1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active GF's laptop occur some unknown error/malware.

Discussion in 'Malware and Virus Removal Archive' started by m3ow, 2008/12/22.

  1. 2008/12/22
    m3ow

    m3ow Inactive Thread Starter

    Joined:
    2008/12/17
    Messages:
    94
    Likes Received:
    0
    [Active] GF's laptop occur some unknown error/malware.

    This is m3ow again, this time my gf's laptop occur some virus that keep forcing her laptop to restart.
    This is the HJT log, replies will be much appreciated. :D

    PS- will be seperated into 2 post.

    Logfile of random's system information tool 1.05 (written by random/random)

    Run by - r e i- at 2008-12-23 01:33:48
    Microsoft® Windows Vista™ Home Basic Service Pack 1
    System drive C: has 19 GB (30%) free of 63 GB
    Total RAM: 2037 MB (39% free)Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:42:54 AM, on 23/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: NormalRunning processes:

    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
    C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Yahoo!\Assistant\ylive.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Live100Percent\live100percent.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Users\- r e i-\Desktop\RSIT.exe
    C:\Program Files\trend micro\- r e i-.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ???? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: ???? - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe "
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe "
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
    O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RavenhearstSetup.exe] C:\Users\-REI-~1\Desktop\RAVENH~1.EXE /r
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Live100Percent.lnk = C:\Program Files\Live100Percent\live100percent.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: ???? - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: ÑÅ»¢Ã–úÊÖ - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew (file missing)
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    --End of file - 10841 bytes
    ======Scheduled tasks folder======
    C:\Windows\tasks\McDefragTask.job
    C:\Windows\tasks\McQcTask.job
    ======Registry dump======
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-05 320920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-22 2403392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-05 34816][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-22 2403392]
    {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - ???? - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll [2007-12-29 380336]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "Apoint "=C:\Program Files\DellTPad\Apoint.exe [2007-05-21 159744]
    "IgfxTray "=C:\Windows\system32\igfxtray.exe [2007-07-02 138008]
    "HotKeysCmds "=C:\Windows\system32\hkcmd.exe [2007-07-02 154392]
    "Persistence "=C:\Windows\system32\igfxpers.exe [2007-07-02 133912]
    "ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
    " "= []
    "RoxWatchTray "=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
    "PCMService "=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
    "dscactivate "=c:\dell\dsca.exe [2007-07-31 16384]
    "ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
    "GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
    "dlcxmon.exe "=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-13 292336]
    "MemoryCardManager "=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-04 304008]
    "FaxCenterServer "=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-04 312200]
    "DLCXCATS "=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll []
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
    "SigmatelSysTrayApp "=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-06-25 405504]
    "YLive.exe "=C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe [2007-12-29 89520]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-05 136600]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport "=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
    "MsnMsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "RavenhearstSetup.exe "=C:\Users\-REI-~1\Desktop\RAVENH~1.EXE /r []
    "DAEMON Tools Lite "=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-18 486856]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
    Live100Percent.lnk - C:\Program Files\Live100Percent\live100percent.exe
    QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2007-07-02 204800]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "EnableUIADesktopToggle "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    shell\AutoRun\command - F:\automenu.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0afcb47a-6462-11dd-b0d2-001c26f30afe}]
    shell\AutoRun\command - G:\qxbx9blb.com
    shell\explore\command - G:\qxbx9blb.com
    shell\open\command - G:\qxbx9blb.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14bfdda0-b51d-11dc-94be-001c26f30afe}]
    shell\Auto\command - infrom.exe
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e52a729-819c-11dd-a6ac-c441f48d27b6}]
    shell\Auto\command - autoregistry.exe
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f37e6d-147d-11dd-9f4d-001c26f30afe}]
    shell\AutoRun\command - F:\automenu.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d2c294-f0bc-11dc-bc00-001c26f30afe}]
    shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe AngAntiVirus.vbs

    ======List of files/folders created in the last 3 months======

    2008-12-23 01:33:49 ----D---- C:\Program Files\trend micro
    2008-12-23 01:33:48 ----D---- C:\rsit
    2008-12-19 16:40:12 ----A---- C:\Windows\system32\mshtml.dll
    2008-12-16 19:29:58 ----D---- C:\Users\- r e i-\AppData\Roaming\Ludia
    2008-12-16 19:29:58 ----D---- C:\ProgramData\Ludia
    2008-12-15 03:06:06 ----SHD---- C:\Config.Msi
    2008-12-14 14:13:48 ----A---- C:\Windows\system32\tzres.dll
    2008-12-14 14:09:52 ----A---- C:\Windows\system32\Apphlpdm.dll
    2008-12-14 14:09:41 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2008-12-14 14:09:11 ----A---- C:\Windows\system32\shell32.dll
    2008-12-14 14:07:57 ----A---- C:\Windows\system32\urlmon.dll
    2008-12-14 14:07:55 ----A---- C:\Windows\system32\ieframe.dll
    2008-12-14 14:07:52 ----A---- C:\Windows\system32\wininet.dll
    2008-12-14 14:07:52 ----A---- C:\Windows\system32\mstime.dll
    2008-12-14 14:07:48 ----A---- C:\Windows\system32\iertutil.dll
    2008-12-14 14:07:45 ----A---- C:\Windows\system32\jsproxy.dll
    2008-12-14 02:16:00 ----A---- C:\Windows\system32\gdi32.dll
    2008-12-14 02:10:25 ----A---- C:\Windows\system32\mf.dll
    2008-12-14 02:10:24 ----A---- C:\Windows\system32\WMVCORE.DLL
    2008-12-14 02:10:22 ----A---- C:\Windows\system32\WMNetMgr.dll
    2008-12-14 02:10:22 ----A---- C:\Windows\system32\logagent.exe
    2008-12-13 21:02:24 ----A---- C:\Windows\explorer.exe
    2008-12-05 13:08:52 ----A---- C:\Windows\system32\javaws.exe
    2008-12-05 13:08:52 ----A---- C:\Windows\system32\javaw.exe
    2008-12-05 13:08:52 ----A---- C:\Windows\system32\deploytk.dll
    2008-12-05 13:08:51 ----A---- C:\Windows\system32\java.exe
    2008-11-26 20:10:36 ----A---- C:\Windows\system32\PortableDeviceApi.dll
    2008-11-26 20:10:28 ----A---- C:\Windows\system32\connect.dll
    2008-11-26 20:10:11 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
    2008-11-26 20:10:11 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
    2008-11-26 20:10:10 ----A---- C:\Windows\system32\WindowsCodecs.dll
    2008-11-14 21:16:56 ----A---- C:\Windows\system32\msxml6.dll
    2008-11-14 03:32:35 ----A---- C:\Windows\system32\wups2.dll
    2008-11-14 03:32:35 ----A---- C:\Windows\system32\wucltux.dll
    2008-11-14 03:32:35 ----A---- C:\Windows\system32\wuauclt.exe
    2008-11-14 03:32:34 ----A---- C:\Windows\system32\wuaueng.dll
    2008-11-14 03:31:31 ----A---- C:\Windows\system32\wups.dll
    2008-11-14 03:31:31 ----A---- C:\Windows\system32\wudriver.dll
    2008-11-14 03:31:31 ----A---- C:\Windows\system32\wuapi.dll
    2008-11-14 03:31:09 ----A---- C:\Windows\system32\wuwebv.dll
    2008-11-14 03:31:08 ----A---- C:\Windows\system32\wuapp.exe
    2008-11-08 02:48:25 ----D---- C:\Program Files\Yahoo!
    2008-11-08 02:47:50 ----D---- C:\Program Files\7788xyx
    2008-11-02 04:06:36 ----A---- C:\Windows\system32\wersvc.dll
    2008-11-02 04:06:36 ----A---- C:\Windows\system32\Faultrep.dll
    2008-10-25 18:35:24 ----A---- C:\Windows\system32\netapi32.dll
    2008-10-16 19:10:38 ----A---- C:\Windows\system32\msshooks.dll
    2008-10-16 19:10:37 ----A---- C:\Windows\system32\msscb.dll
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\propsys.dll
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\propdefs.dll
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\msstrc.dll
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\mssprxy.dll
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\mssitlb.dll
    2008-10-16 19:10:34 ----A---- C:\Windows\system32\msshsq.dll
    2008-10-16 19:10:33 ----A---- C:\Windows\system32\thawbrkr.dll
    2008-10-16 19:10:33 ----A---- C:\Windows\system32\srchadmin.dll
    2008-10-16 19:10:33 ----A---- C:\Windows\system32\korwbrkr.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\xmlfilter.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\wsepno.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\rtffilt.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\offfilt.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\nlhtml.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\msscntrs.dll
    2008-10-16 19:10:32 ----A---- C:\Windows\system32\mimefilt.dll
    2008-10-16 19:10:31 ----A---- C:\Windows\system32\tquery.dll
    2008-10-16 19:10:31 ----A---- C:\Windows\system32\SearchProtocolHost.exe
    2008-10-16 19:10:31 ----A---- C:\Windows\system32\SearchIndexer.exe
    2008-10-16 19:10:31 ----A---- C:\Windows\system32\mssrch.dll
    2008-10-16 19:10:31 ----A---- C:\Windows\system32\chtbrkr.dll
    2008-10-16 19:10:31 ----A---- C:\Windows\system32\chsbrkr.dll
    2008-10-16 19:10:30 ----A---- C:\Windows\system32\mssvp.dll
    2008-10-16 19:10:30 ----A---- C:\Windows\system32\mssphtb.dll
    2008-10-16 19:10:30 ----A---- C:\Windows\system32\mssph.dll
    2008-10-16 17:49:53 ----A---- C:\Windows\system32\rpcrt4.dll
    2008-10-16 17:49:51 ----A---- C:\Windows\system32\pacerprf.dll
    2008-10-16 17:46:32 ----A---- C:\Windows\system32\emdmgmt.dll
    2008-10-16 17:46:31 ----A---- C:\Windows\system32\dataclen.dll
    2008-10-16 17:46:31 ----A---- C:\Windows\system32\cdd.dll
    2008-10-16 17:46:26 ----A---- C:\Windows\system32\vbscript.dll
    2008-10-16 17:46:25 ----A---- C:\Windows\system32\wshext.dll
    2008-10-16 17:46:25 ----A---- C:\Windows\system32\wscript.exe
    2008-10-16 17:46:25 ----A---- C:\Windows\system32\jscript.dll
    2008-10-16 17:46:25 ----A---- C:\Windows\system32\cscript.exe
    2008-10-16 17:46:22 ----A---- C:\Windows\system32\scrrun.dll
    2008-10-16 17:46:22 ----A---- C:\Windows\system32\scrobj.dll
    2008-10-16 17:46:17 ----A---- C:\Windows\system32\ntoskrnl.exe
    2008-10-16 17:46:17 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2008-10-13 02:59:10 ----D---- C:\PerfLogs
    2008-09-30 16:43:34 ----A---- C:\Windows\system32\msxml4.dll

    ======List of files/folders modified in the last 3 months======

    2008-12-23 01:42:24 ----D---- C:\Windows\Temp
    2008-12-23 01:36:24 ----D---- C:\Windows\Prefetch
    2008-12-23 01:33:49 ----RD---- C:\Program Files
    2008-12-23 01:00:06 ----D---- C:\Windows\System32
    2008-12-23 01:00:06 ----D---- C:\Windows\inf
    2008-12-23 01:00:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-12-23 00:47:23 ----D---- C:\Program Files\McAfee
    2008-12-19 16:40:45 ----D---- C:\Windows\winsxs
    2008-12-19 16:40:33 ----D---- C:\Windows\system32\catroot
    2008-12-19 16:40:01 ----SHD---- C:\System Volume Information
    2008-12-16 19:29:58 ----HD---- C:\ProgramData
    2008-12-15 03:14:08 ----D---- C:\Windows\AppPatch
    2008-12-15 03:14:08 ----D---- C:\Program Files\Windows Mail
    2008-12-15 03:08:39 ----SHD---- C:\Windows\Installer
    2008-12-15 03:08:31 ----D---- C:\ProgramData\Microsoft Help
    2008-12-14 14:41:59 ----D---- C:\Windows\rescache
    2008-12-14 14:23:28 ----D---- C:\Windows\system32\en-US
    2008-12-14 14:23:28 ----D---- C:\Windows
    2008-12-14 14:14:44 ----D---- C:\Windows\system32\catroot2
    2008-12-13 21:10:04 ----D---- C:\Program Files\Dl_cats
    2008-12-10 07:24:37 ----A---- C:\Windows\system32\mrt.exe
    2008-12-05 13:12:07 ----D---- C:\Program Files\Java
    2008-12-05 13:04:59 ----SD---- C:\Windows\Downloaded Program Files
    2008-11-15 03:53:58 ----D---- C:\Windows\Logs
    2008-11-15 03:15:05 ----D---- C:\Windows\system32\drivers
    2008-11-02 15:21:18 ----D---- C:\ProgramData\Roxio
    2008-10-21 01:05:58 ----D---- C:\Windows\system32\WDI
    2008-10-16 23:34:50 ----D---- C:\Windows\PolicyDefinitions
    2008-10-16 23:34:44 ----D---- C:\Windows\system32\migration
    2008-10-13 03:28:22 ----D---- C:\Windows\Microsoft.NET
    2008-10-13 03:28:15 ----RSD---- C:\Windows\assembly
    2008-10-13 03:18:19 ----SHD---- C:\Boot
    2008-10-13 03:18:00 ----ASH---- C:\Program Files\desktop.ini
    2008-10-13 03:13:47 ----D---- C:\Windows\system32\wbem
    2008-10-13 03:04:20 ----D---- C:\Program Files\Windows Calendar
    2008-10-13 03:04:19 ----D---- C:\Program Files\Windows Sidebar
    2008-10-13 03:04:18 ----D---- C:\Program Files\Movie Maker
    2008-10-13 03:04:17 ----D---- C:\Program Files\Windows Media Player
    2008-10-13 03:04:17 ----D---- C:\Program Files\Internet Explorer
    2008-10-13 03:04:16 ----D---- C:\Program Files\Windows Collaboration
    2008-10-13 03:04:15 ----D---- C:\Program Files\Windows Photo Gallery
    2008-10-13 03:04:07 ----D---- C:\Program Files\Windows Defender
    2008-10-13 03:04:07 ----D---- C:\Program Files\Common Files\System
    2008-10-13 03:04:05 ----D---- C:\Windows\servicing
    2008-10-13 03:03:45 ----D---- C:\Windows\MSAgent
    2008-10-13 03:03:41 ----D---- C:\Windows\DigitalLocker
    2008-10-13 03:03:40 ----D---- C:\Windows\L2Schemas
    2008-10-13 03:03:40 ----D---- C:\Windows\IME
    2008-10-13 03:03:37 ----D---- C:\Windows\system32\XPSViewer
    2008-10-13 03:03:37 ----D---- C:\Windows\system32\ko-KR
    2008-10-13 03:03:37 ----D---- C:\Windows\system32\da-DK
    2008-10-13 03:03:37 ----D---- C:\Windows\system32\com
    2008-10-13 03:03:17 ----D---- C:\Windows\system32\de-DE
    2008-10-13 03:03:16 ----D---- C:\Windows\system32\it-IT
    2008-10-13 03:03:16 ----D---- C:\Windows\system32\el-GR
    2008-10-13 03:03:15 ----D---- C:\Windows\system32\oobe
    2008-10-13 03:03:14 ----D---- C:\Windows\system32\sysprep
    2008-10-13 03:03:01 ----D---- C:\Windows\system32\AdvancedInstallers
    2008-10-13 03:03:00 ----D---- C:\Windows\system32\ru-RU
    2008-10-13 03:02:59 ----D---- C:\Windows\system32\sv-SE
    2008-10-13 03:02:59 ----D---- C:\Windows\system32\setup
    2008-10-13 03:02:59 ----D---- C:\Windows\system32\ias
    2008-10-13 03:02:59 ----D---- C:\Windows\system32\he-IL
    2008-10-13 03:02:59 ----D---- C:\Windows\system32\fr-FR
    2008-10-13 03:02:58 ----D---- C:\Windows\system32\SLUI
    2008-10-13 03:02:58 ----D---- C:\Windows\system32\pt-PT
    2008-10-13 03:02:58 ----D---- C:\Windows\system32\hu-HU
    2008-10-13 03:02:58 ----D---- C:\Windows\system32\fi-FI
    2008-10-13 03:02:58 ----D---- C:\Windows\system32\cs-CZ
    2008-10-13 03:02:52 ----D---- C:\Windows\system32\zh-CN
    2008-10-13 03:02:52 ----D---- C:\Windows\system32\en
    2008-10-13 03:02:51 ----D---- C:\Windows\system32\zh-TW
    2008-10-13 03:02:51 ----D---- C:\Windows\system32\pl-PL
    2008-10-13 03:02:51 ----D---- C:\Windows\system32\manifeststore
    2008-10-13 03:02:51 ----D---- C:\Windows\system32\es-ES
    2008-10-13 03:02:50 ----D---- C:\Windows\system32\ro-RO
    2008-10-13 03:02:50 ----D---- C:\Windows\system32\ja-JP
    2008-10-13 03:02:42 ----D---- C:\Windows\system32\tr-TR
    2008-10-13 03:02:34 ----D---- C:\Windows\system32\nb-NO
    2008-10-13 03:02:33 ----D---- C:\Windows\system32\nl-NL
    2008-10-13 03:02:33 ----D---- C:\Windows\system32\ar-SA
    2008-10-13 03:02:25 ----D---- C:\Windows\system32\migwiz
    2008-10-13 03:02:24 ----D---- C:\Windows\system32\pt-BR
    2008-10-13 02:59:26 ----D---- C:\Windows\Boot
    2008-10-13 02:59:17 ----D---- C:\Windows\system32\Boot
    2008-10-13 02:31:49 ----D---- C:\Windows\ModemLogs
    2008-10-12 15:08:36 ----A---- C:\Windows\system32\ifxcardm.dll
    2008-10-12 15:08:33 ----A---- C:\Windows\system32\axaltocm.dll
    2008-09-27 02:31:37 ----D---- C:\Users\- r e i-\AppData\Roaming\dvdcss
    2008-09-25 18:54:54 ----D---- C:\Program Files\Adobe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
    R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
    R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
    R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
    R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
    R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
    R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
    R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
    R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
    R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
    R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
    R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
    R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
    R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 12672]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-27 32256]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-27 43520]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-27 37376]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]
    R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-05-21 157184]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
    R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
    R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
    R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
    R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
    R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
    R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-03 986624]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-03 206848]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-07-02 1675776]
    R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
    R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
    R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
    R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-06-25 326656]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-03 659968]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 aqitlasg;aqitlasg; C:\Windows\system32\drivers\aqitlasg.sys []
    S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
    S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
    S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-04 537480]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
    R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
    R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
    R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
    R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
    R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
    R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
    R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
    R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-06-25 94208]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]
    R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
    R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
    R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-22 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
    S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    -----------------EOF-----------------
     
    m3ow,
    #1
  2. 2008/12/22
    m3ow

    m3ow Inactive Thread Starter

    Joined:
    2008/12/17
    Messages:
    94
    Likes Received:
    0
    2ND part continues here


    info.txt logfile of random's system information tool 1.05 2008-12-23 01:43:00

    ======Uninstall list======

    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    1.0--> "C:\Program Files\7788xyx\Hells Kitchen\unins000.exe "
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
    Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
    Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
    Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
    Dell Support Center-->MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
    Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
    Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
    DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
    Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Go-Go Gourmet (remove only)--> "C:\Program Files\Yahoo! Games\Go-Go Gourmet\Uninstall.exe "
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
    HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Live100Percent 1.0--> "C:\Program Files\Live100Percent\unins000.exe "
    McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
    mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
    MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
    mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
    Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
    mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
    Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
    mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
    ÑÅ»¢Ã–úÊÖ-->rundll32 C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll,UnInstall
    NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
    Power MP3 Cutter 2006, (ver 2.5)--> "C:\Program Files\Power MP3 Cutter\unins000.exe "
    QuickSet-->MsiExec.exe /I{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}
    Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
    Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
    Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
    Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
    Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
    Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
    Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
    Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
    Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
    Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
    Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
    User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
    VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

    System event log
    Computer Name: -rei--PC
    Event Code: 10029
    Message: DCOM started the service wercplsupport with arguments " " in order to run the server:
    {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
    Record Number: 108954
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20081222170826.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 7036
    Message: The Problem Reports and Solutions Control Panel Support service entered the running state.
    Record Number: 108955
    Source Name: Service Control Manager
    Time Written: 20081222170826.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 7036
    Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
    Record Number: 108956
    Source Name: Service Control Manager
    Time Written: 20081222170827.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 7036
    Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
    Record Number: 108957
    Source Name: Service Control Manager
    Time Written: 20081222171213.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
    Record Number: 108958
    Source Name: Tcpip
    Time Written: 20081222173759.714593-000
    Event Type: Warning

    User: Application event logComputer Name: -rei--PC
    Event Code: 1001
    Message: Fault bucket 406625931, type 5
    Event Name: BEX
    Response: None
    Cab Id: 0Problem signature:
    P1: Explorer.exe
    P2: 6.0.6001.18164
    P3: 4907e242
    P4: yalive.dll_unloaded
    P5: 0.0.0.0
    P6: 4775f463
    P7: 3c804146
    P8: c0000005
    P9: 00000008
    P10: Attached files:
    C:\Users\- r e i-\AppData\Local\Temp\WER41D0.tmp.version.txtThese files may be available here:
    C:\Users\- r e i-\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report05395a6e
    Record Number: 24799
    Source Name: Windows Error Reporting
    Time Written: 20081222170453.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 1000
    Message: Faulting application Explorer.exe, version 6.0.6001.18164, time stamp 0x4907e242, faulting module yalive.dll_unloaded, version 0.0.0.0, time stamp 0x4775f463, exception code 0xc0000005, fault offset 0x3c804146, process id 0x1108, application start time 0x01c964576851132d.
    Record Number: 24800
    Source Name: Application Error
    Time Written: 20081222170543.000000-000
    Event Type: Error

    User: Computer Name: -rei--PC
    Event Code: 1001
    Message: Fault bucket 406625931, type 5
    Event Name: BEX
    Response: None
    Cab Id: 0Problem signature:
    P1: Explorer.exe
    P2: 6.0.6001.18164
    P3: 4907e242
    P4: yalive.dll_unloaded
    P5: 0.0.0.0
    P6: 4775f463
    P7: 3c804146
    P8: c0000005
    P9: 00000008
    P10: Attached files:
    C:\Users\- r e i-\AppData\Local\Temp\WER205B.tmp.version.txtThese files may be available here:
    C:\Users\- r e i-\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report030e3c92
    Record Number: 24801
    Source Name: Windows Error Reporting
    Time Written: 20081222170551.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 9010
    Message: A request to disable the Desktop Window Manager was made by process (Hells Kitchen.exe)
    Record Number: 24802
    Source Name: Desktop Window Manager
    Time Written: 20081222170807.000000-000
    Event Type: Information

    User: Computer Name: -rei--PC
    Event Code: 9013
    Message: The Desktop Window Manager was unable to start because composition was disabled by a running application
    Record Number: 24803
    Source Name: Desktop Window Manager
    Time Written: 20081222170807.000000-000
    Event Type: Information

    User: Security event logComputer Name: -rei--PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
    Record Number: 37174
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081222174250.341593-000
    Event Type: Audit Failure

    User: Computer Name: -rei--PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
    Record Number: 37175
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081222174250.423593-000
    Event Type: Audit Failure

    User: Computer Name: -rei--PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
    Record Number: 37176
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081222174250.473593-000
    Event Type: Audit Failure

    User: Computer Name: -rei--PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
    Record Number: 37177
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081222174250.524593-000
    Event Type: Audit Failure

    User: Computer Name: -rei--PC
    Event Code: 5038
    Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
    Record Number: 37178
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20081222174250.589593-000
    Event Type: Audit Failure
    User:

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE "=x86
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "USERNAME "=SYSTEM
    "windir "=%SystemRoot%
    "PROCESSOR_LEVEL "=6
    "PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
    "PROCESSOR_REVISION "=0f0d
    "NUMBER_OF_PROCESSORS "=2
    "RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

    -----------------EOF-----------------
     
    m3ow,
    #2


  3. to hide this advert.

  4. 2008/12/22
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You have a flash drive infection. Please download Flash_Disinfector by sUBs and save it to your desktop:

    NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

    • Plug in your USB flash drive.
    • Double-click Flash_Disinfector.exe to run it.
    • Follow any prompts that may appear.
    • Your desktop will vanish for a while, and then reappear. This is normal.
    • Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

    Please leave the flash drive plugged in while executing the ComboFix instructions below.


    Download ComboFix by sUBs from here, saving the file to your desktop.


    Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
G:\qxbx9blb.com
F:\automenu.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0afcb47a-6462-11dd-b0d2-001c26f30afe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14bfdda0-b51d-11dc-94be-001c26f30afe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e52a729-819c-11dd-a6ac-c441f48d27b6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8f37e6d-147d-11dd-9f4d-001c26f30afe}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9d2c294-f0bc-11dc-bc00-001c26f30afe}]
DirLook::
C:\Program Files\7788xyx
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    Please do NOT alter the ComboFix log in any way.
     
    noahdfear,
    #3
  5. 2008/12/24
    m3ow

    m3ow Inactive Thread Starter

    Joined:
    2008/12/17
    Messages:
    94
    Likes Received:
    0
    m3ow here... i'm with my gf pc now... will be away after 8-10 hours from now. If can, let me know wat to do soon so i can fix it up before i leave.

    Alright.. now this is the situation...

    This computer can't download "Flash Disinfector ", when reach 99%, it says need permision from Administrator to continue, when i click continue.... it comes out the same collumm. This pc is curently the admin... and this is windows vista btw.

    should i skip Flash disinfector and go with combofix?

    thanks...
     
    m3ow,
    #4
  6. 2008/12/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I'd recommend transferring Flash_Disinfector if you can't download it on that PC.
     
    noahdfear,
    #5
  7. 2009/01/01
    m3ow

    m3ow Inactive Thread Starter

    Joined:
    2008/12/17
    Messages:
    94
    Likes Received:
    0
    Dave, sorry for the late reply, were kind of busy.

    Well, this is what i tried...
    1. download from web - failed.
    2. email - failed
    3. usb transfer - failed (its inside the usb on another pc, but it gets missing when plug into my gf's laptop)
    4. network - also fail locate the file.
     
    m3ow,
    #6
  8. 2009/01/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Go ahead and run ComboFix then, and leave the flash drive plugged in whilst running it.
     
    noahdfear,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...