Tech Support Forum - View Single Post - Warning! Spyware detected. Help with logs.

EdithTx · 08-31-2008, 10:57 AM

I found this warning on my computer this morning. I read the other posts and have done the Combo Fix and Hijack this logs. This is the first time I have ever done either one of these, so pls help. I don't see the warning anymore but don't know if there is something in the logs that needs to be fixed. Thanks.

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
AC-3 ACM Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apex Medina v4 Appraiser --> C:\PROGRA~1\APEXSO~1\APEXME~1\UNWISE.EXE C:\PROGRA~1\APEXSO~1\APEXME~1\INSTALL.LOG
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVI ReComp 1.4.0 --> C:\Program Files\AVI ReComp\Uninstall.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belarc Advisor 6.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BookWorm Deluxe 1.0 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log
BrainsBreaker 4.9(105) --> "c:\Program Files\BrainsBreaker\unins000.exe"
Bug Doctor 3.0.3.8 --> "C:\Program Files\Bug Doctor\unins000.exe"
CarMD --> MsiExec.exe /X{A628FE9D-F6FA-4DB5-8817-A3617CD11A74}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ClickArt 200,000 Image Pak --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu
CodecPatch --> C:\Program Files\InstallShield Installation Information\{F85E6302-700C-4120-B0B0-BA95392001AE}\setup.exe -runfromtemp -l0x0009 -removeonly
Combo Digital Film Reader USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A934E20F-7F0F-460A-995B-73514AC0EFF5}\Setup.exe"
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
CoolTick Stock Ticker 8.6 --> C:\Program Files\CoolTick8\Uninstal.exe
CoolTick Stock Ticker 8.62 --> C:\Program Files\CoolTick8\Uninstal.exe
CreataCard Gold 3 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CreataCard\Gold\DeIsL1.isu"
Dancing Stars --> C:\WINDOWS\DWUninst.exe "Dancing Stars"
DataPilot --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC} /l1033
DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Driver Genius Professional Edition 2007 --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
Dziobas Rar Player 0.007PL --> "C:\Program Files\Dziobas Rar Player\unins000.exe"
easterbasketwppp --> MsiExec.exe /X{F4C1E91C-A5A7-4699-9E9D-4A9290544EE5}
Easy DVD/CD Burner --> C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG
eCleaner 2.02 --> C:\PROGRA~1\eCleaner\UNWISE.EXE C:\PROGRA~1\eCleaner\INSTALL.LOG
ePrompter --> C:\Program Files\ePrompter\Uninstall.exe
Eye of the Storm 3000 --> "C:\Program Files\Eye of the Storm\unins000.exe"
ffdshow [rev 1821] [2008-01-27] --> "C:\WINDOWS\system32\unins000.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo and Imaging 1.0 - HP Photosmart Printer Series --> MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7}
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IncrediMail JunkFilter Plus --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Infinite Jigsaw Puzzle --> "C:\Program Files\Infinite Jigsaw Puzzle\Uninstall\uninstall.exe" "/U:C:\Program Files\Infinite Jigsaw Puzzle\Uninstall\uninstall.xml"
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jigsaw Puzzle Platinum Edition --> C:\PROGRA~1\JIGSAW~1\UNWISE.EXE C:\PROGRA~1\JIGSAW~1\INSTALL.LOG
Jigsaw365 --> "C:\Program Files\Jigsaw365\ReflexiveArcade\unins000.exe"
Jigsaws Galore --> "C:\Program Files\Jigsaws\unins000.exe"
K-Lite Codec Pack 3.7.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic Match --> "C:\Program Files\Oberon Media\Magic Match\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Match\install.log"
MAPSCO --> C:\WINDOWS\UNWISE.EXE /Z /U C:\PROGRA~1\MAPSCO\SoftMap5.log
Masque Slots --> C:\Masque\Slots\UNWISE.EXE C:\Masque\Slots\INSTALL.LOG
Metafile Companion 1.10 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Companion Software\Metafile Companion\DeIsL1.isu"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 --> MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Money Investment Toolbox --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSXML 4.0 --> MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}
MSXML 4.0 --> MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NETGEAR SC101 Storage Central Manager software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88C5ADCE-C110-45DB-960B-43F21087CBF2}\setup.exe" -l0x9 -removeonly
NETGEAR Storage Central Manager Utility --> "C:\Program Files\InstallShield Installation Information\{A3672E1B-021F-4F50-A891-609471CCF941}\setup.exe" -runfromtemp -l0x0009 -removeonly
Photosmart 130,230,7150,7345,7350,7550 (Remove only) --> C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses\unins000.exe"
Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Audubon Birds of America\unins000.exe"
Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Celebration of America\unins000.exe"
Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Enchanted Forest\unins000.exe"
Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Patterns in Nature\unins000.exe"
Playtonium Jigsaw 1.23 --> "C:\Program Files\Playtonium Jigsaw Angels\unins000.exe"
Playtonium Jigsaw 1.23 --> "C:\Program Files\Playtonium Jigsaw Animals of Africa\unins000.exe"
Prevx CSI --> "C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y
Prevx1 --> "C:\Documents and Settings\All Users\Application Data\Prevx\PXSetup.exe" ACTION=UNINSTALL -V -REBOOT -APP
Quick StartUp 2.1 --> "C:\Program Files\Quick StartUp\unins000.exe"
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reel Deal Downloads --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{498CD7BE-62EA-4010-AE15-63C2E0BD0BDB}\setup.exe" -l0x9 -removeonly
Rocky Mountain Trophy Hunter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter\Uninst.isu"
Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
S3GSetup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B43252C-A1E3-4C47-927C-9F2C276D3515} /l1033
Security Update for 2007 Microsoft Office System (KB951596) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}
Security Update for Microsoft Office Excel 2007 (KB951546) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}
Security Update for Microsoft Office PowerPoint 2007 (KB951338) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB953838) --> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Shape Solitaire --> "C:\Program Files\Dekovir.com\Shape Solitaire\uninstall.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG
Skip98 --> C:\Program Files\Stratoware\StratoUNIP\UNIP.exe UNINSTALL Skip98_1.3
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SubDownloader --> "C:\Program Files\Subdownloader\uninstall.exe"
Super Jigsaw Anne Geddes "Down in the Garden" --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-GED~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\GeddesGarden-INSTALL.LOG
Super Jigsaw Butterflies --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-BUT~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Butterflies-INSTALL.LOG
Super Jigsaw Flowers --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-FLO~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Flowers-INSTALL.LOG
Super Jigsaw GreatArt --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-GRE~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\GreatArt-INSTALL.LOG
Super Jigsaw Landscapes --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-LAN~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Landscapes-INSTALL.LOG
Super Jigsaw Lighthouses --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-LIG~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Lighthouses-INSTALL.LOG
Super Jigsaw Medley --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-MED~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\MEDLEY~1.LOG
Super Jigsaw Medley 2 --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-MED~2.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Medley2-INSTALL.LOG
Super Jigsaw Pets --> C:\PROGRA~1\GAMEHO~1\Jigsaw\un-Pets.exe /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Pets-INSTALL.LOG
Super Jigsaw Starter --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-STA~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Starter-INSTALL.LOG
Super Jigsaw USA Starter --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-USA~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\USAStarter-INSTALL.LOG
Super Jigsaw Wyland --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-WYL~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Wyland-INSTALL.LOG
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TextTwist --> MsiExec.exe /I{2953114C-C857-431B-A8DA-1756C39ACEC2}
Top Ten Solitaire --> C:\WINDOWS\iun6002.exe "C:\Program Files\Top Ten Solitaire\irunin.ini"
UltraISO Premium V9.3 --> "C:\Program Files\UltraISO\unins000.exe"
Undelete Plus 2.71 --> "C:\Program Files\FDRLab\Undelete Plus\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb955433) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86}
Update for Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48963B63-7A10-49D6-8B08-61E6132453D0}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Genuine Advantage Notifications (KB905474) -->
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe
Word Jong To Go --> MsiExec.exe /I{FEC3D4D5-AC0E-4D78-81B0-C666E41E81BB}
WordPerfect Office X3 --> "C:\Program Files\WordPerfect Office X3\Cabs\MSILauncher.exe" "{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}"
WordPerfect Office X3 --> MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe"

ComboFix 08-08-30.03 - Edith 2008-08-31 11:28:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.551 [GMT -5:00]
Running from: C:\Documents and Settings\Edith\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Edith\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\bin.clearspring.com
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\interclick.com
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\interclick.com\ud.sol
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Edith\Application Data\rhcp0ej0ep9a
C:\Program Files\rhcp0ej0ep9a
C:\WINDOWS\BM97bfafac.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\ibhcuipq.dll
C:\WINDOWS\system32\lphct0ej0ep9a.exe
C:\WINDOWS\system32\MSDcLkkj.ini
C:\WINDOWS\system32\MSDcLkkj.ini2
C:\WINDOWS\system32\phct0ej0ep9a.bmp
C:\WINDOWS\system32\pnwoickv.dll
C:\WINDOWS\system32\qpiuchbi.ini
C:\WINDOWS\system32\whwqtrlf.dll
C:\WINDOWS\system32\wybhee.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2040-09-18 00:01 . 2040-09-18 00:01 3,120 --a------ C:\WINDOWS\.lfa
2008-08-30 23:03 . 2008-08-30 23:03 0 --a------ C:\WINDOWS\BM97bfafac.xml
2008-08-26 17:20 . 2008-08-26 17:21 <DIR> d-------- C:\Program Files\Eye of the Storm
2008-08-26 10:25 . 2008-08-26 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-08-26 10:23 . 2008-08-26 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-08-26 00:15 . 2008-08-26 00:16 <DIR> d-------- C:\Program Files\YARD SALE
2008-08-25 23:27 . 2008-08-26 00:15 <DIR> d-------- C:\Program Files\RegistryPatrol3(2).0
2008-08-24 00:44 . 2008-08-24 00:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-08-17 22:29 . 2008-08-17 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Slapdash Games
2008-08-17 13:33 . 2008-08-17 13:33 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Runes of Avalon
2008-08-16 17:56 . 2008-08-18 15:35 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Hoyle Puzzle and Board Games
2008-08-16 17:56 . 2008-08-16 17:56 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Hoyle FaceCreator
2008-08-14 16:43 . 2007-08-14 21:29 345,984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys
2008-08-14 16:43 . 2007-08-08 19:55 163,927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2008-08-14 16:43 . 2007-08-08 19:57 15,488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys
2008-08-14 16:43 . 2007-08-08 19:57 12,800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys
2008-08-14 16:43 . 2007-08-08 19:57 5,120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys
2008-08-14 02:57 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 02:56 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 14:57 . 2008-08-13 14:57 <DIR> d-------- C:\WINNT
2008-08-13 14:54 . 2008-08-13 14:54 <DIR> d-------- C:\Program Files\Susteen
2008-08-10 19:16 . 2008-08-10 19:57 <DIR> d-------- C:\Program Files\Alawar
2008-08-09 23:07 . 2008-08-09 23:07 <DIR> d-------- C:\Program Files\PrevxCSI
2008-08-09 23:07 . 2008-08-09 23:10 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-08-09 20:29 . 2008-08-09 20:29 <DIR> d-------- C:\Program Files\Little Shop Road Trip
2008-08-08 22:53 . 2008-08-08 22:53 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2008-08-06 23:00 . 2008-08-22 15:34 <DIR> d-------- C:\Program Files\Subdownloader
2008-08-05 17:33 . 2008-08-05 17:33 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\EleFun Games
2008-08-04 19:45 . 2008-08-04 19:45 36 --a------ C:\WINDOWS\Tiny_Run.ini
2008-08-04 19:24 . 2008-08-04 19:24 <DIR> d-------- C:\Program Files\UltraISO
2008-08-04 19:24 . 2008-08-04 19:24 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-08-04 12:18 . 2008-08-04 12:18 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\WeatherWatcher
2008-08-04 12:17 . 2008-08-04 12:18 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\WeatherWatcherLive
2008-08-04 12:17 . 2004-05-27 02:32 102,400 --a------ C:\WINDOWS\system32\unzip32.dll
2008-08-02 10:46 . 2008-08-02 10:46 1,071 --a------ C:\WINDOWS\AWMODEM.INF
2008-07-31 11:18 . 2008-07-31 11:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-30 20:42 . 2008-08-26 00:02 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-30 20:11 . 2008-07-30 20:29 <DIR> d-------- C:\Program Files\FileSubmit
2008-07-30 20:05 . 2008-07-30 20:05 106,544 --a------ C:\WINDOWS\system32\TWEAKUI.CPL
2008-07-28 18:23 . 2008-07-28 18:23 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-28 18:23 . 2008-07-28 20:59 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-28 18:22 . 2008-03-07 12:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-28 18:22 . 2008-03-07 12:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-28 18:22 . 2008-03-07 12:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-27 19:05 . 2008-07-27 19:05 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Gold Casual Games
2008-07-27 19:05 . 2008-07-27 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-07-27 18:55 . 2008-08-24 22:17 <DIR> d-------- C:\Program Files\LeeGTs Games
2008-07-25 10:40 . 2008-08-19 20:36 <DIR> d-------- C:\Program Files\Bug Doctor
2008-07-24 08:29 . 2004-08-04 07:00 30,720 --a------ C:\WINDOWS\system32\iologmsg.dll
2008-07-24 08:29 . 2004-08-04 07:00 30,720 --a--c--- C:\WINDOWS\system32\dllcache\iologmsg.dll
2008-07-23 21:50 . 2008-07-23 21:50 <DIR> d--hs---- C:\INCINERATE
2008-07-21 16:02 . 2008-07-21 16:02 <DIR> d-------- C:\Program Files\Quick StartUp
2008-07-20 22:35 . 2008-07-20 22:35 <DIR> d-------- C:\Program Files\Siber Systems
2008-07-20 18:37 . 2008-08-26 00:16 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-19 17:35 . 2008-07-19 23:55 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-19 17:35 . 2008-08-31 00:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-19 11:04 . 2008-07-19 11:04 <DIR> d-------- C:\Program Files\eCleaner
2008-07-19 09:08 . 2008-06-23 11:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-19 09:08 . 2008-06-23 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-19 09:08 . 2008-06-23 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-19 09:08 . 2008-06-23 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-19 09:08 . 2008-06-23 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-19 09:08 . 2008-06-23 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-19 09:08 . 2008-06-23 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-18 22:51 . 2008-08-27 03:42 <DIR> d-------- C:\Program Files\ePrompter
2008-07-18 05:14 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-17 19:48 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-07-17 19:48 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-07-17 19:45 . 2008-04-14 05:41 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2008-07-17 19:45 . 2008-04-14 05:41 400,384 --a--c--- C:\WINDOWS\system32\dllcache\fxsxp32.dll
2008-07-17 19:45 . 2008-04-14 05:41 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2008-07-17 19:45 . 2008-04-14 05:41 285,184 --a--c--- C:\WINDOWS\system32\dllcache\fxscomex.dll
2008-07-17 19:45 . 2008-04-14 05:42 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2008-07-17 19:45 . 2008-04-14 05:42 267,776 --a--c--- C:\WINDOWS\system32\dllcache\fxssvc.exe
2008-07-17 19:45 . 2008-04-14 05:41 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll
2008-07-17 19:45 . 2008-04-14 05:41 23,552 --a--c--- C:\WINDOWS\system32\dllcache\fxsmon.dll
2008-07-17 19:43 . 2008-04-14 05:41 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll
2008-07-17 19:42 . 2008-07-17 19:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-17 19:42 . 2008-04-14 05:42 142,848 --a------ C:\WINDOWS\system32\fxsclnt.exe
2008-07-17 19:42 . 2008-04-14 05:42 142,848 --a--c--- C:\WINDOWS\system32\dllcache\fxsclnt.exe
2008-07-17 14:49 . 2008-07-18 07:24 <DIR> d-------- C:\Program Files\a-squared Free
2008-07-17 14:39 . 2008-07-17 14:39 <DIR> d-------- C:\Program Files\CCleaner
2008-07-17 14:37 . 2008-07-31 11:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-17 14:37 . 2008-07-31 11:18 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\SUPERAntiSpyware.com
2008-07-17 14:37 . 2008-07-17 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-17 13:42 . 2008-07-17 13:42 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-17 13:20 . 2008-07-16 15:43 211 --a------ C:\boot.ini.orig
2008-07-16 08:38 . 2008-07-16 08:54 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Simply Super Software
2008-07-16 08:38 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-16 08:38 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-16 08:38 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-16 08:38 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-16 08:38 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-07-14 16:52 . 2008-08-31 11:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-14 14:38 . 2008-07-14 14:38 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\MSNInstaller
2008-07-14 13:01 . 2008-08-31 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-14 12:56 . 2008-07-14 12:59 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Prevx
2008-07-14 12:55 . 2008-07-14 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-07-14 12:55 . 2006-11-23 17:04 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2008-07-14 12:55 . 2006-11-23 17:04 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2008-07-07 15:26 . 2008-07-07 15:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 16:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-30 03:43 --------- d-----w C:\Program Files\Playtonium Jigsaw Angels
2008-08-28 02:06 2,828 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-27 01:01 --------- d-----w C:\Program Files\Common Files\SoftMap Shared 5
2008-08-26 15:23 --------- d-----w C:\Program Files\IncrediMail
2008-08-25 12:42 --------- d-----w C:\Documents and Settings\Edith\Application Data\Vso
2008-08-24 05:44 --------- d-----w C:\Program Files\Common Files\Real
2008-08-24 05:43 --------- d-----w C:\Program Files\Real
2008-08-24 04:19 --------- d-----w C:\Program Files\Jigsaw365
2008-08-24 03:43 --------- d-----w C:\Program Files\Jigsaws
2008-08-23 15:07 --------- d-----w C:\Documents and Settings\Edith\Application Data\dvdcss
2008-08-20 02:24 --------- d-----w C:\Program Files\GameHouse
2008-08-19 13:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-16 03:58 --------- d-----w C:\Documents and Settings\Edith\Application Data\SolSuite
2008-08-14 21:43 --------- d-----w C:\Program Files\NETGEAR
2008-08-14 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 02:15 --------- d-----w C:\Documents and Settings\Edith\Application Data\Tibo Software
2008-08-06 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tibo Software
2008-07-30 23:08 --------- d-----w C:\Program Files\Jigsaw Puzzle Platinum Edition
2008-07-24 02:50 --------- d-----w C:\Program Files\iolo
2008-07-18 20:42 --------- d-----w C:\Documents and Settings\Edith\Application Data\COREL
2008-07-17 23:39 --------- d-----w C:\Program Files\Java
2008-07-17 23:14 --------- d-----w C:\Program Files\PC Doc Pro
2008-07-17 20:36 --------- d-----w C:\Program Files\Google
2008-07-17 19:10 --------- d-----w C:\Program Files\titles
2008-07-16 19:31 --------- d-----w C:\Program Files\Lavasoft
2008-07-16 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-08 22:51 --------- d-----w C:\Program Files\Playtonium Jigsaw Animals of Africa
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 19:55 --------- d-----w C:\Program Files\AIM6
2008-06-30 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-25 21:16 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-02 06:19 60 ----a-w C:\Program Files\config.txt
2008-03-20 16:37 47,360 ----a-w C:\Documents and Settings\Edith\Application Data\pcouffin.sys
2007-06-23 00:09 23 ----a-w C:\Program Files\Thanks.txt
2007-06-21 03:19 19,329,832 ----a-w C:\Program Files\game.pak
2007-06-21 03:19 138 ----a-w C:\Program Files\readme.txt
2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
2007-07-18 23:37 88 --sh--r C:\WINDOWS\system32\5D18D964CA.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreataCard"="C:\Program Files\CreataCard\Gold\FMRemind.exe" [1998-08-31 03:00 189952]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 12:51 50528]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-31 11:20 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 23:21 83568]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 07:47 49152]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 14:06 339968]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 07:46 188416]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-24 00:43 185896]
"VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\NETGEAR\\SC101 Manager Utility\\Client\\SCM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Susteen\\DataPilot\\DpLauncher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"56196:TCP"= 56196:TCP:*:Disabled:Pando P2P TCP Listening Port
"56196:UDP"= 56196:UDP:*:Disabled:Pando P2P UDP Listening Port
"56799:TCP"= 56799:TCP:*:Disabled:Pando P2P TCP Listening Port
"56799:UDP"= 56799:UDP:*:Disabled:Pando P2P UDP Listening Port
"20001:UDP"= 20001:UDP:MicroSAN
"80:TCP"= 80:TCP:Web

R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-09 23:10]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49]
R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys [2007-08-08 19:57]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 09:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 09:37]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-08-09 23:10]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36]
R2 SAUSBHW;%SAUSBHW.SvcDesc%;C:\WINDOWS\system32\Drivers\sausb.sys [2001-07-13 14:58]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys [2007-08-14 21:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 19:54]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 06:36]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28]
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2007-08-08 19:57]
R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2007-08-08 19:57]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,260
.
Contents of the 'Scheduled Tasks' folder

2008-08-30 C:\WINDOWS\Tasks\BugDoctorEdith.job
- C:\Program Files\Bug Doctor\BugDoctor.exe [2005-12-15 13:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Weather - C:\Program Files\AWS\WeatherBug\Weather.exe
HKLM-Run-lphct0ej0ep9a - C:\WINDOWS\system32\lphct0ej0ep9a.exe
HKLM-Run-SMrhcp0ej0ep9a - C:\Program Files\rhcp0ej0ep9a\rhcp0ej0ep9a.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Edith\Application Data\Mozilla\Firefox\Profiles\k3odfsgj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.mysanantonio.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 11:33:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\WINDOWS\system32\hphipm11.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
.
**************************************************************************
.
Completion time: 2008-08-31 11:38:46 - machine was rebooted [Edith]
ComboFix-quarantined-files.txt 2008-08-31 16:38:39

Pre-Run: 59,120,545,792 bytes free
Post-Run: 58,973,761,536 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

322 --- E O F --- 2008-08-19 13

56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:00 AM, on 8/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CreataCard\Gold\FMRemind.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysanantonio.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CreataCard] C:\Program Files\CreataCard\Gold\FMRemind.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182387398187
O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/freeplay/FlashAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 8061 bytes

Hope I did this right.

08-31-2008, 10:57 AM	#1 (permalink)
EdithTx Registered User Join Date: Sep 2006 Posts: 4 OS: WinXP	Warning! Spyware detected. Help with logs. I found this warning on my computer this morning. I read the other posts and have done the Combo Fix and Hijack this logs. This is the first time I have ever done either one of these, so pls help. I don't see the warning anymore but don't know if there is something in the logs that needs to be fixed. Thanks. 2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} AC-3 ACM Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe" AIM 6 --> C:\Program Files\AIM6\uninst.exe AnswerWorks Runtime --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu" Apex Medina v4 Appraiser --> C:\PROGRA~1\APEXSO~1\APEXME~1\UNWISE.EXE C:\PROGRA~1\APEXSO~1\APEXME~1\INSTALL.LOG avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup AVI ReComp 1.4.0 --> C:\Program Files\AVI ReComp\Uninstall.exe AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe" Belarc Advisor 6.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe BookWorm Deluxe 1.0 --> C:\Program Files\PopCap Games\BookWorm Deluxe\PopUninstall.exe C:\Program Files\PopCap Games\BookWorm Deluxe\Install.log BrainsBreaker 4.9(105) --> "c:\Program Files\BrainsBreaker\unins000.exe" Bug Doctor 3.0.3.8 --> "C:\Program Files\Bug Doctor\unins000.exe" CarMD --> MsiExec.exe /X{A628FE9D-F6FA-4DB5-8817-A3617CD11A74} CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe ClickArt 200,000 Image Pak --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu CodecPatch --> C:\Program Files\InstallShield Installation Information\{F85E6302-700C-4120-B0B0-BA95392001AE}\setup.exe -runfromtemp -l0x0009 -removeonly Combo Digital Film Reader USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A934E20F-7F0F-460A-995B-73514AC0EFF5}\Setup.exe" ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" CoolTick Stock Ticker 8.6 --> C:\Program Files\CoolTick8\Uninstal.exe CoolTick Stock Ticker 8.62 --> C:\Program Files\CoolTick8\Uninstal.exe CreataCard Gold 3 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CreataCard\Gold\DeIsL1.isu" Dancing Stars --> C:\WINDOWS\DWUninst.exe "Dancing Stars" DataPilot --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC} /l1033 DirectXInstallService --> MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75} Driver Genius Professional Edition 2007 --> "C:\Program Files\Driver-Soft\DriverGenius\unins000.exe" Dziobas Rar Player 0.007PL --> "C:\Program Files\Dziobas Rar Player\unins000.exe" easterbasketwppp --> MsiExec.exe /X{F4C1E91C-A5A7-4699-9E9D-4A9290544EE5} Easy DVD/CD Burner --> C:\PROGRA~1\EASYDV~1\UNWISE.EXE C:\PROGRA~1\EASYDV~1\INSTALL.LOG eCleaner 2.02 --> C:\PROGRA~1\eCleaner\UNWISE.EXE C:\PROGRA~1\eCleaner\INSTALL.LOG ePrompter --> C:\Program Files\ePrompter\Uninstall.exe Eye of the Storm 3000 --> "C:\Program Files\Eye of the Storm\unins000.exe" ffdshow [rev 1821] [2008-01-27] --> "C:\WINDOWS\system32\unins000.exe" Hotfix for Microsoft .NET Framework 3.0 (KB932471) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287) --> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Photo and Imaging 1.0 - HP Photosmart Printer Series --> MsiExec.exe /I{0D396571-7BBD-44CE-ABB3-518BF86B72F7} IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} IncrediMail JunkFilter Plus --> C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log Infinite Jigsaw Puzzle --> "C:\Program Files\Infinite Jigsaw Puzzle\Uninstall\uninstall.exe" "/U:C:\Program Files\Infinite Jigsaw Puzzle\Uninstall\uninstall.xml" Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jigsaw Puzzle Platinum Edition --> C:\PROGRA~1\JIGSAW~1\UNWISE.EXE C:\PROGRA~1\JIGSAW~1\INSTALL.LOG Jigsaw365 --> "C:\Program Files\Jigsaw365\ReflexiveArcade\unins000.exe" Jigsaws Galore --> "C:\Program Files\Jigsaws\unins000.exe" K-Lite Codec Pack 3.7.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" Magic Match --> "C:\Program Files\Oberon Media\Magic Match\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Match\install.log" MAPSCO --> C:\WINDOWS\UNWISE.EXE /Z /U C:\PROGRA~1\MAPSCO\SoftMap5.log Masque Slots --> C:\Masque\Slots\UNWISE.EXE C:\Masque\Slots\INSTALL.LOG Metafile Companion 1.10 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Companion Software\Metafile Companion\DeIsL1.isu" Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 --> MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9} Microsoft Outlook Personal Folders Backup --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5} Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Money Investment Toolbox --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5 MSXML 4.0 --> MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600} MSXML 4.0 --> MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC} MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} NETGEAR SC101 Storage Central Manager software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88C5ADCE-C110-45DB-960B-43F21087CBF2}\setup.exe" -l0x9 -removeonly NETGEAR Storage Central Manager Utility --> "C:\Program Files\InstallShield Installation Information\{A3672E1B-021F-4F50-A891-609471CCF941}\setup.exe" -runfromtemp -l0x0009 -removeonly Photosmart 130,230,7150,7345,7350,7550 (Remove only) --> C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses\unins000.exe" Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Audubon Birds of America\unins000.exe" Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Celebration of America\unins000.exe" Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Enchanted Forest\unins000.exe" Playtonium Jigsaw 1.21 --> "C:\Program Files\Playtonium Jigsaw Patterns in Nature\unins000.exe" Playtonium Jigsaw 1.23 --> "C:\Program Files\Playtonium Jigsaw Angels\unins000.exe" Playtonium Jigsaw 1.23 --> "C:\Program Files\Playtonium Jigsaw Animals of Africa\unins000.exe" Prevx CSI --> "C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y Prevx1 --> "C:\Documents and Settings\All Users\Application Data\Prevx\PXSetup.exe" ACTION=UNINSTALL -V -REBOOT -APP Quick StartUp 2.1 --> "C:\Program Files\Quick StartUp\unins000.exe" Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA} RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Reel Deal Downloads --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{498CD7BE-62EA-4010-AE15-63C2E0BD0BDB}\setup.exe" -l0x9 -removeonly Rocky Mountain Trophy Hunter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rocky Mountain Trophy Hunter\Uninst.isu" Roxio Activation Module --> MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810} S3GSetup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B43252C-A1E3-4C47-927C-9F2C276D3515} /l1033 Security Update for 2007 Microsoft Office System (KB951596) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E} Security Update for Microsoft Office Excel 2007 (KB951546) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26} Security Update for Microsoft Office PowerPoint 2007 (KB951338) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Security Update for Windows Internet Explorer 7 (KB953838) --> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows XP (KB946648) --> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974) --> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066) --> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954) --> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839) --> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Shape Solitaire --> "C:\Program Files\Dekovir.com\Shape Solitaire\uninstall.exe" Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG Skip98 --> C:\Program Files\Stratoware\StratoUNIP\UNIP.exe UNINSTALL Skip98_1.3 SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} SubDownloader --> "C:\Program Files\Subdownloader\uninstall.exe" Super Jigsaw Anne Geddes "Down in the Garden" --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-GED~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\GeddesGarden-INSTALL.LOG Super Jigsaw Butterflies --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-BUT~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Butterflies-INSTALL.LOG Super Jigsaw Flowers --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-FLO~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Flowers-INSTALL.LOG Super Jigsaw GreatArt --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-GRE~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\GreatArt-INSTALL.LOG Super Jigsaw Landscapes --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-LAN~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Landscapes-INSTALL.LOG Super Jigsaw Lighthouses --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-LIG~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Lighthouses-INSTALL.LOG Super Jigsaw Medley --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-MED~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\MEDLEY~1.LOG Super Jigsaw Medley 2 --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-MED~2.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Medley2-INSTALL.LOG Super Jigsaw Pets --> C:\PROGRA~1\GAMEHO~1\Jigsaw\un-Pets.exe /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Pets-INSTALL.LOG Super Jigsaw Starter --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-STA~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Starter-INSTALL.LOG Super Jigsaw USA Starter --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-USA~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\USAStarter-INSTALL.LOG Super Jigsaw Wyland --> C:\PROGRA~1\GAMEHO~1\Jigsaw\UN-WYL~1.EXE /U C:\PROGRA~1\GAMEHO~1\Jigsaw\Wyland-INSTALL.LOG SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TextTwist --> MsiExec.exe /I{2953114C-C857-431B-A8DA-1756C39ACEC2} Top Ten Solitaire --> C:\WINDOWS\iun6002.exe "C:\Program Files\Top Ten Solitaire\irunin.ini" UltraISO Premium V9.3 --> "C:\Program Files\UltraISO\unins000.exe" Undelete Plus 2.71 --> "C:\Program Files\FDRLab\Undelete Plus\unins000.exe" Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb955433) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D9806966-6AA1-4B55-9528-6748E37CEE86} Update for Windows XP (KB951072-v2) --> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" USB-IrDA Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9 VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48963B63-7A10-49D6-8B08-61E6132453D0}\Setup.exe" -l0x9 ViewSonic Windows XP Signed Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9 VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe" Windows Genuine Advantage Notifications (KB905474) --> Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe Word Jong To Go --> MsiExec.exe /I{FEC3D4D5-AC0E-4D78-81B0-C666E41E81BB} WordPerfect Office X3 --> "C:\Program Files\WordPerfect Office X3\Cabs\MSILauncher.exe" "{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" WordPerfect Office X3 --> MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} XML Paper Specification Shared Components Pack 1.0 --> Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe" Your Uninstaller! 2008 Version 6.0 --> "C:\Program Files\Your Uninstaller 2008\unins000.exe" ComboFix 08-08-30.03 - Edith 2008-08-31 11:28:35.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.551 [GMT -5:00] Running from: C:\Documents and Settings\Edith\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Edith\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\bin.clearspring.com C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\interclick.com C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\#SharedObjects\VH8E3GPU\interclick.com\ud.sol C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Edith\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Edith\Application Data\rhcp0ej0ep9a C:\Program Files\rhcp0ej0ep9a C:\WINDOWS\BM97bfafac.txt C:\WINDOWS\pskt.ini C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\ibhcuipq.dll C:\WINDOWS\system32\lphct0ej0ep9a.exe C:\WINDOWS\system32\MSDcLkkj.ini C:\WINDOWS\system32\MSDcLkkj.ini2 C:\WINDOWS\system32\phct0ej0ep9a.bmp C:\WINDOWS\system32\pnwoickv.dll C:\WINDOWS\system32\qpiuchbi.ini C:\WINDOWS\system32\whwqtrlf.dll C:\WINDOWS\system32\wybhee.dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))) . 2040-09-18 00:01 . 2040-09-18 00:01 3,120 --a------ C:\WINDOWS\.lfa 2008-08-30 23:03 . 2008-08-30 23:03 0 --a------ C:\WINDOWS\BM97bfafac.xml 2008-08-26 17:20 . 2008-08-26 17:21 <DIR> d-------- C:\Program Files\Eye of the Storm 2008-08-26 10:25 . 2008-08-26 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IM 2008-08-26 10:23 . 2008-08-26 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail 2008-08-26 00:15 . 2008-08-26 00:16 <DIR> d-------- C:\Program Files\YARD SALE 2008-08-25 23:27 . 2008-08-26 00:15 <DIR> d-------- C:\Program Files\RegistryPatrol3(2).0 2008-08-24 00:44 . 2008-08-24 00:44 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-08-17 22:29 . 2008-08-17 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Slapdash Games 2008-08-17 13:33 . 2008-08-17 13:33 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Runes of Avalon 2008-08-16 17:56 . 2008-08-18 15:35 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Hoyle Puzzle and Board Games 2008-08-16 17:56 . 2008-08-16 17:56 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Hoyle FaceCreator 2008-08-14 16:43 . 2007-08-14 21:29 345,984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys 2008-08-14 16:43 . 2007-08-08 19:55 163,927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll 2008-08-14 16:43 . 2007-08-08 19:57 15,488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys 2008-08-14 16:43 . 2007-08-08 19:57 12,800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys 2008-08-14 16:43 . 2007-08-08 19:57 5,120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys 2008-08-14 02:57 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-14 02:56 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 14:57 . 2008-08-13 14:57 <DIR> d-------- C:\WINNT 2008-08-13 14:54 . 2008-08-13 14:54 <DIR> d-------- C:\Program Files\Susteen 2008-08-10 19:16 . 2008-08-10 19:57 <DIR> d-------- C:\Program Files\Alawar 2008-08-09 23:07 . 2008-08-09 23:07 <DIR> d-------- C:\Program Files\PrevxCSI 2008-08-09 23:07 . 2008-08-09 23:10 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys 2008-08-09 20:29 . 2008-08-09 20:29 <DIR> d-------- C:\Program Files\Little Shop Road Trip 2008-08-08 22:53 . 2008-08-08 22:53 876 --a------ C:\WINDOWS\$_hpcst$.hpc 2008-08-06 23:00 . 2008-08-22 15:34 <DIR> d-------- C:\Program Files\Subdownloader 2008-08-05 17:33 . 2008-08-05 17:33 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\EleFun Games 2008-08-04 19:45 . 2008-08-04 19:45 36 --a------ C:\WINDOWS\Tiny_Run.ini 2008-08-04 19:24 . 2008-08-04 19:24 <DIR> d-------- C:\Program Files\UltraISO 2008-08-04 19:24 . 2008-08-04 19:24 <DIR> d-------- C:\Program Files\Common Files\EZB Systems 2008-08-04 12:18 . 2008-08-04 12:18 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\WeatherWatcher 2008-08-04 12:17 . 2008-08-04 12:18 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\WeatherWatcherLive 2008-08-04 12:17 . 2004-05-27 02:32 102,400 --a------ C:\WINDOWS\system32\unzip32.dll 2008-08-02 10:46 . 2008-08-02 10:46 1,071 --a------ C:\WINDOWS\AWMODEM.INF 2008-07-31 11:18 . 2008-07-31 11:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-30 20:42 . 2008-08-26 00:02 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-07-30 20:11 . 2008-07-30 20:29 <DIR> d-------- C:\Program Files\FileSubmit 2008-07-30 20:05 . 2008-07-30 20:05 106,544 --a------ C:\WINDOWS\system32\TWEAKUI.CPL 2008-07-28 18:23 . 2008-07-28 18:23 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-28 18:23 . 2008-07-28 20:59 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-07-28 18:22 . 2008-03-07 12:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-28 18:22 . 2008-03-07 12:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-28 18:22 . 2008-03-07 12:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-27 19:05 . 2008-07-27 19:05 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Gold Casual Games 2008-07-27 19:05 . 2008-07-27 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games 2008-07-27 18:55 . 2008-08-24 22:17 <DIR> d-------- C:\Program Files\LeeGTs Games 2008-07-25 10:40 . 2008-08-19 20:36 <DIR> d-------- C:\Program Files\Bug Doctor 2008-07-24 08:29 . 2004-08-04 07:00 30,720 --a------ C:\WINDOWS\system32\iologmsg.dll 2008-07-24 08:29 . 2004-08-04 07:00 30,720 --a--c--- C:\WINDOWS\system32\dllcache\iologmsg.dll 2008-07-23 21:50 . 2008-07-23 21:50 <DIR> d--hs---- C:\INCINERATE 2008-07-21 16:02 . 2008-07-21 16:02 <DIR> d-------- C:\Program Files\Quick StartUp 2008-07-20 22:35 . 2008-07-20 22:35 <DIR> d-------- C:\Program Files\Siber Systems 2008-07-20 18:37 . 2008-08-26 00:16 <DIR> d-------- C:\Documents and Settings\Administrator 2008-07-19 17:35 . 2008-07-19 23:55 <DIR> d-------- C:\Program Files\Your Uninstaller 2008 2008-07-19 17:35 . 2008-08-31 00:05 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-19 11:04 . 2008-07-19 11:04 <DIR> d-------- C:\Program Files\eCleaner 2008-07-19 09:08 . 2008-06-23 11:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-19 09:08 . 2008-06-23 11:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-19 09:08 . 2008-06-23 11:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-19 09:08 . 2008-06-23 11:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-19 09:08 . 2008-06-23 11:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-19 09:08 . 2008-06-23 11:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-19 09:08 . 2008-06-23 04:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-18 22:51 . 2008-08-27 03:42 <DIR> d-------- C:\Program Files\ePrompter 2008-07-18 05:14 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-17 19:48 . 2008-04-14 05:42 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-07-17 19:48 . 2008-04-13 22:57 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll 2008-07-17 19:45 . 2008-04-14 05:41 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll 2008-07-17 19:45 . 2008-04-14 05:41 400,384 --a--c--- C:\WINDOWS\system32\dllcache\fxsxp32.dll 2008-07-17 19:45 . 2008-04-14 05:41 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll 2008-07-17 19:45 . 2008-04-14 05:41 285,184 --a--c--- C:\WINDOWS\system32\dllcache\fxscomex.dll 2008-07-17 19:45 . 2008-04-14 05:42 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe 2008-07-17 19:45 . 2008-04-14 05:42 267,776 --a--c--- C:\WINDOWS\system32\dllcache\fxssvc.exe 2008-07-17 19:45 . 2008-04-14 05:41 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll 2008-07-17 19:45 . 2008-04-14 05:41 23,552 --a--c--- C:\WINDOWS\system32\dllcache\fxsmon.dll 2008-07-17 19:43 . 2008-04-14 05:41 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll 2008-07-17 19:42 . 2008-07-17 19:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-07-17 19:42 . 2008-04-14 05:42 142,848 --a------ C:\WINDOWS\system32\fxsclnt.exe 2008-07-17 19:42 . 2008-04-14 05:42 142,848 --a--c--- C:\WINDOWS\system32\dllcache\fxsclnt.exe 2008-07-17 14:49 . 2008-07-18 07:24 <DIR> d-------- C:\Program Files\a-squared Free 2008-07-17 14:39 . 2008-07-17 14:39 <DIR> d-------- C:\Program Files\CCleaner 2008-07-17 14:37 . 2008-07-31 11:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-07-17 14:37 . 2008-07-31 11:18 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\SUPERAntiSpyware.com 2008-07-17 14:37 . 2008-07-17 14:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-17 13:42 . 2008-07-17 13:42 <DIR> d-------- C:\WINDOWS\ERUNT 2008-07-17 13:20 . 2008-07-16 15:43 211 --a------ C:\boot.ini.orig 2008-07-16 08:38 . 2008-07-16 08:54 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Simply Super Software 2008-07-16 08:38 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-07-16 08:38 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-07-16 08:38 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-07-16 08:38 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-07-16 08:38 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-07-14 16:52 . 2008-08-31 11:34 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-07-14 14:38 . 2008-07-14 14:38 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\MSNInstaller 2008-07-14 13:01 . 2008-08-31 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI 2008-07-14 12:56 . 2008-07-14 12:59 <DIR> d-------- C:\Documents and Settings\Edith\Application Data\Prevx 2008-07-14 12:55 . 2008-07-14 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2008-07-14 12:55 . 2006-11-23 17:04 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll 2008-07-14 12:55 . 2006-11-23 17:04 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll 2008-07-07 15:26 . 2008-07-07 15:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-31 16:05 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-30 03:43 --------- d-----w C:\Program Files\Playtonium Jigsaw Angels 2008-08-28 02:06 2,828 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-08-27 01:01 --------- d-----w C:\Program Files\Common Files\SoftMap Shared 5 2008-08-26 15:23 --------- d-----w C:\Program Files\IncrediMail 2008-08-25 12:42 --------- d-----w C:\Documents and Settings\Edith\Application Data\Vso 2008-08-24 05:44 --------- d-----w C:\Program Files\Common Files\Real 2008-08-24 05:43 --------- d-----w C:\Program Files\Real 2008-08-24 04:19 --------- d-----w C:\Program Files\Jigsaw365 2008-08-24 03:43 --------- d-----w C:\Program Files\Jigsaws 2008-08-23 15:07 --------- d-----w C:\Documents and Settings\Edith\Application Data\dvdcss 2008-08-20 02:24 --------- d-----w C:\Program Files\GameHouse 2008-08-19 13:06 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-16 03:58 --------- d-----w C:\Documents and Settings\Edith\Application Data\SolSuite 2008-08-14 21:43 --------- d-----w C:\Program Files\NETGEAR 2008-08-14 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-06 02:15 --------- d-----w C:\Documents and Settings\Edith\Application Data\Tibo Software 2008-08-06 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tibo Software 2008-07-30 23:08 --------- d-----w C:\Program Files\Jigsaw Puzzle Platinum Edition 2008-07-24 02:50 --------- d-----w C:\Program Files\iolo 2008-07-18 20:42 --------- d-----w C:\Documents and Settings\Edith\Application Data\COREL 2008-07-17 23:39 --------- d-----w C:\Program Files\Java 2008-07-17 23:14 --------- d-----w C:\Program Files\PC Doc Pro 2008-07-17 20:36 --------- d-----w C:\Program Files\Google 2008-07-17 19:10 --------- d-----w C:\Program Files\titles 2008-07-16 19:31 --------- d-----w C:\Program Files\Lavasoft 2008-07-16 19:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-08 22:51 --------- d-----w C:\Program Files\Playtonium Jigsaw Animals of Africa 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-30 19:55 --------- d-----w C:\Program Files\AIM6 2008-06-30 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-25 21:16 720,896 ----a-w C:\WINDOWS\iun6002.exe 2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-02 06:19 60 ----a-w C:\Program Files\config.txt 2008-03-20 16:37 47,360 ----a-w C:\Documents and Settings\Edith\Application Data\pcouffin.sys 2007-06-23 00:09 23 ----a-w C:\Program Files\Thanks.txt 2007-06-21 03:19 19,329,832 ----a-w C:\Program Files\game.pak 2007-06-21 03:19 138 ----a-w C:\Program Files\readme.txt 2002-09-11 14:26 63,730 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf 2007-07-18 23:37 88 --sh--r C:\WINDOWS\system32\5D18D964CA.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CreataCard"="C:\Program Files\CreataCard\Gold\FMRemind.exe" [1998-08-31 03:00 189952] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 12:51 50528] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-31 11:20 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "QuickFinder Scheduler"="C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 23:21 83568] "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 07:47 49152] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 14:06 339968] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 07:46 188416] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-24 00:43 185896] "VTTimer"="VTTimer.exe" [2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\NETGEAR\\SC101 Manager Utility\\Client\\SCM.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Susteen\\DataPilot\\DpLauncher.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "56196:TCP"= 56196:TCP::Disabled:Pando P2P TCP Listening Port "56196:UDP"= 56196:UDP::Disabled:Pando P2P UDP Listening Port "56799:TCP"= 56799:TCP::Disabled:Pando P2P TCP Listening Port "56799:UDP"= 56799:UDP::Disabled:Pando P2P UDP Listening Port "20001:UDP"= 20001:UDP:MicroSAN "80:TCP"= 80:TCP:Web R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-09 23:10] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 18:49] R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys [2007-08-08 19:57] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 09:35] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 09:37] R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-08-09 23:10] R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36] R2 SAUSBHW;%SAUSBHW.SvcDesc%;C:\WINDOWS\system32\Drivers\sausb.sys [2001-07-13 14:58] R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys [2007-08-14 21:29] R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38] R2 Z-SANService;Z-SAN Service;C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe [2007-08-08 19:54] R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 06:36] R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28] R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2007-08-08 19:57] R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2007-08-08 19:57] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}] rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,260 . Contents of the 'Scheduled Tasks' folder 2008-08-30 C:\WINDOWS\Tasks\BugDoctorEdith.job - C:\Program Files\Bug Doctor\BugDoctor.exe [2005-12-15 13:36] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Weather - C:\Program Files\AWS\WeatherBug\Weather.exe HKLM-Run-lphct0ej0ep9a - C:\WINDOWS\system32\lphct0ej0ep9a.exe HKLM-Run-SMrhcp0ej0ep9a - C:\Program Files\rhcp0ej0ep9a\rhcp0ej0ep9a.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Edith\Application Data\Mozilla\Firefox\Profiles\k3odfsgj.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.mysanantonio.com/ FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-31 11:33:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\scardsvr.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\WINDOWS\system32\hphipm11.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\sessmgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\vssvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\Setup\avast.setup . ************************************************************************ . Completion time: 2008-08-31 11:38:46 - machine was rebooted [Edith] ComboFix-quarantined-files.txt 2008-08-31 16:38:39 Pre-Run: 59,120,545,792 bytes free Post-Run: 58,973,761,536 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 322 --- E O F --- 2008-08-19 1356 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:00 AM, on 8/31/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\HPHipm11.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\tlntsvr.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CreataCard\Gold\FMRemind.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysanantonio.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [CreataCard] C:\Program Files\CreataCard\Gold\FMRemind.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1182387398187 O16 - DPF: {656FAD09-4DE3-4C34-9600-0928C855FD7A} (AxTaskList Class) - http://moneycentral.msn.com/cabs/pmupd806.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://spinpalace.microgaming.com/freeplay/FlashAX.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe -- End of file - 8061 bytes Hope I did this right.