Active [unable to access any AV websites]

[Active] [unable to access any AV websites]

Hey guys,

It seems that there's a similar problem going across the boards with this Trojan/Spyware thing. I've run everything I could before I got stuck with being unable to access any AV websites. Here are the logs from RSIT as requested. Thanks for all your help!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Howard at 2009-01-02 23:38:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (4%) free of 149 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:55 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
K:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Howard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe "
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe "
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206410123453
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F3C7B32-9DD4-436D-BAB1-430B3773CC13}: NameServer = 192.168.2.1,192.168.3.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL sfzgmi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12457 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-24 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-20 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-06-14 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-24 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2007-12-15 262144]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-03 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-11-20 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp "=C:\WINDOWS\stsystra.exe [2005-03-22 339968]
"NeroCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DMXLauncher "=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006-05-03 98304]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"WinPatrol "=C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe [2006-07-20 230976]
"ISUSPM "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"Kernel and Hardware Abstraction Layer "=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz "=nwiz.exe /install []
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"AppleSyncNotifier "=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task "=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"LogitechCommunicationsManager "=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon "=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]
"ZoneAlarm Client "=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-11-13 981904]
"Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-06 30192]
"UnlockerAssistant "=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-01 15872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk "=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6 "=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
"msnmsgr "=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"Google Update "=C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-30 39408]
"RocketDock "=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Howard\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL sfzgmi.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages "=msv1_0
C:\WINDOWS\system32\awtQgHxu

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe "= "C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger "
"C:\Program Files\Bonjour\mDNSResponder.exe "= "C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll "= "C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin "
"C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe "= "C:\Documents and Settings\Howard\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin "
"C:\Program Files\Ventrilo\Ventrilo.exe "= "C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\MSN Messenger\msncall.exe "= "C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b34bc22-a486-11dc-ab03-001372d87835}]
shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c92e8e0-fd0a-11db-a0f9-001372d87835}]
shell\AutoRun\command - v.cmd
shell\explore\command - v.cmd
shell\open\command - v.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae59e06a-9727-11dd-93e8-001372d87835}]
shell\AutoRun\command - driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
shell\open\command - driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1 "
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-02 23:38:50 ----DC---- C:\rsit
2009-01-02 23:10:04 ----D---- C:\Program Files\Trend Micro
2009-01-02 22:07:15 ----D---- C:\Program Files\Unlocker
2009-01-02 20:50:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-02 18:29:35 ----A---- C:\WINDOWS\system32\sfzgmi.dll
2009-01-02 18:29:34 ----A---- C:\WINDOWS\system32\nykjlxib.dll
2009-01-02 18:28:03 ----SH---- C:\WINDOWS\system32\aaovjmoq.ini
2009-01-02 18:27:59 ----A---- C:\WINDOWS\system32\qomjvoaa.dll
2009-01-02 18:22:44 ----A---- C:\WINDOWS\system32\f36773fe-.txt
2009-01-02 18:22:30 ----ASH---- C:\WINDOWS\system32\uxHgQtwa.ini2
2009-01-02 18:22:30 ----ASH---- C:\WINDOWS\system32\uxHgQtwa.ini
2008-12-24 22:58:18 ----D---- C:\Program Files\Ventrilo
2008-12-24 22:58:11 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-19 20:11:50 ----D---- C:\Program Files\CleanUp!
2008-12-11 20:54:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 20:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 20:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 20:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:58:22 ----D---- C:\Program Files\RocketDock
2008-12-04 21:40:23 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-12-04 21:40:22 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-12-04 21:40:14 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-11-24 20:59:01 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-24 20:59:01 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-24 20:59:01 ----A---- C:\WINDOWS\system32\java.exe
2008-11-24 20:59:01 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-21 06:39:07 ----D---- C:\Program Files\EA Games
2008-11-20 22:03:39 ----D---- C:\Documents and Settings\Howard\Application Data\MiniDm
2008-11-20 19:04:11 ----D---- C:\Documents and Settings\Howard\Application Data\IEPro
2008-11-18 23:21:41 ----D---- C:\Program Files\Lavasoft
2008-11-18 23:21:40 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-13 17:01:23 ----DC---- C:\GTALauncher
2008-11-12 23:08:16 ----D---- C:\Documents and Settings\Howard\Application Data\Ace
2008-11-12 18:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 18:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 18:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 23:18:08 ----D---- C:\Program Files\FormatFactory
2008-11-05 16:38:55 ----RA---- C:\WINDOWS\system32\tmp33.tmp
2008-10-31 17:33:07 ----D---- C:\Program Files\Defraggler
2008-10-23 20:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 17:59:51 ----A---- C:\WINDOWS\zllsputility.exe
2008-10-16 17:59:21 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-10-16 17:59:18 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-10-16 17:58:31 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-10-16 17:58:28 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-10-16 17:58:28 ----D---- C:\Program Files\Zone Labs
2008-10-16 17:58:28 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-10-16 17:58:27 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-10-16 17:58:27 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-10-16 17:57:52 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-10-16 17:57:52 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-10-16 17:57:52 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-10-16 17:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 17:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 17:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 17:43:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 17:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 3 months======

2009-01-02 23:32:15 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 23:31:33 ----D---- C:\WINDOWS\Temp
2009-01-02 23:31:33 ----D---- C:\WINDOWS\system32
2009-01-02 23:28:24 ----D---- C:\WINDOWS\Internet Logs
2009-01-02 23:27:39 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-01-02 23:25:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-02 23:10:04 ----D---- C:\Program Files
2009-01-02 22:49:39 ----HDC---- C:\$AVG8.VAULT$
2009-01-02 20:52:30 ----SHD---- C:\RECYCLER
2009-01-02 20:50:34 ----D---- C:\Documents and Settings
2009-01-02 20:50:08 ----D---- C:\WINDOWS
2009-01-02 19:11:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-02 18:45:16 ----SD---- C:\WINDOWS\Tasks
2009-01-02 18:03:26 ----D---- C:\WINDOWS\system32\drivers
2009-01-02 16:36:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-31 14:10:40 ----D---- C:\Program Files\Warcraft III
2008-12-30 23:53:32 ----A---- C:\WINDOWS\cdplayer.ini
2008-12-30 11:22:07 ----HD---- C:\WINDOWS\inf
2008-12-24 22:58:20 ----SHD---- C:\WINDOWS\Installer
2008-12-24 22:57:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-24 16:07:03 ----D---- C:\Documents and Settings\Howard\Application Data\BitTorrent
2008-12-24 12:37:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-12-24 11:03:45 ----D---- C:\WINDOWS\system32\Adobe
2008-12-19 20:23:38 ----D---- C:\temp
2008-12-19 18:58:42 ----D---- C:\Program Files\SC
2008-12-19 18:57:03 ----D---- C:\Program Files\WC3Banlist
2008-12-19 18:51:45 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-19 18:50:42 ----D---- C:\My Video
2008-12-19 18:50:23 ----DC---- C:\DVDVideoSoft
2008-12-19 18:21:09 ----D---- C:\Program Files\Common Files\Autodesk Shared
2008-12-19 18:12:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-19 18:09:30 ----D---- C:\Program Files\Common Files\AVSMedia
2008-12-19 18:09:27 ----D---- C:\Program Files\AVS4YOU
2008-12-19 18:08:23 ----D---- C:\WINDOWS\Debug
2008-12-18 08:01:00 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 08:00:58 ----D---- C:\WINDOWS\ie7updates
2008-12-18 08:00:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 22:18:50 ----D---- C:\Program Files\LimeWire
2008-12-11 20:55:22 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-11 20:54:24 ----D---- C:\Program Files\Internet Explorer
2008-12-11 00:17:42 ----AC---- C:\vraylog.txt
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 07:37:33 ----D---- C:\Program Files\Common Files\Stardock
2008-12-06 17:19:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 16:57:50 ----D---- C:\Program Files\Google
2008-12-04 21:39:19 ----D---- C:\WINDOWS\WinSxS
2008-12-04 19:48:23 ----D---- C:\Documents and Settings\Howard\Application Data\Mozilla
2008-11-24 20:58:43 ----D---- C:\Program Files\Java
2008-11-22 22:54:03 ----D---- C:\Program Files\AIM6
2008-11-22 22:53:05 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-21 06:58:07 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-21 06:39:07 ----D---- C:\WINDOWS\system32\DirectX
2008-11-21 06:38:20 ----RSD---- C:\WINDOWS\assembly
2008-11-20 22:05:18 ----D---- C:\Documents and Settings\Howard\Application Data\Google
2008-11-20 22:03:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-20 07:06:29 ----D---- C:\WINDOWS\Help
2008-11-15 17:28:40 ----D---- C:\WINDOWS\system32\FxsTmp
2008-11-13 22:29:10 ----D---- C:\Documents and Settings\Howard\Application Data\Move Networks
2008-11-11 22:22:56 ----D---- C:\Program Files\DivX
2008-11-08 09:00:13 ----A---- C:\WINDOWS\win.ini
2008-11-02 07:46:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-17 19:17:02 ----D---- C:\Program Files\AviSynth 2.5
2008-10-16 17:59:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-16 17:29:58 ----D---- C:\Documents and Settings\Howard\Application Data\Apple Computer
2008-10-16 17:28:47 ----D---- C:\WINDOWS\system32\Restore
2008-10-16 15:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 15:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 15:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 15:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 15:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 15:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 08:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-14 19:12:43 ----AC---- C:\WINDOWS\usrwiz.ini
2008-10-03 05:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-11-13 353680]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-06-29 3712]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-04 1273344]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2006-05-10 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-05-10 71680]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-08 47360]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\RSC4USB.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva143;XDva143; \??\C:\WINDOWS\system32\XDva143.sys []
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys []
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2006-10-04 77944]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-24 152984]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-11-21 183112]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-04 380928]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-11-13 2405776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-08-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-06 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2004-11-19 147456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 hpdj00;hpdj00; C:\DOCUME~1\Howard\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 3840 Series -product=3840 []
S4 PnkBstrA;PunkBuster; C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe [2008-10-21 63040]

-----------------EOF-----------------

 

That was the log file, here is the info file.

info.txt logfile of random's system information tool 1.05 2009-01-02 23:38:58

======Uninstall list======

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Defraggler (remove only)--> "C:\Program Files\Defraggler\uninst.exe "
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD Decrypter (Remove Only)--> "C:\Program Files\DVD Decrypter\uninstall.exe "
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
FormatFactory-->MsiExec.exe /X{E42420E7-D4A5-4264-BFF2-29743465A791}
FoxyTunes for Firefox--> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Talk (remove only)--> "C:\Program Files\Google\Google Talk\uninstall.exe "
Google Talk Plugin-->MsiExec.exe /I{DFB48451-4F78-33DC-BC42-8C403C74939F}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer--> "C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_11CB06797F2F038A.exe" /uninstall
Google Updater--> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Half-Life 2--> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/220
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
iDump (Backing up your iPod)-->C:\Program Files\iDump\uninstall.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
iTunesFolderWatch-->MsiExec.exe /I{284C0EDD-C817-4ACB-AF69-5DCC637202FB}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.18.8--> "C:\Program Files\LimeWire\uninstall.exe "
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech QuickCam Driver Package--> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey "lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Maxwell Plugin for 3D Studio Max-->C:\Program Files\Autodesk\3ds Max 9\MaxwellPluginUninstall.exe
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5--> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Need for Speedâ„¢ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenAL--> "C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RocketDock 1.3.5--> "C:\Program Files\RocketDock\unins000.exe "
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB928090)--> "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB929969)--> "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB931768)--> "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB933566)--> "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB937143)--> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB958215)--> "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB960714)--> "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB952069)--> "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954600)--> "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956802)--> "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Source Dedicated Server--> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/205
Source SDK Base--> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/215
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Uninstall 1.0.0.0--> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe "
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Update for Windows XP (KB955839)--> "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe "
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html "
WebCyberCoach 3.2 Dell--> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4 "
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinPatrol-->C:\WINDOWS\uninst.exe -f "C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c "C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL "
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm Spy Blocker-->rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.antimalwareguard.com
O20 - Winlogon Notify: efcYQHBS - efcYQHBS.dll (file missing)
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall (disabled)

System event log

Computer Name: SID
Event Code: 7036
Message: The TrueVector Internet Monitor service entered the stopped state.

Record Number: 232423
Source Name: Service Control Manager
Time Written: 20081207224357.000000-300
Event Type: information
User:

Computer Name: SID
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a start control.

Record Number: 232422
Source Name: Service Control Manager
Time Written: 20081207224351.000000-300
Event Type: information
User: SID\Howard

Computer Name: SID
Event Code: 7024
Message: The TrueVector Internet Monitor service terminated with service-specific error 0 (0x0).

Record Number: 232421
Source Name: Service Control Manager
Time Written: 20081207224349.000000-300
Event Type: error
User:

Computer Name: SID
Event Code: 7036
Message: The TrueVector Internet Monitor service entered the stopped state.

Record Number: 232420
Source Name: Service Control Manager
Time Written: 20081207224349.000000-300
Event Type: information
User:

Computer Name: SID
Event Code: 7035
Message: The TrueVector Internet Monitor service was successfully sent a start control.

Record Number: 232419
Source Name: Service Control Manager
Time Written: 20081207224346.000000-300
Event Type: information
User: SID\Howard

Application event log

Computer Name: SID
Event Code: 1004
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Record Number: 18393
Source Name: MsiInstaller
Time Written: 20080922070536.000000-240
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: SID
Event Code: 1001
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Record Number: 18392
Source Name: MsiInstaller
Time Written: 20080922070457.000000-240
Event Type: warning
User: SID\Howard

Computer Name: SID
Event Code: 1004
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Record Number: 18391
Source Name: MsiInstaller
Time Written: 20080922070457.000000-240
Event Type: warning
User: SID\Howard

Computer Name: SID
Event Code: 1001
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{C207503F-9631-4AF6-8CD2-D11260DBA3C5}'

Record Number: 18390
Source Name: MsiInstaller
Time Written: 20080922070457.000000-240
Event Type: warning
User: SID\Howard

Computer Name: SID
Event Code: 1004
Message: Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Record Number: 18389
Source Name: MsiInstaller
Time Written: 20080922070457.000000-240
Event Type: warning
User: SID\Howard

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION "=0407
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"CLASSPATH "=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA "=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"tvdumpflags "=8

-----------------EOF-----------------

Thanks a lot!

 

Thanks for the adjust; look forward to hearing more soon.

 

Welcome to WindowsBBS HowardF

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Thanks Noah Here's the log from ComboFix. I couldn't turn off Avast! for some reason so it was "running ". I hope that doesn't cause any problems. Thank you again!

ComboFix 09-01-02.01 - Howard 2009-01-04 18:20:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1556 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1296 [VPS 090104-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Howard\Application Data\addon.dat
c:\documents and settings\Howard\Application Data\inst.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekavycvcjml.sys
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekakxdoljne.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekanoobvpcp.dll
c:\windows\system32\senekapsoylfrk.dll
c:\windows\system32\tmp33.tmp
c:\windows\system32\tmp63.tmp
c:\windows\system32\uxHgQtwa.ini
c:\windows\system32\uxHgQtwa.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 18:46 . 2009-01-03 18:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-03 18:46 . 2009-01-03 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-03 16:19 . 2009-01-03 16:19 <DIR> d-------- c:\program files\Alwil Software
2009-01-02 23:38 . 2009-01-02 23:38 <DIR> d----c--- C:\rsit
2009-01-02 23:10 . 2009-01-02 23:10 <DIR> d-------- c:\program files\Trend Micro
2009-01-02 22:07 . 2009-01-02 22:09 <DIR> d-------- c:\program files\Unlocker
2009-01-02 20:50 . 2006-07-19 13:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2009-01-02 20:50 . 2009-01-03 18:48 <DIR> d-------- c:\documents and settings\Administrator
2009-01-02 18:28 . 2009-01-02 18:28 1,307,356 ---hs---- c:\windows\system32\aaovjmoq.ini
2008-12-24 22:58 . 2008-12-24 22:58 <DIR> d-------- c:\program files\Ventrilo
2008-12-24 22:58 . 2008-12-24 22:58 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-22 23:51 . 2008-12-22 23:51 8,421 --a--c--- C:\E2938(3).MDS
2008-12-22 23:18 . 2008-12-22 23:51 8,145,393,664 --a--c--- C:\E2938(3).ISO
2008-12-22 23:06 . 2008-12-22 23:06 8,421 --a--c--- C:\E2938(2).MDS
2008-12-22 22:35 . 2008-12-22 23:06 8,211,769,344 --a--c--- C:\E2938(2).ISO
2008-12-20 00:06 . 2008-12-20 00:06 8,421 --a--c--- C:\E2938(1).MDS
2008-12-19 23:35 . 2008-12-20 00:06 8,262,236,160 --a--c--- C:\E2938(1).ISO
2008-12-19 20:11 . 2008-12-19 20:11 <DIR> d-------- c:\program files\CleanUp!
2008-12-19 17:44 . 2008-12-19 17:44 8,418 --a--c--- C:\E2938.MDS
2008-12-19 17:13 . 2008-12-19 17:44 8,289,449,984 --a--c--- C:\E2938.ISO
2008-12-06 11:58 . 2008-12-06 11:58 <DIR> d-------- c:\program files\RocketDock
2008-12-04 21:40 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 23:24 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-04 23:24 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-03 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-02 21:36 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-31 19:10 --------- d-----w c:\program files\Warcraft III
2008-12-25 03:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-24 21:07 --------- d-----w c:\documents and settings\Howard\Application Data\BitTorrent
2008-12-19 23:58 --------- d-----w c:\program files\SC
2008-12-19 23:57 --------- d-----w c:\program files\WC3Banlist
2008-12-19 23:21 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-19 23:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 23:09 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-19 23:09 --------- d-----w c:\program files\AVS4YOU
2008-12-13 03:18 --------- d-----w c:\program files\LimeWire
2008-12-12 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-07 12:37 --------- d-----w c:\program files\Common Files\Stardock
2008-12-06 21:57 --------- d-----w c:\program files\Google
2008-11-25 01:58 --------- d-----w c:\program files\Java
2008-11-23 03:54 --------- d-----w c:\program files\AIM6
2008-11-23 03:53 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-21 12:18 --------- d-----w c:\documents and settings\Howard\Application Data\MiniDm
2008-11-21 11:59 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-21 11:39 --------- d-----w c:\program files\EA Games
2008-11-21 00:05 --------- d-----w c:\documents and settings\Howard\Application Data\IEPro
2008-11-19 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-19 04:21 --------- d-----w c:\program files\Lavasoft
2008-11-14 03:29 --------- d-----w c:\documents and settings\Howard\Application Data\Move Networks
2008-11-13 04:08 --------- d-----w c:\documents and settings\Howard\Application Data\Ace
2008-11-12 04:18 --------- d-----w c:\program files\FormatFactory
2008-11-12 03:22 --------- d-----w c:\program files\DivX
2008-04-07 05:59 47,360 -c--a-w c:\documents and settings\Howard\Application Data\pcouffin.sys
2008-02-06 03:09 22,328 -c--a-w c:\documents and settings\Howard\Application Data\PnkBstrK.sys
2008-12-06 21:58 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-07-22 15:54 8 --sh--r c:\windows\system32\117E68C5D5.sys
2006-07-22 16:10 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-24 01:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Google Update "= "c:\documents and settings\Howard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-30 39408]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WinPatrol "= "c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 230976]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-06 30192]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SigmatelSysTrayApp "= "stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

c:\documents and settings\Howard\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-07-19 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-13 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Documents and Settings\\Howard\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Howard\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14424:TCP "= 14424:TCP:BitComet 14424 TCP
"14424:UDP "= 14424:UDP:BitComet 14424 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-03 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-03 20560]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-07-21 3712]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-15 24652]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-06 30192]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\RSC4USB.sys --> c:\windows\system32\DRIVERS\RSC4USB.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]
S4 hpdj00;hpdj00;c:\docume~1\Howard\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 3840 Series -product=3840 --> c:\docume~1\Howard\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Deskjet 3840 Series -product=3840 [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c92e8e0-fd0a-11db-a0f9-001372d87835}]
\Shell\AutoRun\command - v.cmd
\Shell\explore\Command - v.cmd
\Shell\open\Command - v.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{70AA1827-DC5C-F4CF-EFEB-9A74038BD849}]
c:\windows\system32\driver\win32.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {7F3C7B32-9DD4-436D-BAB1-430B3773CC13} = 192.168.2.1,192.168.3.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bgv2xc43.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 18:26:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\logishrd\KHAL2\KHALMNPR.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-01-04 18:32:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-04 23:32:23

Pre-Run: 6,051,037,184 bytes free
Post-Run: 5,934,133,248 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

260 --- E O F --- 2008-12-18 13:01:03

 

Did you Right click on the avast! icon in system tray and choose Stop On-Access Protection?
Once again, attempt to disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
c:\windows\system32\aaovjmoq.ini
Driver::
hpdj00
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c92e8e0-fd0a-11db-a0f9-001372d87835}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{70AA1827-DC5C-F4CF-EFEB-9A74038BD849}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

I couldn't access the toolbar when it happened but this time around, I was able to disable it before I ran the ComboFix. Here are the results.

ComboFix 09-01-02.01 - Howard 2009-01-04 23:20:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1489 [GMT -5:00]
Running from: c:\documents and settings\Howard\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Howard\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090104-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\aaovjmoq.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hpdj00


((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 )))))))))))))))))))))))))))))))
.

2009-01-03 18:46 . 2009-01-03 18:46 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-03 18:46 . 2009-01-03 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-03 16:19 . 2009-01-03 16:19 <DIR> d-------- c:\program files\Alwil Software
2009-01-02 23:38 . 2009-01-02 23:38 <DIR> d----c--- C:\rsit
2009-01-02 23:10 . 2009-01-02 23:10 <DIR> d-------- c:\program files\Trend Micro
2009-01-02 22:07 . 2009-01-02 22:09 <DIR> d-------- c:\program files\Unlocker
2009-01-02 20:50 . 2006-07-19 13:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Gtek
2009-01-02 20:50 . 2009-01-03 18:48 <DIR> d-------- c:\documents and settings\Administrator
2008-12-24 22:58 . 2008-12-24 22:58 <DIR> d-------- c:\program files\Ventrilo
2008-12-24 22:58 . 2008-12-24 22:58 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-22 23:51 . 2008-12-22 23:51 8,421 --a--c--- C:\E2938(3).MDS
2008-12-22 23:18 . 2008-12-22 23:51 8,145,393,664 --a--c--- C:\E2938(3).ISO
2008-12-22 23:06 . 2008-12-22 23:06 8,421 --a--c--- C:\E2938(2).MDS
2008-12-22 22:35 . 2008-12-22 23:06 8,211,769,344 --a--c--- C:\E2938(2).ISO
2008-12-20 00:06 . 2008-12-20 00:06 8,421 --a--c--- C:\E2938(1).MDS
2008-12-19 23:35 . 2008-12-20 00:06 8,262,236,160 --a--c--- C:\E2938(1).ISO
2008-12-19 17:44 . 2008-12-19 17:44 8,418 --a--c--- C:\E2938.MDS
2008-12-19 17:13 . 2008-12-19 17:44 8,289,449,984 --a--c--- C:\E2938.ISO
2008-12-06 11:58 . 2008-12-06 11:58 <DIR> d-------- c:\program files\RocketDock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 04:23 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-05 04:23 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-01-05 02:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 02:59 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-05 00:37 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-05 00:10 --------- d-----w c:\program files\Java
2009-01-03 23:48 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-03 00:16 279,552 ----a-w c:\windows\Internet Logs\xDB11.tmp
2009-01-03 00:16 1,819,648 ----a-w c:\windows\Internet Logs\xDB34.tmp
2008-12-31 19:10 --------- d-----w c:\program files\Warcraft III
2008-12-26 05:02 118,796 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_26_00_00_36_small.dmp.zip
2008-12-26 04:59 116,010 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_25_23_58_55_small.dmp.zip
2008-12-26 04:59 112,753 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_25_23_59_42_small.dmp.zip
2008-12-26 04:58 118,703 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_25_23_58_05_small.dmp.zip
2008-12-26 04:57 129,898 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_25_23_56_53_small.dmp.zip
2008-12-26 04:57 115,340 ----a-w c:\windows\Internet Logs\vsmon_2nd_2008_12_25_23_57_25_small.dmp.zip
2008-12-26 04:57 1,791,488 ----a-w c:\windows\Internet Logs\xDB61.tmp
2008-12-26 04:57 1,082,368 ----a-w c:\windows\Internet Logs\xDB5C.tmp
2008-12-24 21:07 --------- d-----w c:\documents and settings\Howard\Application Data\BitTorrent
2008-12-24 17:37 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-21 04:08 2,856,684 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2008-12-19 23:58 --------- d-----w c:\program files\SC
2008-12-19 23:57 --------- d-----w c:\program files\WC3Banlist
2008-12-19 23:21 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-19 23:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 23:09 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-19 23:09 --------- d-----w c:\program files\AVS4YOU
2008-12-14 22:00 53,533 ----a-w c:\windows\Internet Logs\zlclient_2nd_2008_12_13_23_26_05_small.dmp.zip
2008-12-13 03:18 --------- d-----w c:\program files\LimeWire
2008-12-12 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 03:57 9,216 ----a-w c:\windows\Internet Logs\xDBD.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB157E.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB157D.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB157B.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB157A.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB1579.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB1578.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB1577.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB1576.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB1575.tmp
2008-12-08 03:56 9,216 ----a-w c:\windows\Internet Logs\xDB1574.tmp
2008-12-08 03:56 8,192 ----a-w c:\windows\Internet Logs\xDB157C.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1566.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1565.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1564.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1563.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1562.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1561.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB1560.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB155F.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB155E.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB155D.tmp
2008-12-08 03:54 9,216 ----a-w c:\windows\Internet Logs\xDB155B.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB155A.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1559.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1558.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1557.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1556.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1555.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1554.tmp
2008-12-08 03:53 9,216 ----a-w c:\windows\Internet Logs\xDB1553.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB1552.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB1551.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB1550.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB154F.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB154E.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB154D.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB154C.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB154B.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB154A.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB1549.tmp
2008-12-08 03:52 9,216 ----a-w c:\windows\Internet Logs\xDB1548.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1547.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1546.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1545.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1544.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1543.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1542.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1541.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB1540.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB153F.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB153E.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB153D.tmp
2008-12-08 03:51 9,216 ----a-w c:\windows\Internet Logs\xDB153C.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB153B.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB153A.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1539.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1538.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1537.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1536.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1535.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1534.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1533.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1532.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1531.tmp
2008-12-08 03:50 9,216 ----a-w c:\windows\Internet Logs\xDB1530.tmp
2008-12-08 03:49 9,216 ----a-w c:\windows\Internet Logs\xDB152F.tmp
2008-12-08 03:49 9,216 ----a-w c:\windows\Internet Logs\xDB152E.tmp
2008-12-08 03:49 9,216 ----a-w c:\windows\Internet Logs\xDB152D.tmp
2008-12-08 03:49 9,216 ----a-w c:\windows\Internet Logs\xDB152C.tmp
2008-12-06 21:58 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-07-22 15:54 8 --sh--r c:\windows\system32\117E68C5D5.sys
2006-07-22 16:10 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-24 01:11 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092320080924\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_18.31.14.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-25 01:58:47 410,976 ----a-w c:\windows\system32\deploytk.dll
+ 2008-11-10 10:43:30 410,984 ----a-w c:\windows\system32\deploytk.dll
- 2008-11-25 01:58:47 144,792 ----a-w c:\windows\system32\java.exe
+ 2008-11-10 10:43:37 144,792 ----a-w c:\windows\system32\java.exe
- 2008-11-25 01:58:47 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-10 10:43:38 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-11-25 01:58:47 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-10 10:43:39 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-05 04:24:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1bc.dat
+ 2009-01-05 04:24:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk "= "c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Google Update "= "c:\documents and settings\Howard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-30 39408]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WinPatrol "= "c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2006-07-20 230976]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-06 30192]
"UnlockerAssistant "= "c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SigmatelSysTrayApp "= "stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"nwiz "= "nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

c:\documents and settings\Howard\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-07-19 24576]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-13 66864]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=" "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"c:\\Documents and Settings\\Howard\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll "=
"c:\\Documents and Settings\\Howard\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe "=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14424:TCP "= 14424:TCP:BitComet 14424 TCP
"14424:UDP "= 14424:UDP:BitComet 14424 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-03 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-03 20560]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-07-21 3712]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-15 24652]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-06 30192]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\RSC4USB.sys --> c:\windows\system32\DRIVERS\RSC4USB.sys [?]
S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {7F3C7B32-9DD4-436D-BAB1-430B3773CC13} = 192.168.2.1,192.168.3.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\91eig7fa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Howard\Application Data\Mozilla\Firefox\Profiles\91eig7fa.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Howard\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Howard\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 23:25:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Howard\LOCALS~1\Temp\GUR3.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-01-04 23:31:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-05 04:31:37
ComboFix2.txt 2009-01-04 23:32:28

Pre-Run: 5,633,761,280 bytes free
Post-Run: 5,631,545,344 bytes free

319 --- E O F --- 2008-12-18 13:01:03

 

Just so you know, you may delete the contents of c:\windows\Internet Logs
Those are placed there by Zone Alarm and can consume quite a lot of space unnecessarily.

Log looks good. Lets get an online scan. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Thanks Noah, I really appreciate your help in this problem.

Here's the log from the Kapersky Online Scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 06, 2009 01:49:19
Records in database: 1567766
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
M:\

Scan statistics:
Files scanned: 162859
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:31:02


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekakxdoljne.dll.vir Infected: Trojan.Win32.Small.brl 1

The selected area was scanned.

 

Looks good. If you're satisfied things are working normally, proceed with uninstalling ComboFix as outlined below.

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
Delete RSIT.exe and the C:\rsit folder.
You can delete any other logs that were created/saved too.
Finally, empty the recycle bin.

 

Thanks for all your help, Dave. (Sorry I didn't notice that your name wasn't Noah!) Everything's working as normal, thank you very much!

 

That's great news Howard! Glad I could help. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!