Enter your search terms

Web www.linabbs.com

Submit search form
Linabbs's blog
Categories
- Virus
- Windows7
- Zonealarm
Recent Comments
- punji on programs on my pc will not open. they say can not connect to the internet
- kymodoce on [Resolved] can’t open antivirus site and update antivirus
Recent Posts
Archives
Blogroll
- Linabbs
Pages
- About
Meta
Spam Blocked

343 spam comments

blocked by
Akismet

Jan

11

can’t open antivirus site and update antivirus

Filed Under Virus |

Hi guys, please help me. I’ve read all of the threads that are similar with my problem. However, I think mine is kinda different. I can’t open antivirus sites and update the antivirus in normal mode, but I can do it in safe mode. And also my sites are not redirected. I’ve done so many things, but my AVG, registry booster, and malwarebytes’ anti-malware said that my computer is clean. Please help me to get rid of this. Here are the logs from RSIT. Thank you

Logfile of random’s system information tool 1.05 (written by random/random)

Run by Administrator at 2009-01-08 18:50:47

Microsoft Windows XP Professional Service Pack 2

System drive C: has 6 GB (31%) free of 19 GB

Total RAM: 766 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:50:48, on 08/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\RSIT.exe

C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco…search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco…/www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] F:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{89815402-CEA2-400F-B3CD-1446E8D66084}: NameServer = 202.134.1.10,202.134.0.155

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

–

End of file - 7323 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

BitComet Helper - F:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-05 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]

Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-10 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{ACB1E670-3217-45C4-A021-6B829A8A27CB}

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2006-09-21 53248]

"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2007-02-06 176128]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-06 98304]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-05-28 1826816]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"EPSON Stylus C45 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE [2004-01-14 99840]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2004-09-03 139264]

"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-06 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

"Uniblue RegistryBooster 2009"=F:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe [2008-08-26 2019624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"NeroHomeFirstStart"=C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [2007-06-01 16944]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]

"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

"C:\Program Files\DAP\DAP.exe"="C:\Program Files\DAP\DAP.exe:*:Enabledownload Accelerator Plus (DAP)"

"C:\Program Files\Java\jre1.6.0_03\bin\java.exe"="C:\Program Files\Java\jre1.6.0_03\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"

"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"

"F:\Program Files\LimeWire\LimeWire.exe"="F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator"

"C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe"="C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorService"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:EnabledNA"

"F:\Program Files\BitTorrent\bittorrent.exe"="F:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"

"F:\Program Files\BitComet\BitComet.exe"="F:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-08 18:42:15 —-D—- C:\rsit

2009-01-08 18:42:15 —-D—- C:\Program Files\trend micro

2009-01-08 18:22:35 —-D—- C:\Documents and Settings\Administrator\Application Data\Macromedia

2009-01-08 18:22:35 —-D—- C:\Documents and Settings\Administrator\Application Data\Adobe

2009-01-08 18:21:22 —-D—- C:\Documents and Settings\Administrator\Application Data\Mozilla

2009-01-08 18:19:40 —-SHD—- C:\WINDOWS\CSC

2009-01-08 17:19:52 —-D—- C:\Documents and Settings\Administrator\Application Data\Uniblue

2009-01-08 17:13:48 —-D—- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2009-01-08 17:13:03 —-A—- C:\WINDOWS\ntbtlog.txt

2009-01-05 18:53:22 —-D—- C:\Program Files\Enigma Software Group

2009-01-05 12:06:43 —-D—- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-01-04 19:33:00 —-D—- C:\Documents and Settings\All Users\Application Data\SecTaskMan

2009-01-04 19:14:16 —-HDC—- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-01-03 15:18:48 —-D—- C:\Documents and Settings\All Users\Application Data\GameHouse

2009-01-03 12:57:55 —-D—- C:\Program Files\GameHouse

2009-01-03 12:36:41 —-D—- C:\Program Files\RealArcade

2008-12-23 19:27:07 —-D—- C:\Downloads

2008-12-11 15:56:40 —-D—- C:\WINDOWS\system32\NtmsData

2008-12-03 15:50:12 —-D—- C:\Program Files\Microsoft Games

2008-11-19 14:18:57 —-A—- C:\WINDOWS\system32\bad3.exe

2008-11-19 14:18:54 —-A—- C:\WINDOWS\system32\bad2.exe

2008-11-19 14:18:47 —-A—- C:\WINDOWS\system32\bad1.exe

2008-10-26 07:09:05 —-A—- C:\WINDOWS\system32\ptpusb.dll

2008-10-26 07:09:04 —-A—- C:\WINDOWS\system32\ptpusd.dll

2008-10-26 06:57:18 —-HDC—- C:\WINDOWS\$NtUninstallKB958644$

2008-10-21 16:48:40 —-D—- C:\WINDOWS\system32\CatRoot_bak

2008-10-18 14:54:28 —-HDC—- C:\WINDOWS\$NtUninstallKB957095$

2008-10-18 14:54:21 —-HDC—- C:\WINDOWS\$NtUninstallKB954211$

2008-10-18 14:54:04 —-HDC—- C:\WINDOWS\$NtUninstallKB956390$

2008-10-17 23:58:16 —-HDC—- C:\WINDOWS\$NtUninstallKB956841$

2008-10-17 20:35:54 —-HDC—- C:\WINDOWS\$NtUninstallKB956391$

2008-10-15 15:22:46 —-HDC—- C:\WINDOWS\$NtUninstallKB956803$

2008-10-12 11:33:04 —-D—- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet

======List of files/folders modified in the last 3 months======

2009-01-08 18:47:43 —-D—- C:\Program Files\Mozilla Firefox

2009-01-08 18:42:15 —-RD—- C:\Program Files

2009-01-08 18:27:12 —-D—- C:\WINDOWS\Temp

2009-01-08 18:27:11 —-A—- C:\WINDOWS\SchedLgU.Txt

2009-01-08 18:25:20 —-D—- C:\WINDOWS\Prefetch

2009-01-08 18:24:37 —-AD—- C:\Documents and Settings\All Users\Application Data\TEMP

2009-01-08 18:24:35 —-D—- C:\WINDOWS\system32

2009-01-08 18:24:32 —-D—- C:\Program Files\DNA

2009-01-08 18:23:05 —-SHD—- C:\RECYCLER

2009-01-08 18:19:40 —-D—- C:\WINDOWS

2009-01-07 18:07:06 —-A—- C:\WINDOWS\NeroDigital.ini

2009-01-06 17:48:37 —-D—- C:\WINDOWS\system32\drivers

2009-01-06 15:13:25 —-A—- C:\WINDOWS\win.ini

2009-01-06 15:12:47 —-HD—- C:\Program Files\InstallShield Installation Information

2009-01-06 11:35:06 —-A—- C:\WINDOWS\winamp.ini

2009-01-05 11:29:32 —-D—- C:\WINDOWS\Minidump

2009-01-05 11:09:00 —-D—- C:\WINDOWS\system32\config

2009-01-04 19:33:17 —-D—- C:\WINDOWS\system32\CatRoot2

2009-01-04 19:21:49 —-SHD—- C:\WINDOWS\Installer

2009-01-04 17:30:03 —-SHD—- C:\System Volume Information

2009-01-04 17:30:03 —-D—- C:\WINDOWS\system32\Restore

2009-01-04 17:28:52 —-A—- C:\WINDOWS\IE4 Error Log.txt

2009-01-04 13:04:34 —-HD—- C:\$AVG8.VAULT$

2008-12-11 15:56:39 —-SD—- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-12-05 14:04:48 —-RSHDC—- C:\WINDOWS\system32\dllcache

2008-12-04 14:57:31 —-HD—- C:\WINDOWS\inf

2008-12-04 14:57:31 —-D—- C:\WINDOWS\Help

2008-12-03 15:52:44 —-D—- C:\WINDOWS\WinSxS

2008-11-29 12:17:57 —-A—- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-19 18:51:05 —-D—- C:\WINDOWS\system

2008-11-19 18:30:51 —-D—- C:\Program Files\Registry Mechanic

2008-11-06 15:18:39 —-D—- C:\WINDOWS\system32\CatRoot

2008-10-28 19:44:06 —-RASH—- C:\boot.ini

2008-10-26 06:57:11 —-HD—- C:\WINDOWS\$hf_mig$

2008-10-21 16:48:40 —-D—- C:\WINDOWS\Debug

2008-10-18 14:54:09 —-D—- C:\Program Files\Internet Explorer

2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuweb.dll

2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuaueng.dll

2008-10-16 14:12:22 —-A—- C:\WINDOWS\system32\wucltui.dll

2008-10-16 14:12:20 —-A—- C:\WINDOWS\system32\wuapi.dll

2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wups2.dll

2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wuauclt.exe

2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\cdm.dll

2008-10-16 14:09:40 —-A—- C:\WINDOWS\system32\wucltui.dll.mui

2008-10-16 14:08:58 —-A—- C:\WINDOWS\system32\wups.dll

2008-10-16 14:07:44 —-A—- C:\WINDOWS\system32\wuapi.dll.mui

2008-10-16 14:07:14 —-A—- C:\WINDOWS\system32\wuaueng.dll.mui

2008-10-15 23:57:55 —-A—- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-05 97928]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-05 26824]

S1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []

S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]

S2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-05 76040]

S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]

S3 PCnet;AMD PCNET Compatable Adapter Driver; C:\WINDOWS\system32\DRIVERS\pcntpci5.sys [2001-08-17 35328]

S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]

S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]

S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]

S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]

S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]

S3 SunkFilt6;Alcor Micro Corp - 6360; \??\C:\WINDOWS\System32\Drivers\sunkfilt6.sys []

S3 SunkFilt62;Alcor Micro Corp - 6362; \??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys []

S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2007-03-22 281856]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-05 875288]

S2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704]

S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]

S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-26 654848]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-27 138168]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-31 306432]

—————–EOF—————–

the info file

here is the info file

info.txt logfile of random’s system information tool 1.05 2009-01-08 18:42:31

======Uninstall list======

–>C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

–>C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

–>C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu"

–>C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

–>C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

–>C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL

–>C:\WINDOWS\UNRecode.exe /UNINSTALL

–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ACDSee 4.0–>MsiExec.exe /I{92605735-AAFB-47F7-A67D-17ED129EFF9C}

ACE-HIGH MP3 WAV WMA OGG Converter–>E:\PROGRA~1\ACE-HI~1\UNWISE.EXE E:\PROGRA~1\ACE-HI~1\INSTALL.LOG

Adobe Anchor Service CS3–>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3–>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3–>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting–>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0–>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps–>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific–>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings–>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}

Adobe Color EU Extra Settings–>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings–>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings–>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3–>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3–>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2–>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}

Adobe Flash Player ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Fonts All–>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3–>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3–>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files–>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3–>C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe

Adobe Photoshop CS3–>MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}

Adobe Reader 7.0–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Adobe Setup–>MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}

Adobe Stock Photos CS3–>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support–>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3–>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client–>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin–>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3–>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

AVG Free 8.0–>C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Belle’s Beauty Boutique–>E:\PROGRA~1\GAMEHO~1\BELLE’~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\BELLE’~1\INSTALL.LOG

BitComet 1.07–>F:\Program Files\BitComet\uninst.exe

Brain Workout–>E:\PROGRA~1\HAPPYN~1\BRAINW~1\UNWISE.EXE E:\PROGRA~1\HAPPYN~1\BRAINW~1\INSTALL.LOG

Burger Shop–>E:\PROGRA~1\GAMEHO~1\BURGER~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\BURGER~1\INSTALL.LOG

Cheat Engine 5.1.1–>"D:\Program Files\Cheat Engine\unins000.exe"

DAP Premium–>F:\Program Files\DAP Premium\Uninstal.exe

Delicious - Emily’s Tea Garden–>C:\PROGRA~1\GAMEHO~1\DELICI~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\DELICI~1\INSTALL.LOG

Disc2Phone–>MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}

Download Accelerator Plus (DAP)–>C:\PROGRA~1\DAP\DAPREMOVE.EXE

EclipseCrossword–>MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}

EPSON Printer Software–>C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

Escape From Paradise–>"E:\Program Files\Escape From Paradise\ReflexiveArcade\unins000.exe"

Feeding Frenzy 2–>E:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG

Final Fantasy VII - Ultima Edition–>"C:\Program Files\Final Fantasy VII\unins000.exe"

FLV Player–>"C:\WINDOWS\FLV Player\uninstall.exe" "/U:\Program Files\FLV Player\Uninstall\uninstall.xml"

FretPro V.2.00–>"E:\Program Files\FretPro\setup\uninst.exe"

Go Go Gourmet–>"E:\Program Files\Go Go Gourmet\ReflexiveArcade\unins000.exe"

Google Earth–>MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

Google Toolbar for Internet Explorer–>regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

High Definition Audio Driver Package - KB888111–>"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

HijackThis 2.0.2–>"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB935448)–>"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)–>"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Iggle Pop!–>E:\PROGRA~1\GAMEHO~1\IGGLEP~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\IGGLEP~1\INSTALL.LOG

iolo technologies’ System Mechanic 4–>C:\PROGRA~1\iolo\SYSTEM~1\UNWISE.EXE C:\PROGRA~1\iolo\SYSTEM~1\INSTALL.LOG

Java(TM) 6 Update 3–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java(TM) 6 Update 5–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Kamus 2.03–>D:\Program Files\Kamus2\Uninstall.exe

K-Lite Mega Codec Pack 1.59–>"E:\Program Files\K-Lite Codec Pack\unins000.exe"

LimeWire PRO 4.18.8–>"F:\Program Files\LimeWire\uninstall.exe"

Lost Cases of Sherlock Holmes Beta–>MsiExec.exe /I{49C9C56B-E9EE-4924-A363-DA4FB9F029A9}

Macromedia Extension Manager–>MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}

Macromedia Flash 8 Video Encoder–>MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}

Macromedia Flash 8–>MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}

Magic Farm–>"E:\Program Files\Magic Farm\ReflexiveArcade\unins000.exe"

Malwarebytes’ Anti-Malware–>"F:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)–>"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninst all.msp"

Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Office Professional Edition 2003–>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Rise Of Nations–>"C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove

Microsoft Visual C 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mozilla Firefox (3.0.5)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML4 Parser–>MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

Multimedia Card Reader–>C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}

Nero 7 Essentials–>MsiExec.exe /X{9F5AFBD2-AF6D-41E9-AFE8-F67AD7AF1033}

neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

PANDA-glGo–>"D:\Program Files\glGo\uninstall.exe"

PDF Settings–>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

QuickTime–>C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0×9 -removeonly

Registry Mechanic 6.0–>"C:\Program Files\Registry Mechanic\unins000.exe"

Sandlot Games Client Services 1.2.2–>"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"

Security Update for Windows Media Player (KB911564)–>"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)–>"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB936782)–>"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)–>"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)–>"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)–>"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)–>"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)–>"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)–>"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)–>"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)–>"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)–>"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)–>"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB902400)–>"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)–>"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)–>"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)–>"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)–>"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)–>"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)–>"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)–>"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)–>"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918118)–>"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Security Update for Windows XP (KB918439)–>"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)–>"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920213)–>"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)–>"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)–>"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)–>"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)–>"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)–>"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)–>"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923689)–>"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923980)–>"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924270)–>"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)–>"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924667)–>"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB925902)–>"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926255)–>"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB926436)–>"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927779)–>"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Security Update for Windows XP (KB927802)–>"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928255)–>"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Security Update for Windows XP (KB928843)–>"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Security Update for Windows XP (KB929123)–>"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Security Update for Windows XP (KB930178)–>"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931261)–>"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Security Update for Windows XP (KB931784)–>"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Security Update for Windows XP (KB932168)–>"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB933729)–>"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935839)–>"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB935840)–>"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

Security Update for Windows XP (KB936021)–>"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"

Security Update for Windows XP (KB937894)–>"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938127)–>"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)–>"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938829)–>"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941202)–>"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941568)–>"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)–>"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941644)–>"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941693)–>"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943055)–>"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943460)–>"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Security Update for Windows XP (KB943485)–>"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944338)–>"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944533)–>"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"

Security Update for Windows XP (KB944653)–>"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB945553)–>"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946026)–>"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)–>"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB947864)–>"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948590)–>"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"

Security Update for Windows XP (KB948881)–>"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950749)–>"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950759)–>"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)–>"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)–>"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)–>"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)–>"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)–>"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)–>"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)–>"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)–>"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)–>"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)–>"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)–>"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)–>"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956390)–>"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)–>"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)–>"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)–>"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)–>"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)–>"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Sony Ericsson Device Data–>MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}

Sony Ericsson Drivers–>MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}

Sony Ericsson PC Suite–>C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall

Sony Ericsson PC Suite–>MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}

SpongeBob Monopoly–>E:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U E:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG

SpyHunter–>"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u

TransTool–>C:\TRANST~1\Unwise.exe /U C:\TRANST~1\Unwise.sms

TuneUp Utilities 2008–>MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}

Uniblue RegistryBooster 2009–>"C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE

Uniblue RegistryBooster 2009–>C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe

Update for Windows XP (KB894391)–>"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)–>"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB900485)–>"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)–>"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)–>"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)–>"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Update for Windows XP (KB916595)–>"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Update for Windows XP (KB920872)–>"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Update for Windows XP (KB922582)–>"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Update for Windows XP (KB927891)–>"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Update for Windows XP (KB930916)–>"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Update for Windows XP (KB936357)–>"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"

Update for Windows XP (KB938828)–>"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)–>"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB942840)–>"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)–>"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

VIA Platform Device Manager–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA/S3G Display Driver 6.14.10.0359–>C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns

Winamp (remove only)–>"C:\Program Files\Winamp\UninstWA.exe"

Windows Installer 3.1 (KB893803)–>"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Media Format Runtime–>"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows XP Hotfix - KB873339–>C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835–>C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836–>C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB886185–>C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

Windows XP Hotfix - KB887472–>C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302–>C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859–>"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781–>C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

WinRAR archiver–>C:\Program Files\WinRAR\uninstall.exe

WinZip–>"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Yahoo! Browser Services–>C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S

Yahoo! Install Manager–>C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail–>C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

Yahoo! Messenger–>C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Search Protection–>C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE

Yahoo! Toolbar–>C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free (outdated)

System event log

Computer Name: ORGANIZA-A15595

Event Code: 4201

Message: The system detected that network adapter \DEVICE\TCPIP_{89815402-CEA2-400F-B3CD-1446E8D66084} was connected to the network,

and has initiated normal operation over the network adapter.

Record Number: 22991

Source Name: Tcpip

Time Written: 20081202143734.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 7036

Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 22990

Source Name: Service Control Manager

Time Written: 20081202143731.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 4201

Message: The system detected that network adapter \DEVICE\TCPIP_{89815402-CEA2-400F-B3CD-1446E8D66084} was connected to the network,

and has initiated normal operation over the network adapter.

Record Number: 22989

Source Name: Tcpip

Time Written: 20081202143729.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 7036

Message: The Computer Browser service entered the stopped state.

Record Number: 22988

Source Name: Service Control Manager

Time Written: 20081202143728.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 7036

Message: The Remote Access Connection Manager service entered the running state.

Record Number: 22987

Source Name: Service Control Manager

Time Written: 20081202143728.000000 420

Event Type: information

User:

Application event log

Computer Name: ORGANIZA-A15595

Event Code: 1517

Message: Windows saved user ORGANIZA-A15595\User registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1961

Source Name: Userenv

Time Written: 20080425165210.000000 420

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: ORGANIZA-A15595

Event Code: 1800

Message: The Windows Security Center Service has started.

Record Number: 1960

Source Name: SecurityCenter

Time Written: 20080425163304.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 0

Message:

Record Number: 1959

Source Name: NMIndexingService

Time Written: 20080425163304.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 1

Message:

Record Number: 1958

Source Name: AVGEMS

Time Written: 20080425163302.000000 420

Event Type: information

User:

Computer Name: ORGANIZA-A15595

Event Code: 1

Message:

Record Number: 1957

Source Name: Avg7UpdSvc

Time Written: 20080425163258.000000 420

Event Type: information

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pro gram Files\Common Files\Teleca Shared

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=0605

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"SAFEBOOT_OPTION"=NETWORK

—————–EOF—————–

Welcome to linabbs Varrel

Any idea what the following files are?

2008-11-19 14:18:57 —-A—- C:\WINDOWS\system32\bad3.exe

2008-11-19 14:18:54 —-A—- C:\WINDOWS\system32\bad2.exe

2008-11-19 14:18:47 —-A—- C:\WINDOWS\system32\bad1.exe

If not, please upload them to my submission channel for analysis. Leave a link back to this topic.

Thank you, Dave
Well,, I don’t know what those are. I think those are files created by my own country cracker.
You know what, I tried opening antivirus sites this afternoon and it worked ! It’s weird. I didn’t delete those files. But last night, I did the kaspersky online scanner. I just did the update, I hadn’t scan my computer because I fell asleep after that. Do you have any idea about this??
I will upload those files to you.

Last edited by Varrel; 2 Days Ago at 13:36.

another information

wow, wow, wow, after I sent my last email I went out. Now I’m trying to open antivirus sites and it fails. It’s really confusing.

I forgot to tell you, after I turn on my PC and run the firefox, my firefox always wants to download spyhunter scanner installer even I always cancel it.

Also, sometimes a box appeared and said svchost.exe error (I don’t remember the exact sentence).

I really appreciate your help, Dave

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix

Download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows
Double click ComboFix.exe and follow the prompts.
It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

log from combofix

This is the log from combofix. I couldn’t install the recovery console.

ComboFix 09-01-09.02 - User 2009-01-10 10:43:57.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.468 [GMT 7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\IE4 Error Log.txt

c:\windows\system\msvbvm60.dll

((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))

2009-01-09 23:59 . 2009-01-09 23:59 <DIR> d——– c:\documents and settings\Administrator\Application Data\Ahead

2009-01-09 20:18 . 2009-01-09 20:18 <DIR> d——– c:\program files\Avira

2009-01-09 20:18 . 2009-01-09 20:18 <DIR> d——– c:\documents and settings\All Users\Application Data\Avira

2009-01-08 18:42 . 2009-01-08 18:56 <DIR> d——– C:\rsit

2009-01-08 18:42 . 2009-01-08 18:50 <DIR> d——– c:\program files\trend micro

2009-01-08 17:19 . 2009-01-08 17:19 <DIR> d——– c:\documents and settings\Administrator\Application Data\Uniblue

2009-01-08 17:13 . 2009-01-08 17:13 <DIR> d——– c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-01-05 18:53 . 2009-01-09 20:25 <DIR> d——– c:\program files\Enigma Software Group

2009-01-05 12:06 . 2009-01-05 12:06 <DIR> d——– c:\documents and settings\User\Application Data\Malwarebytes

2009-01-05 12:06 . 2009-01-05 12:06 <DIR> d——– c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-05 12:06 . 2009-01-04 18:38 38,496 –a—— c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-05 12:06 . 2009-01-04 18:38 15,504 –a—— c:\windows\system32\drivers\mbam.sys

2009-01-04 19:33 . 2009-01-08 18:18 <DIR> d——– c:\documents and settings\All Users\Application Data\SecTaskMan

2009-01-04 19:22 . 2009-01-04 19:22 <DIR> d——– c:\documents and settings\User\Application Data\Uniblue

2009-01-04 19:14 . 2009-01-04 19:21 <DIR> d–h-c— c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-01-03 15:18 . 2009-01-03 15:18 <DIR> d——– c:\documents and settings\All Users\Application Data\GameHouse

2009-01-03 12:57 . 2009-01-03 12:57 <DIR> d——– c:\program files\GameHouse

2009-01-03 12:36 . 2009-01-03 12:36 <DIR> d——– c:\program files\RealArcade

2008-12-23 19:27 . 2009-01-03 13:29 <DIR> d——– C:\Downloads

2008-12-11 15:56 . 2008-12-11 15:57 <DIR> d——– c:\windows\system32\NtmsData

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-01-10 03:42 ——— d—–w c:\documents and settings\User\Application Data\DNA

2009-01-10 03:22 ——— d—a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-10 03:22 ——— d—–w c:\program files\DNA

2009-01-09 13:24 ——— d—–w c:\documents and settings\All Users\Application Data\avg8

2009-01-06 08:12 ——— d–h–w c:\program files\InstallShield Installation Information

2009-01-03 05:59 ——— d—–w c:\documents and settings\User\Application Data\GameHouse

2008-12-29 13:53 ——— d—–w c:\documents and settings\User\Application Data\BitTorrent

2008-12-15 14:40 ——— d—–w c:\documents and settings\User\Application Data\LimeWire

2008-12-03 08:54 ——— d—–w c:\documents and settings\User\Application Data\Microsoft Games

2008-12-03 08:50 ——— d—–w c:\program files\Microsoft Games

2008-10-16 07:13 202,776 —-a-w c:\windows\system32\wuweb.dll

2008-10-16 07:13 1,809,944 —-a-w c:\windows\system32\wuaueng.dll

2008-10-16 07:12 561,688 —-a-w c:\windows\system32\wuapi.dll

2008-10-16 07:12 323,608 —-a-w c:\windows\system32\wucltui.dll

2008-10-16 07:09 92,696 —-a-w c:\windows\system32\cdm.dll

2008-10-16 07:09 51,224 —-a-w c:\windows\system32\wuauclt.exe

2008-10-16 07:09 43,544 —-a-w c:\windows\system32\wups2.dll

2008-10-16 07:08 34,328 —-a-w c:\windows\system32\wups.dll

2008-02-27 07:44 8,036,888 —-a-w c:\program files\dap86.exe

2007-04-16 15:52 164,746 –sha-r c:\windows\system32\iqvnyv.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2008-02-27 32768]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]

[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]

"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-10-05 3061248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-06 98304]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 99840]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 139264]

"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"VTTimer"="VTTimer.exe" [2006-09-21 c:\windows\system32\VTTimer.exe]

"VTTrayp"="VTtrayp.exe" [2007-02-06 c:\windows\system32\VTTrayp.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2007-05-28 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-01-06 106560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]

"RestrictRun"= 0 (0×0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=

"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=

"f:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"f:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=

"f:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]

"27169:TCP"= 27169:TCP:BitComet 27169 TCP

"27169:UDP"= 27169:UDP:BitComet 27169 UDP

"3506:TCP"= 3506:TCP:wptcws

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2007-03-26 16896]

R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2007-03-26 52224]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-01-06 13696]

S3 SunkFilt6;Alcor Micro Corp - 6360;\??\c:\windows\System32\Drivers\sunkfilt6.sys –> c:\windows\System32\Drivers\sunkfilt6.sys [?]

S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [2004-07-23 46536]

S4 hegno;Time Boot;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]

— Other Services/Drivers In Memory —

*NewlyCreated* - SSMDRV

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

hegno

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{2472e4d6-2e50-11dd-9913-0060b0ec5ec5}]

\Shell\AutoRun\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

\Shell\open\command - RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ac858196-dec6-11dc-9847-0060b0ec5ec5}]

\Shell\Auto\Command - Thumbs.com

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{f7885c44-6f74-11dd-998b-00e04d54de05}]

\Shell\AutoRun\command - wscript.exe .\.vbs

\Shell\open\command - wscript.exe .\.vbs

Contents of the ‘Scheduled Tasks’ folder

2009-01-02 c:\windows\Tasks\1-Click Maintenance.job

- e:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

——- Supplementary Scan ——-

uStart Page =

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &D&ownload &with BitComet - f:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - f:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - f:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {89815402-CEA2-400F-B3CD-1446E8D66084} = 202.134.1.10,202.134.0.155

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll

FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\96s7npv9.default\extensions\piclens@cooliris. com\components\coolirisstub.dll

FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: e:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-10 10:45:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hegno]

"ServiceDll"="c:\windows\system32\iqvnyv.dll"

Completion time: 2009-01-10 10:47:14

ComboFix-quarantined-files.txt 2009-01-10 03:47:10

Pre-Run: 5.842.141.184 bytes free

Post-Run: 5,976,346,624 bytes free

186 — E O F — 2008-10-25 23:57:24

Please download Flash_Disinfector by sUBs and save it to your desktop:

NOTE: In the event you already have Flash_Disinfector, this is a new version that I need you to download.

Plug in your USB flash drive.
Double-click Flash_Disinfector.exe to run it.
Follow any prompts that may appear.
Your desktop will vanish for a while, and then reappear. This is normal.
Wait until the program has finished scanning, then please exit the program. If you use more than 1 flash drive, run the tool with each plugged in.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt

Save As Type: All Files (*.*)

Code:

http://www.linabbs.com/malware-virus-removal/80289-active-cant-open-antivirus-site-update-antivirus.html#post437178

Collect::

c:\windows\system32\iqvnyv.dll

Driver::

hegno

NetSvc::

hegno

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2472e4d6-2e50-11dd-9913-0060b0ec5ec5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac858196-dec6-11dc-9847-0060b0ec5ec5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7885c44-6f74-11dd-998b-00e04d54de05}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it’s done. A log will open when it’s complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

Let me know if the behavior with FireFox persists.

the log from combofix

here is the log

ComboFix 09-01-10.03 - User 2009-01-11 17:57:16.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.440 [GMT 7:00]

Running from: c:\documents and settings\User\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\iqvnyv.dll

—- Previous Run ——-

c:\windows\system32\mfcans32.DLL

c:\windows\system32\mfcuia32.dll

c:\windows\system32\msrdo20.dll

c:\windows\system32\rdocurs.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

——-\Legacy_HEGNO

——-\Service_hegno

((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))