Inactive [InActive] Internet Difficulties (Continued from another thread)

((Thread as mentioned is at http://www.windowsbbs.com/other-software/79032-having-problems-java.html , you can get the background there, in the interest of maintaining brevity, I'll keep these posts to the 'Log.txt' and 'Info.txt' files))

Logfile of random's system information tool 1.04 (written by random/random)
Run by Tom at 2008-11-28 15:30:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 362 GB (76%) free of 477 GB
Total RAM: 3327 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:40 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\DOCUME~1\Tom\LOCALS~1\Temp\TwcTbsetup.exeyahooTbsetup.execarbonitesetup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Tom\Desktop\RSIT.exe
C:\Program Files\trend micro\Tom.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\DOCUME~1\Tom\LOCALS~1\Temp\TwcTbsetup.exeyahooTbsetup.execarbonitesetup.exe" /preinstalled /pausefor=0 /showonfirst
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe "
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.exaltedonline.com
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Are%20You%20Smarter%20Than%20A%205th%20Grader/Images/stg_drm.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199395973312
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199419364000
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Are%20You%20Smarter%20Than%20A%205th%20Grader/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FF9A995-82FC-4CF7-8085-93C83FC53440}: NameServer = 66.60.130.158,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 17008 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Tom.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-13 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-08 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-13 2403392]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX "=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"RemoteControl "=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut "=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"NeroFilterCheck "=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"SoundMAXPnP "=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"GrooveMonitor "=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"LogitechCommunicationsManager "=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"LogitechQuickCamRibbon "=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"ISUSPM Startup "=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-09-11 218032]
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"RoxWatchTray "=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz "=nwiz.exe /install []
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-06-02 48752]
"vptray "=C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe [2005-06-23 85696]
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"CarboniteSetupLite "=C:\DOCUME~1\Tom\LOCALS~1\Temp\TwcTbsetup.exeyahooTbsetup.execarbonitesetup.exe [2008-10-01 273040]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware "=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LightScribe Control Panel "=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-12-05 2295072]
"MsnMsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-03-07 68856]
"ISUSPM "=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"AlcoholAutomount "=C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe [2008-03-20 216520]
"DW6 "=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-06-23 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\World of Warcraft\Launcher.exe "= "C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft "
"C:\Program Files\BitTyrant\Azureus.exe "= "C:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe "= "C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com "
"C:\Program Files\Guild Wars\Gw.exe "= "C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars "
"C:\Program Files\Atari\Neverwinter Nights 2\NWN2Launcher.exe "= "C:\Program Files\Atari\Neverwinter Nights 2\NWN2Launcher.exe:*:Enabled: Neverwinter Nights 2 "
"C:\Program Files\Java\jre6\bin\java.exe "= "C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:java "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\setupSNK.exe


======List of files/folders created in the last 3 months======

2008-11-28 15:30:33 ----D---- C:\Program Files\trend micro
2008-11-28 15:30:27 ----D---- C:\rsit
2008-11-28 15:19:31 ----D---- C:\Documents and Settings\Tom\Application Data\Malwarebytes
2008-11-28 15:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-28 15:19:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-27 21:55:32 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-27 21:55:32 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-27 21:55:32 ----A---- C:\WINDOWS\system32\java.exe
2008-11-27 21:55:16 ----D---- C:\Program Files\Java
2008-11-27 21:38:24 ----HDC---- C:\WINDOWS\ie7
2008-11-27 13:58:41 ----D---- C:\WINDOWS\BDOSCAN8
2008-11-26 17:51:57 ----D---- C:\Documents and Settings\Tom\Application Data\IObit
2008-11-26 17:51:56 ----D---- C:\Program Files\Evonsoft Computer Repair
2008-11-25 22:11:38 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-11-25 19:31:24 ----A---- C:\WINDOWS\system32\ieencode.dll
2008-11-25 19:13:04 ----D---- C:\Program Files\iPod
2008-11-25 19:13:02 ----D---- C:\Program Files\iTunes
2008-11-25 19:13:02 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 19:11:39 ----D---- C:\Program Files\QuickTime
2008-11-22 07:34:16 ----D---- C:\Program Files\Alwil Software
2008-11-21 10:19:05 ----SHD---- C:\WINDOWS\CSC
2008-11-21 10:18:57 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-20 11:07:42 ----A---- C:\WINDOWS\1.ini
2008-11-20 10:14:32 ----A---- C:\WINDOWS\system32\wow804_594.dll
2008-11-12 09:58:24 ----D---- C:\Program Files\Warcraft III
2008-11-12 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-03 09:56:11 ----D---- C:\Program Files\Lighthouse Interactive
2008-11-03 09:46:30 ----D---- C:\Program Files\SOTS
2008-11-03 09:45:54 ----D---- C:\Program Files\AMoC
2008-10-24 02:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 02:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:02:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-14 13:19:20 ----D---- C:\Documents and Settings\Tom\Application Data\Help
2008-10-14 13:19:11 ----D---- C:\Program Files\MUSHclient
2008-10-14 13:11:10 ----D---- C:\Program Files\zMUD
2008-10-14 10:25:39 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-06 10:05:33 ----D---- C:\Documents and Settings\Tom\Application Data\Media Player Classic
2008-10-06 10:04:57 ----D---- C:\Program Files\Combined Community Codec Pack
2008-10-02 07:32:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-01 18:16:37 ----D---- C:\Program Files\Yahoo!
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll
2008-09-26 20:24:40 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-09-24 19:56:30 ----D---- C:\Documents and Settings\Tom\Application Data\CyberLink
2008-09-18 18:43:46 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-09-18 18:33:04 ----A---- C:\WINDOWS\AFUDOS2.36.exe
2008-09-17 12:10:44 ----D---- C:\Program Files\Alcohol Soft
2008-09-17 11:52:47 ----D---- C:\Documents and Settings\Tom\Application Data\Roxio
2008-09-14 12:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-14 08:42:03 ----A---- C:\WINDOWS\vpc32.INI
2008-09-14 08:33:17 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-14 08:33:01 ----D---- C:\Program Files\Symantec Client Security
2008-09-14 08:23:53 ----D---- C:\Program Files\Symantec
2008-09-14 08:23:47 ----D---- C:\Program Files\Symantec AntiVirus
2008-09-13 21:35:18 ----D---- C:\Documents and Settings\Tom\Application Data\McAfee
2008-09-12 15:41:41 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-09-12 15:41:34 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-09-10 18:39:35 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2008-09-10 02:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 02:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-06 18:51:09 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-09-05 17:58:26 ----D---- C:\WINDOWS\NV37204520.TMP
2008-09-05 17:46:48 ----D---- C:\WINDOWS\nview
2008-09-05 17:28:22 ----D---- C:\Program Files\Common Files\EasyInfo

======List of files/folders modified in the last 3 months======

2008-11-28 15:30:33 ----RD---- C:\Program Files
2008-11-28 15:30:33 ----D---- C:\WINDOWS\Prefetch
2008-11-28 15:30:31 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-28 15:29:05 ----D---- C:\WINDOWS\Temp
2008-11-28 15:19:29 ----D---- C:\WINDOWS\system32\drivers
2008-11-28 08:14:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 07:57:00 ----D---- C:\WINDOWS\system32
2008-11-28 07:57:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 07:56:45 ----D---- C:\WINDOWS
2008-11-28 03:06:52 ----HD---- C:\Config.Msi
2008-11-28 03:05:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-28 03:00:22 ----HD---- C:\WINDOWS\inf
2008-11-28 03:00:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-28 03:00:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-28 03:00:16 ----D---- C:\WINDOWS\ie7updates
2008-11-27 21:55:18 ----SHD---- C:\WINDOWS\Installer
2008-11-27 21:54:34 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-27 21:49:15 ----D---- C:\WINDOWS\Help
2008-11-27 21:49:15 ----D---- C:\Program Files\Internet Explorer
2008-11-27 21:39:55 ----D---- C:\WINDOWS\system32\en-US
2008-11-27 21:39:30 ----A---- C:\WINDOWS\imsins.BAK
2008-11-27 21:39:22 ----D---- C:\WINDOWS\WBEM
2008-11-27 21:39:16 ----D---- C:\WINDOWS\Media
2008-11-27 21:37:16 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-27 21:27:26 ----D---- C:\WINDOWS\network diagnostic
2008-11-27 21:04:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-27 18:05:07 ----D---- C:\Documents and Settings\Tom\Application Data\BitTyrant
2008-11-27 16:41:34 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-27 11:59:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 11:59:02 ----D---- C:\Documents and Settings\Tom\Application Data\Mozilla
2008-11-27 01:05:08 ----D---- C:\Program Files\BitTyrant
2008-11-26 17:40:41 ----SD---- C:\WINDOWS\Tasks
2008-11-25 22:11:52 ----D---- C:\Documents and Settings\Tom\Application Data\MSN6
2008-11-25 19:16:47 ----D---- C:\Documents and Settings\Tom\Application Data\Apple Computer
2008-11-25 19:13:04 ----D---- C:\Program Files\Common Files\Apple
2008-11-25 18:48:35 ----D---- C:\Program Files\Common Files
2008-11-25 18:43:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-25 16:29:42 ----D---- C:\Program Files\World of Warcraft
2008-11-25 15:37:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-22 08:53:58 ----D---- C:\WINDOWS\system32\config
2008-11-21 07:33:55 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2008-11-12 03:04:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-12 03:00:27 ----D---- C:\WINDOWS\WinSxS
2008-11-03 16:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-03 10:20:42 ----D---- C:\WINDOWS\system32\DirectX
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-07 18:59:23 ----RSD---- C:\WINDOWS\Fonts
2008-10-07 18:55:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-03 09:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-24 19:58:44 ----D---- C:\MyWorks
2008-09-24 19:56:28 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-20 09:48:45 ----A---- C:\WINDOWS\win.ini
2008-09-17 12:15:19 ----D---- C:\Program Files\Electronic Arts
2008-09-17 09:53:08 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-09-17 09:53:01 ----D---- C:\Program Files\Mass Effect
2008-09-17 09:52:35 ----D---- C:\Program Files\Common Files\BioWare
2008-09-14 12:07:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-14 08:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-14 08:18:33 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-14 08:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-09-13 22:07:00 ----D---- C:\My Games
2008-09-11 17:46:16 ----RSD---- C:\WINDOWS\assembly
2008-09-11 17:34:56 ----D---- C:\Program Files\EA GAMES
2008-09-09 17:14:56 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-05 23:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:30:06 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-04 09:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-07 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-07 21568]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2008-06-04 508544]
R3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2008-06-04 3768]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081127.016\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081127.016\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\Drivers\SYMDNS.SYS []
R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\Drivers\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\Drivers\SYMIDS.SYS []
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081120.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\Drivers\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS []
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
R4 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 af853wfe;af853wfe; C:\WINDOWS\system32\drivers\af853wfe.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilDrvI7;EraserUtilDrvI7; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys []
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-06-02 185968]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005-06-02 239216]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-06-02 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2005-06-23 19648]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2005-06-23 79488]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-12-05 79136]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-12 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2005-06-23 1715904]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2005-06-23 198272]
R2 wowsystemcode;Remote TCP/IP; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-22 206552]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S2 RPCHE;Remote Procedure Call (RPCE); C:\Program Files\Common Files\Microsoft Shared\Speech\csvd.exe [2008-11-12 11573248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-06-02 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-13 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2005-06-23 124608]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2008-06-04 184320]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

 

Contents on Info.txt

info.txt logfile of random's system information tool 1.04 2008-11-28 15:30:42

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AllMusicConverter 3.4.5--> "C:\Program Files\AllMusicConverter\unins000.exe "
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
AX88772_2KXP-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3C6BD212-5680-4758-83ED-21171BCCBEB7}
AX88772_XP64bit-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{09757C81-EF9C-4A4D-9FC2-D3A5C376F21D}
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BitTyrant-->C:\Program Files\BitTyrant\Uninstall.exe
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{F20D2884-D854-48A7-B0F0-2921F3A23F81}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{F20D2884-D854-48A7-B0F0-2921F3A23F81}
Combined Community Codec Pack 2008-09-21 16:18--> "C:\Program Files\Combined Community Codec Pack\unins000.exe "
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Evonsoft Computer Repair 1.0--> "C:\Program Files\Evonsoft Computer Repair\unins000.exe "
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
Guild Wars--> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Premier Software 6.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Printer Software 9.0-->C:\Program Files\HP\Digital Imaging\{4FC583C2-45DB-44ac-AD30-8837DB845588}\setup\hpzscr01.exe -datfile hposcr16.dat
HP PSC & OfficeJet 6.1.A--> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LightScribe Diagnostic Utility-->MsiExec.exe /X{1639F068-6EC5-41B9-8B1E-BC1B75994EC2}
LightScribe System Software 1.10.27.1-->MsiExec.exe /X{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech QuickCam Driver Package--> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey "lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
MaxBlast 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Essentials-->MsiExec.exe /X{2B04D44F-1D1B-4E0E-8431-D04F87C21033}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB938127-v2)--> "C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 8 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Sword of the Stars-->C:\Program Files\Lighthouse Interactive\Sword of the Stars\Uninstall.exe
Symantec Client Security-->MsiExec.exe /I{BA4B71D1-898E-4306-AE87-8BA7A596F0ED}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Desktop Search 3.01-->MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Desktop Search 3.01-->MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition
FW: Symantec Client Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=16
"PROCESSOR_IDENTIFIER "=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=0202
"NUMBER_OF_PROCESSORS "=4
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO
"RoxioCentral "=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH "=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA "=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

 

Another development

I just learned that despite having run a battery of clean security checks, that there's still a keylogger for World of Warcraft on my computer, that seems to have evaded detection (As my account was hacked again this mornign)

Since I can't actually use an online checker until Java's fixed, I'm suspecting it may be related.

 

Hi Alectai

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


What is the name and location of the file you suspect is a keylogger?

 

Well, the problem is I know it's 'There', but it's sufficiently invisible that most records don't register it--I suspect it may be involved, as the account hacks coincided with the start of these little issues.

In any case though, here's the combofix log.

ComboFix 08-11-30.01 - Tom 2008-11-30 20:11:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2580 [GMT -8:00]
Running from: c:\documents and settings\Tom\Desktop\Scion\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SAV
c:\program files\SAV\WIN32\0x0409.ini
c:\program files\SAV\WIN32\Data1.cab
c:\program files\SAV\WIN32\instmsiw.exe
c:\program files\SAV\WIN32\Setup.exe
c:\program files\SAV\WIN32\Setup.ini
c:\program files\SAV\WIN32\Symantec AntiVirus.msi
c:\program files\SAV\WIN32\VDefHub.zip
c:\program files\SAV\WIN32\vpremote.dat
c:\program files\SAV\WIN32\VPREMOTE.exe
c:\windows\system32\AutoRun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-29 14:19 . 2008-11-29 14:19 <DIR> d-------- c:\program files\CleanUp!
2008-11-29 10:50 . 2008-11-29 14:16 121 --a------ c:\windows\bdagent.INI
2008-11-29 10:40 . 2008-11-29 10:40 <DIR> d-------- c:\program files\BitDefender
2008-11-29 10:37 . 2008-11-29 10:40 <DIR> d-------- c:\program files\Common Files\BitDefender
2008-11-28 15:30 . 2008-11-28 15:30 <DIR> d-------- C:\rsit
2008-11-28 15:30 . 2008-11-28 15:30 <DIR> d-------- c:\program files\trend micro
2008-11-28 15:19 . 2008-11-28 15:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 15:19 . 2008-11-28 15:19 <DIR> d-------- c:\documents and settings\Tom\Application Data\Malwarebytes
2008-11-28 15:19 . 2008-11-28 15:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 15:19 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 15:19 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 21:55 . 2008-11-27 21:55 <DIR> d-------- c:\program files\Java
2008-11-27 21:55 . 2008-11-27 21:55 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-27 13:58 . 2008-11-29 10:30 <DIR> d-------- c:\windows\BDOSCAN8
2008-11-26 17:51 . 2008-11-26 17:51 <DIR> d-------- c:\program files\Evonsoft Computer Repair
2008-11-26 17:51 . 2008-11-26 17:51 <DIR> d-------- c:\documents and settings\Tom\Application Data\IObit
2008-11-25 19:31 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-11-25 19:13 . 2008-11-25 19:13 <DIR> d-------- c:\program files\iTunes
2008-11-25 19:13 . 2008-11-25 19:13 <DIR> d-------- c:\program files\iPod
2008-11-25 19:13 . 2008-11-25 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 19:11 . 2008-11-25 19:11 <DIR> d-------- c:\program files\QuickTime
2008-11-22 07:34 . 2008-11-22 07:34 <DIR> d-------- c:\program files\Alwil Software
2008-11-20 11:07 . 2008-11-29 09:48 0 --a------ c:\windows\1.ini
2008-11-20 10:14 . 2008-11-20 10:14 133,632 --a------ c:\windows\system32\wow804_594.dll
2008-11-18 09:22 . 2008-11-20 10:14 20 --a------ c:\windows\syscheck
2008-11-12 09:58 . 2008-11-25 15:36 <DIR> d-------- c:\program files\Warcraft III
2008-11-11 11:53 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 11:53 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-03 09:56 . 2008-11-03 09:56 <DIR> d-------- c:\program files\Lighthouse Interactive
2008-11-03 09:46 . 2008-11-03 09:55 <DIR> d-------- c:\program files\SOTS
2008-11-03 09:45 . 2008-11-03 09:45 <DIR> d-------- c:\program files\AMoC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 04:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-28 02:05 --------- d-----w c:\documents and settings\Tom\Application Data\BitTyrant
2008-11-27 09:05 --------- d-----w c:\program files\BitTyrant
2008-11-26 06:11 --------- d-----w c:\documents and settings\Tom\Application Data\MSN6
2008-11-26 03:16 --------- d-----w c:\documents and settings\Tom\Application Data\Apple Computer
2008-11-26 03:13 --------- d-----w c:\program files\Common Files\Apple
2008-11-26 02:43 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-26 00:29 --------- d-----w c:\program files\World of Warcraft
2008-11-25 23:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 23:36 --------- d-----w c:\program files\MUSHclient
2008-11-22 19:30 --------- d-----w c:\program files\zMUD
2008-11-21 15:33 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-11-12 17:59 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2008-11-12 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-14 18:25 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-06 18:05 --------- d-----w c:\documents and settings\Tom\Application Data\Media Player Classic
2008-10-06 18:04 --------- d-----w c:\program files\Combined Community Codec Pack
2008-10-02 15:32 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-02 02:16 --------- d-----w c:\program files\Yahoo!
2008-10-01 20:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-19 02:33 811,288 ----a-w c:\windows\1002.zip
2008-02-14 01:02 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-01-04 21:45 22,328 ----a-w c:\documents and settings\Tom\Application Data\PnkBstrK.sys
2008-05-24 22:22 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-07 68856]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AlcoholAutomount "= "c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SoundMAXPnP "= "c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"vptray "= "c:\progra~1\SYMANT~2\SYMANT~2\VPTray.exe" [2005-06-23 85696]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-11-27 136600]
"nwiz "= "nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\BitTyrant\\Azureus.exe "=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe "=
"c:\\Program Files\\Guild Wars\\Gw.exe "=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\NWN2Launcher.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R2 wowsystemcode;Remote TCP/IP;c:\windows\System32\svchost.exe -k netsvcs [2002-08-29 14336]
R3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-11-28 99376]
R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-08-04 508544]
R3 MusCVideo32;MusCVideo32;c:\windows\system32\DRIVERS\MusCVideo32.sys [2008-08-04 3768]
S2 RPCHE;Remote Procedure Call (RPCE);c:\program files\Common Files\Microsoft Shared\Speech\csvd.exe [2008-11-12 11573248]
S3 SoundMovieServer;SoundMovieServer; "c:\windows\system32\snmvtsvc.exe" [2008-08-04 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-25 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tom.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-09-14 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 16:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {9FF9A995-82FC-4CF7-8085-93C83FC53440} = 66.60.130.158,208.67.222.222

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: TruePass EPF 7,0,100,739 - hxxps://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
c:\windows\Downloaded Program Files\TruePass EPF 7,0,100,739.osd

c:\windows\Downloaded Program Files\stg_drm.ocx - O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Are%20You%20Smarter%20Than%20A%205th%20Grader/Images/stg_drm.ocx

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd

c:\windows\Downloaded Program Files\armhelper.ocx - O16 -: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
file:///C:/Program%20Files/Are%20You%20Smarter%20Than%20A%205th%20Grader/Images/armhelper.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 20:15:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-11-30 20:21:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 04:19:57

Pre-Run: 376,807,182,336 bytes free
Post-Run: 380,031,680,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

243 --- E O F --- 2008-11-28 11:00:24

 

I'm guessing that you don't actually know the name or location of what you feel is a keylogger, and that you 'know' there is one because your account was hacked. Is that correct?

Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

c:\windows\system32\wow804_594.dll

Thanks!

 

That is correct--as I said, I only suspect they may be related--though the possibility exists that it was two seperate issues that became apparent at the same time--or some other setting with my computer had bad synergy.

I won't have access to the troubled computer until tomorrow morning--but I'll upload the mentioned file tomorrow when I get a chance--thank you for your assistance

 

It's been submitted.

Coincidentally, I've also noticed something undetected and undocumented has been siphoning the computer's hard memory somehow--do you think it might be related?

 

You submitted the file wow32.dll
I requested the file wow804_594.dll



I'm also a bit confused by your last statement;

Please elaborate.

 

Gah! Sorry about that, navigating that folder is a pain in the ass, and it was the closest thing I could find at that glance--might have just wound up missing it though, I'll run a search tomorrow mornign when I get a chance.

The memory issue is one that hasn't made a lot of sense either--I'm hoping all these problems are connected--because if they're not, then it means my system defenses have all been 100% destroyed and puppeted by this point. Basically, just leaving the computer on causes the system's virtual memory to continually be used up, until it's left with little more then a few hundred kilobytes left to work with--and checking the processes, and doing a scan of where the memory is going, doesn't account for a vast portion of what's disappearing.

 

Real one has been submitted

 

Please rename c:\windows\system32\wow804_594.dll to wow804_594.dll.old
Check for the existence of c:\windows\system32\wow.dll and if present, rename it with the .old extension as well (let me know if it's present).
Restart the computer and make sure WOW still works properly.

 

Has been done--while loading WoW was a bit more hiccupy then before at first, it ultimately came on properly.

Also, I have verified that Symantec has been comprimised to hell and back--I came on this morning to find the system virtually 100% locked up (I could move the mouse, but I couldn't open anything, even the task manager), and a big message saying that Symantec Antivirus doesn't have any definitions to work with. Attempting to open up the threat history and logs on it after the fact causes to program to crash.

Should I uninstall that and put something new and reliable on?

 

Is WOW still working properly with that dll renamed?
Did the file wow.dll exist?
Is Symantec still suffering problems after a couple of reboots?

 

Actually, the DLL you pointed out 'Was' revealled as the keylogger after I proceeded to download and run AVG after the renaming and restart and a through search (Though it did reveal that the upstairs computer--contrary to what the other users insist--was 'Not' secured from that flash exploit from a while back). However, it turned out to be unrelated to the java or symantec issues--and I feel those are now a major priority.

Any insights on that?

 

This procedure is documented on the Microsoft.com website for resetting registry and system file permissions, as well as default security descriptors. While it might not fix the problem, it should do no harm either.

Download and install SubInACL from Microsoft.

Close out all other programs and open windows.

Highlight and copy the contents of the code box below.

Code:

cd /d  "%ProgramFiles%\Windows Resource Kits\Tools "
subinacl /subkeyreg HKEY_LOCAL_MACHINE\Software /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_LOCAL_MACHINE\System /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CURRENT_USER /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subkeyreg HKEY_CLASSES_ROOT /owner=administrators /grant=administrators=f /grant=system=f /grant=RESTRICTED=r
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%\*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose 
exit
cls

Click Start>Run and type cmd then hit enter to open a command window.
Right click in the command window and select paste.
It will take a while for the commands to process, so please be patient.
The command window should close on it's own when finished.
Reboot for the changes to take effect.


Once you've logged back on, please go to Add/Remove programs and uninstall any remaining Java installations.
Restart once more and check C:\Program Files and C:\Program Files\Common Files for a Java folder. Delete it if it exists.

Now open JavaRa
Select Remove Older Versions in the JavaRa interface and allow it to proceed
When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
Next select Search for Updates, then Update using Sun Java's website
Exit the JavaRa tool.
At the website, download Java SE Runtime Environment (JRE) 6 Update 11
Select language and operating system, agree to the terms, then select the Windows online installation.
Select Run on the prompts.
Let me know if installation is successful.


What exactly is going on with Norton?