys [2001-09-10 17976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\System32\DRIVERS\HPZid412.sys [2004-09-29 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\System32\DRIVERS\HPZipr12.sys [2004-09-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\System32\DRIVERS\HPZius12.sys [2004-09-29 21744]
S3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Mtlmnt5;Mtlmnt5; C:\WINNT\System32\DRIVERS\Mtlmnt5.sys [2004-08-04 126686]
S3 Mtlstrm;Mtlstrm; C:\WINNT\System32\DRIVERS\Mtlstrm.sys [2004-08-04 1309184]
S3 NtMtlFax;NtMtlFax; C:\WINNT\System32\DRIVERS\NtMtlFax.sys [2004-08-04 180360]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 RecAgent;recagent; \??\C:\WINNT\System32\DRIVERS\RecAgent.sys []
S3 Slntamr;SmartLink AMR_PCI Driver; C:\WINNT\System32\DRIVERS\slntamr.sys [2004-08-04 404990]
S3 SlNtHal;SlNtHal; C:\WINNT\System32\DRIVERS\Slnthal.sys [2004-08-04 95424]
S3 SlWdmSup;SlWdmSup; C:\WINNT\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINNT\system32\PSIService.exe [2006-11-02 174656]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2003-01-10 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------
  • 0

#3
rbirr
Posted 18 December 2008 - 03:28 PM

rbirr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The Rsit Info Log

info.txt logfile of random's system information tool 1.05 2008-12-18 14:41:13

======Uninstall list======

-->C:\PROGRA~1\SPRINT~1\Uninstall.exe Sprint
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\System32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
7 Wonders of the Ancient World-->"C:\Program Files\Oberon Media\7 Wonders of the Ancient World\Uninstall.exe" "C:\Program Files\Oberon Media\7 Wonders of the Ancient World\install.log"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
All In One-->"C:\Juiugnfqcfqalzlx\unins000.exe"
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cypress USB Mass Storage Driver Installation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}\Setup.exe" -l0x9 NotFirstInstall
Diner Dash Seasonal Snack Pack-->"C:\Program Files\Oberon Media\Diner Dash Seasonal Snack Pack\Uninstall.exe" "C:\Program Files\Oberon Media\Diner Dash Seasonal Snack Pack\install.log"
DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EPSON Printer Software-->C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Excavation from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\ADFCE1E4-A420-437C-998D-EAF04E3601BE\Uninstall.exe"
Finding Nemo-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1A5488D7-314D-4CBC-89BF-C5B59510BDBA} NemoADVUninstall
Gateway Ink Monitor-->MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
HijackThis 2.0.2-->"C:\Documents and Settings\pete\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINNT\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINNT\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINNT\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINNT\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Ink Monitor-->C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe -U
Intel® 537EP Data Fax Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP Data Fax Modem"
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Speed Monitor-->C:\Program Files\GrandPack\Uninstall.exe
iPod for Windows 2006-03-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Lottso! Deluxe-->"C:\Program Files\Oberon Media\Lottso! Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Lottso! Deluxe\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINNT\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Musicmatch Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PhotoSuite 4 (Remove Only)-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Roxio\PhotoSuite 4\Uninst.isu"
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RD1021/1071 Lyra Personal Audio Player Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF948F4D-04C1-4CC7-960C-93D8FDCE8F48}\setup.exe" -l0x9
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
Roxio Easy Media Creator 7-->MsiExec.exe /I{A99C6296-A311-4D6C-9602-53B4241921D5}
S500/S600 USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{514DF7BB-D192-417C-BB60-58BF1FD34253}\Setup.exe" anything
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINNT\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINNT\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINNT\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINNT\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINNT\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINNT\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINNT\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINNT\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINNT\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINNT\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINNT\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINNT\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINNT\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINNT\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINNT\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINNT\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINNT\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINNT\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINNT\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINNT\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINNT\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINNT\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINNT\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINNT\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINNT\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINNT\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Smart Link 56K Modem-->C:\WINNT\Modio\SLAMR2KO\Setup.exe /Remove
Sprint virtual assistant-->C:\WINNT\Motive\Sprint\MCCUninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Guard 2008-->C:\Program Files\Spyware Guard 2008\uninstall.exe
Tri Peaks 2 Quest For The Ruby Ring-->"C:\Program Files\Oberon Media\Tri Peaks 2 Quest For The Ruby Ring\Uninstall.exe" "C:\Program Files\Oberon Media\Tri Peaks 2 Quest For The Ruby Ring\install.log"
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINNT\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINNT\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINNT\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINNT\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINNT\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINNT\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINNT\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB Storage Adapter FX (SM1)-->SM1UN.EXE SM1FX_AT
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{E8E9A39C-6F70-4261-816F-2B2DE8F7BB13}
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINNT\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873333-->C:\WINNT\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINNT\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINNT\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
Word Riot Deluxe-->"C:\Program Files\Oberon Media\Word Riot Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Word Riot Deluxe\install.log"
ZipCentral 4.01-->"C:\Program Files\ZipCentral\unins000.exe"

System event log

Computer Name: S1100345188
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 17835
Source Name: Service Control Manager
Time Written: 20081124210158.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S1100345188
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 17834
Source Name: Service Control Manager
Time Written: 20081124133331.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S1100345188
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 17833
Source Name: Service Control Manager
Time Written: 20081124133312.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S1100345188
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 17832
Source Name: Service Control Manager
Time Written: 20081124133309.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: S1100345188
Event Code: 7035
Message: The ATWPKT2 service was successfully sent a start control.

Record Number: 17831
Source Name: Service Control Manager
Time Written: 20081124133305.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: S1100345188
Event Code: 0
Message:
Record Number: 5
Source Name: Viewpoint Manager Service
Time Written: 20080412050212.000000-240
Event Type: information
User:

Computer Name: S1100345188
Event Code: 0
Message:
Record Number: 4
Source Name: iPod Service
Time Written: 20080411161458.000000-240
Event Type: information
User:

Computer Name: S1100345188
Event Code: 1004
Message: Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 3
Source Name: Application Error
Time Written: 20080411161237.000000-240
Event Type: error
User:

Computer Name: S1100345188
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 2
Source Name: SecurityCenter
Time Written: 20080411032856.000000-240
Event Type: information
User:

Computer Name: S1100345188
Event Code: 0
Message:
Record Number: 1
Source Name: Viewpoint Manager Service
Time Written: 20080411032856.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#4
rbirr
Posted 18 December 2008 - 03:32 PM

rbirr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
and the Gmer Log ..... I would appreciate any help .... Thank you




GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-18 15:47:15
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.14 ----

? rtwzojIz.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01EBC340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01EBCC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01EBC480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01EB2660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01EB2770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 01EBC2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\QuickTime\qttask.exe[256] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E4C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\QuickTime\qttask.exe[256] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E4CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\QuickTime\qttask.exe[256] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E4C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E42660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E42770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\QuickTime\qttask.exe[256] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00E4C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\juiugnfqcfqalzlx\jteseqxpam.exe[272] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0115C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\juiugnfqcfqalzlx\jteseqxpam.exe[272] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0115CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\juiugnfqcfqalzlx\jteseqxpam.exe[272] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0115C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\juiugnfqcfqalzlx\jteseqxpam.exe[272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01152660 C:\WINNT\system32\ms1un8er1.dll
.text C:\juiugnfqcfqalzlx\jteseqxpam.exe[272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01152770 C:\WINNT\system32\ms1un8er1.dll
.text C:\juiugnfqcfqalzlx\jteseqxpam.exe[272] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 0115C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Documents and Settings\pete\Desktop\gmer.exe[364] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Documents and Settings\pete\Desktop\gmer.exe[364] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Documents and Settings\pete\Desktop\gmer.exe[364] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Documents and Settings\pete\Desktop\gmer.exe[364] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 1000C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[436] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A3C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[436] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A3CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[436] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A3C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A32660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A32770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[436] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00A3C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\ctfmon.exe[528] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CCC340 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\ctfmon.exe[528] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CCCC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\ctfmon.exe[528] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00CCC480 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\ctfmon.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CC2660 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\ctfmon.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CC2770 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\ctfmon.exe[528] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00CCC2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\Explorer.EXE[560] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 026EC340 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\Explorer.EXE[560] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 026ECC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\Explorer.EXE[560] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 026EC480 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\Explorer.EXE[560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 026E2660 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\Explorer.EXE[560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 026E2770 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\Explorer.EXE[560] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 026EC2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[656] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 09DBC340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 09DBCC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[656] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 09DBC480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 09DB2660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 09DB2770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[656] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 09DBC2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\wscntfy.exe[676] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 1000C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\wscntfy.exe[676] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 1000CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\wscntfy.exe[676] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 1000C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\wscntfy.exe[676] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002660 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\wscntfy.exe[676] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002770 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\system32\wscntfy.exe[676] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 1000C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[876] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0181C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[876] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0181CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[876] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0181C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01812660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01812770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[876] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 0181C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\System32\hkcmd.exe[1884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F6C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\System32\hkcmd.exe[1884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F6CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\System32\hkcmd.exe[1884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00F6C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\System32\hkcmd.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F62660 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\System32\hkcmd.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F62770 C:\WINNT\system32\ms1un8er1.dll
.text C:\WINNT\System32\hkcmd.exe[1884] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00F6C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe[1928] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00CAC340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe[1928] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00CACC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe[1928] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00CAC480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe[1928] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CA2660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe[1928] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CA2770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe[1928] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00CAC2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[1980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0124C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[1980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0124CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[1980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0124C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[1980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01242660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[1980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01242770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe[1980] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 0124C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe[2008] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A6C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe[2008] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A6CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe[2008] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A6C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A62660 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A62770 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe[2008] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00A6C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2024] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00C8C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2024] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C8CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2024] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00C8C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C82660 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C82770 C:\WINNT\system32\ms1un8er1.dll
.text C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2024] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00C8C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00BDC340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00BDCC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00BDC480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BD2660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BD2770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2040] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00BDC2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01A7C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01A7CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01A7C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01A72660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01A72770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 01A7C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Spyware Guard 2008\spywareguard.exe[2888] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 0179C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Spyware Guard 2008\spywareguard.exe[2888] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0179CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Spyware Guard 2008\spywareguard.exe[2888] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 0179C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Spyware Guard 2008\spywareguard.exe[2888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01792660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Spyware Guard 2008\spywareguard.exe[2888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01792770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\Spyware Guard 2008\spywareguard.exe[2888] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 0179C2E0 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3080] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00B9C340 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3080] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B9CC20 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3080] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00B9C480 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B92660 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B92770 C:\WINNT\system32\ms1un8er1.dll
.text C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe[3080] kernel32.dll!OpenProcess 7C8309E1 5 Bytes JMP 00B9C2E0 C:\WINNT\system32\ms1un8er1.dll

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe[136] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1432] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation)
---- Processes - GMER 1.0.14 ----

Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\Common Files\AOL\1147101167\ee\AOLSoftware.exe [136] 0x01EB0000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [256] 0x00E40000

Process C:\juiugnfqcfqalzlx\jteseqxpam.exe (*** hidden *** ) 272
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\juiugnfqcfqalzlx\jteseqxpam.exe [272] 0x01150000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Documents and Settings\pete\Desktop\gmer.exe [364] 0x10000000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [436] 0x00A30000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\WINNT\system32\ctfmon.exe [528] 0x00CC0000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\WINNT\Explorer.EXE [560] 0x026E0000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe [656] 0x09DB0000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\WINNT\system32\wscntfy.exe [676] 0x10000000

Process C:\juiugnfqcfqalzlx\jteseqxpam.exe (*** hidden *** ) 776
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\juiugnfqcfqalzlx\jteseqxpam.exe [776] 0x01980000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [876] 0x01810000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\WINNT\System32\hkcmd.exe [1884] 0x00F60000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe [1928] 0x00CA0000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [1980] 0x01240000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe [2008] 0x00A60000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe [2024] 0x00C80000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2040] 0x00BD0000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [2672] 0x01A70000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\Spyware Guard 2008\spywareguard.exe [2888] 0x01790000
Library C:\WINNT\system32\ms1un8er1.dll (*** hidden *** ) @ C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe [3080] 0x00B90000

---- Services - GMER 1.0.14 ----

Service system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@88154 c:\juiugnfqcfqalzlx\jteseqxpam.exe jt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@88154 c:\juiugnfqcfqalzlx\jteseqxpam.exe jt

---- Files - GMER 1.0.14 ----

File C:\Juiugnfqcfqalzlx 0 bytes
File C:\Juiugnfqcfqalzlx\help.chm 792754 bytes
File C:\Juiugnfqcfqalzlx\jteseqxpam.exe 1728754 bytes executable
File C:\Juiugnfqcfqalzlx\Log 0 bytes
File C:\Juiugnfqcfqalzlx\Log\Audio 0 bytes
File C:\Juiugnfqcfqalzlx\Log\Text 0 bytes
File C:\Juiugnfqcfqalzlx\Log\Text\aiotxt.dat 286749 bytes
File C:\Juiugnfqcfqalzlx\Log\Text\aioweb.dat 332345 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual 0 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10182008.dat 254660396 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10192008.dat 235142294 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10202008.dat 133273447 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10212008.dat 146418457 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10222008.dat 48037934 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10232008.dat 171350828 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10242008.dat 174153085 bytes
File C:\Juiugnfqcfqalzlx\Log\Visual\10252008.dat 25974940 bytes
File C:\Juiugnfqcfqalzlx\unins000.dat 12175 bytes
File C:\Juiugnfqcfqalzlx\unins000.exe 686706 bytes
File C:\WINNT\system32\ms1un8er1.dll 139264 bytes executable

---- EOF - GMER 1.0.14 ----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP