ComboScan v20070212.14 run by Atif on 2007-02-15 at 08:17:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis log (run as Atif.com) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:18:15 AM, on 2/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Atif\Desktop\comboscan.exe
C:\DOCUME~1\Atif\LOCALS~1\Temp\~ihccwxc.tmp\Atif.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: NoLop.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
-- HijackThis Fixed Entries (C:\Documents and Settings\Atif\Desktop\backups\) ---
backup-20070215-062642-345 O2 - BHO: Zapopz Class - {55D376A0-36CB-4C42-A3B4-E5FC2C92E1ED} - (no file)
backup-20070215-062642-428 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
backup-20070215-062643-655 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - system32\drivers\ADIHdAud.sys
3 AEAudioService (AEAudio Service) - system32\drivers\AEAudio.sys
1 AmdK8 (AMD Processor Driver) - System32\DRIVERS\AmdK8.sys
3 Arp1394 (1394 ARP Client Protocol) - System32\DRIVERS\arp1394.sys
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 hamachi (Hamachi Network Interface) - System32\DRIVERS\hamachi.sys
3 HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - system32\drivers\HdAudio.sys
3 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - System32\DRIVERS\HDAudBus.sys
3 hidusb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
1 kbdhid (Keyboard HID Driver) - System32\DRIVERS\kbdhid.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - system32\drivers\msmpu401.sys
3 MTsensor (ATK0110 ACPI UTILITY) - System32\DRIVERS\ASACPI.sys
3 NIC1394 (1394 Net Driver) - System32\DRIVERS\nic1394.sys
3 nv - System32\DRIVERS\nv4_mini.sys
0 nvata - System32\DRIVERS\nvata.sys
3 NVENETFD (NVIDIA nForce Networking Controller Driver) - System32\DRIVERS\NVENETFD.sys
3 nvnetbus (NVIDIA Network Bus Enumerator) - System32\DRIVERS\nvnetbus.sys
0 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - System32\DRIVERS\ohci1394.sys
0 PCIIde - System32\DRIVERS\pciide.sys
3 SenFiltService (SenFilt Service) - system32\drivers\Senfilt.sys
0 sptd - System32\Drivers\sptd.sys
0 srescan - system32\ZoneLabs\srescan.sys
0 szkg - system32\DRIVERS\szkg.sys
3 tmcfw (Trend Micro Common Firewall Service) - system32\DRIVERS\TM_CFW.sys
2 tmcomm - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
2 tmmbd (Trend Micro MBD Driver) - system32\DRIVERS\tm_mbd_c.sys
2 Tmpreflt - system32\drivers\Tmpreflt.sys
1 tmtdi (Trend Micro TDI Driver) - system32\DRIVERS\tmtdi.sys
2 tmxpflt - system32\drivers\TmXPFlt.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - System32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
2 Vsapint - system32\drivers\VsapiNT.sys
1 vsdatant - System32\vsdatant.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\System32\nvsvc32.exe
2 PcCtlCom (Trend Micro Central Control Component) - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
3 PcScnSrv (Trend Micro Protection Against Spyware ) - "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe"
2 SDService - C:\Program Files\SpywareDetector\SDService.exe
2 Tmntsrv (Trend Micro Real-time Service) - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
2 TmPfw (Trend Micro Personal Firewall) - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
2 tmproxy (Trend Micro Proxy Service) - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
3 usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe"
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
2 wwSecSvc (Washer AutoComplete) - C:\WINDOWS\system32\wwSecure.exe
-- Scheduled Tasks --------------------------------------------------------------
2007-02-11 09:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
-- Files created between 2007-01-15 and 2007-02-15 ------------------------------
2007-02-15 06:32:49 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-15 06:32:44 0 d-------- C:\WINDOWS\LastGood
2007-02-15 06:17:03 0 d-------- C:\NoLopBackups<NOLOPB~1>
2007-02-14 20:01:29 314368 --a------ C:\WINDOWS\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-12 18:46:26 0 --a------ C:\Documents and Settings\Atif\HldsUpdateToolTmp.exe<HLDSUP~3.EXE><Unsigned: n/a>
2007-02-12 18:46:26 1167360 --a------ C:\Documents and Settings\Atif\HldsUpdateToolNew.exe<HLDSUP~2.EXE><Unsigned: Valve Corporation>
2007-02-12 01:41:17 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-02-11 22:35:45 0 d-------- C:\HLServer
2007-02-09 12:22:37 0 d-------- C:\Program Files\Steam
2007-02-09 10:44:03 0 --a------ C:\Documents and Settings\Atif\hldsupdatetool.exe<HLDSUP~1.EXE><Unsigned: n/a>
2007-02-07 01:07:32 0 d-------- C:\Program Files\Blaze Media Pro<BLAZEM~1>
2007-02-07 00:18:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{86DA1710-DC61-458B-82EF-D7944F55C107}<{86DA1~1>
2007-02-06 23:52:53 0 d-------- C:\Program Files\ContextConvert Pro<CONTEX~1>
2007-02-06 23:52:46 0 d-------- C:\Program Files\Common Files\MimarSinan<MIMARS~1>
2007-02-05 15:40:26 0 d-------- C:\Program Files\Windows Live Toolbar<WI81E8~1>
2007-02-03 14:13:01 0 d-------- C:\WINDOWS\Performance<PERFOR~1>
2007-02-03 14:12:22 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation<MICROS~2>
2007-02-03 14:12:10 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor<MICROS~2>
2007-02-03 14:08:10 0 dr--s---- C:\WINDOWS\assembly
2007-02-03 14:07:11 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-02-02 15:15:32 0 d-------- C:\Documents and Settings\Atif\Application Data\.BitTornado<BITTOR~1>
2007-02-02 15:15:16 0 d-------- C:\Program Files\BitTornado<BITTOR~1>
2007-02-01 20:23:04 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-01 13:40:31 0 d-------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-01 13:39:34 0 d--h---c- C:\WINDOWS\ie7
2007-02-01 11:55:09 0 d-------- C:\66951bc91c476c38f9ecf958c8cdbf<66951B~1>
2007-01-31 08:08:05 0 d-------- C:\Documents and Settings\Atif\Application Data\Google
2007-01-31 08:07:20 0 d-------- C:\Program Files\Google
2007-01-28 11:23:48 0 d-------- C:\Documents and Settings\Atif\Application Data\Help
2007-01-25 17:47:28 0 d-------- C:\!KillBox
2007-01-25 06:54:59 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-01-25 06:52:14 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-25 06:52:04 0 d-------- C:\Program Files\Grisoft
2007-01-24 14:07:08 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll<Unsigned: Microsoft Corporation>
2007-01-24 14:07:07 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll<Unsigned: Microsoft Corporation>
2007-01-24 14:07:03 63488 --a------ C:\WINDOWS\system32\unam4ie.exe<Unsigned: Microsoft Corporation>
2007-01-24 14
58 10240 --a------ C:\WINDOWS\system32\vidx16.dll<Unsigned: n/a>
2007-01-24 14
57 194320 --a------ C:\WINDOWS\system32\qcut.dll<Unsigned: Microsoft Corporation>
2007-01-24 14
56 4608 --a------ C:\WINDOWS\system32\w95inf32.dll<Unsigned: Microsoft Corporation>
2007-01-24 14
55 2272 --a------ C:\WINDOWS\system32\w95inf16.dll<Unsigned: Microsoft Corporation>
2007-01-24 13:53:48 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2007-01-21 21:44:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trend Micro<TRENDM~1>
2007-01-21 07:46:09 0 d-------- C:\Documents and Settings\Atif\.housecall6.6<HOUSEC~1.6>
2007-01-21 06:08:00 0 d-------- C:\WINDOWS\BDOSCAN8
2007-01-21 03:18:15 0 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-01-21 02:48:49 45056 -r------- C:\WINDOWS\system32\zats186.dll<Unsigned: 186 Productions>
2007-01-21 02:48:01 0 d-------- C:\WINDOWS\system32\ZeroAdsSetupFiles3.4.265<ZEROAD~1.265>
2007-01-21 02:37:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic Anti-Spyware<PARETO~1>
2007-01-21 02:19:13 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-01-21 01:59:35 63 --a------ C:\WINDOWS\system\SysSD.dll<Unsigned: n/a>
2007-01-21 01:59:10 1032192 --a------ C:\WINDOWS\system32\VchReg.dll<Unsigned: Max Secure Software>
2007-01-21 01:59:08 0 d-------- C:\Program Files\SpywareDetector<SPYWAR~2>
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll<Signed: Microsoft Corp.>
2007-01-19 05:49:15 150528 --a------ C:\WINDOWS\unSpySweeper.exe<UNSPYS~1.EXE><Unsigned: Webroot Software, Inc.>
2007-01-19 05:45:52 0 d-------- C:\Documents and Settings\Atif\Application Data\Webroot
2007-01-19 05:45:50 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-01-19 05:45:21 57344 --a------ C:\WINDOWS\Unwash6.exe<Unsigned: Webroot Software, Inc.>
2007-01-19 05:45:21 487936 --a------ C:\WINDOWS\system32\wwSecure.exe<Unsigned: Webroot Software, Inc.>
2007-01-19 03:51:59 0 d-------- C:\WINDOWS\system32\athan
2007-01-19 03:51:55 0 d-------- C:\Program Files\Athan
2007-01-17 23:42:51 0 d-------- C:\Documents and Settings\Atif\Application Data\Lavasoft
2007-01-17 22:47:38 0 d-------- C:\Program Files\Webroot
2007-01-17 19:17:45 0 d-------- C:\TEMP
2007-01-17 19:15:13 0 d-------- C:\Program Files\Kelloggs Horrible Science<KELLOG~1>
2007-01-17 18:13:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-01-17 17:16:29 0 d-------- C:\Documents and Settings\Atif\Application Data\CHINBINDBUILD<CHINBI~1>
2007-01-17 17:16:17 0 d-------- C:\Program Files\Messenger Plus! Live<MESSEN~2>
-- Find3M Report ----------------------------------------------------------------
2007-02-15 07:20:57 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-15 07:16:26 0 d-------- C:\Program Files\iTunes
2007-02-13 00:24:51 0 d-------- C:\Program Files\Java
2007-02-12 19:20:10 0 d-------- C:\Program Files\eMule
2007-02-11 15:13:41 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-11 15:12:58 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-07 17:45:44 0 d-------- C:\Program Files\Valve
2007-02-05 15:42:46 0 d---s---- C:\Documents and Settings\Atif\Application Data\Microsoft<MICROS~1>
2007-02-05 15:40:06 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-01-31 08:07:19 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-28 15:47:03 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-01-24 17:45:46 102800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys<Signed: Trend Micro Inc.>
2007-01-13 00:05:29 0 d-------- C:\Documents and Settings\Atif\Application Data\World Market Watch<WORLDM~1>
2007-01-10 11:23:15 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys<Unsigned: n/a>
2007-01-10 11:19:17 0 d-------- C:\Program Files\The Rosetta Stone<THEROS~1>
2007-01-08 16:04:31 0 d-------- C:\Documents and Settings\Atif\Application Data\Real
2007-01-08 16:04:31 0 d-------- C:\Documents and Settings\Atif\Application Data\Media Player Classic<MEDIAP~1>
2007-01-08 16:04:05 0 d-------- C:\Program Files\Real Alternative<REALAL~1>
2007-01-08 16:04:02 0 d-------- C:\Program Files\Media Player Classic<MEDIAP~1>
2007-01-08 15:56:14 0 d-------- C:\Documents and Settings\Atif\Application Data\.gaim<GAIM~1>
2007-01-07 18:43:58 0 d-------- C:\Program Files\Pointstone<POINTS~1>
2006-12-29 23:15:49 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2006-12-29 22:02:38 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment<BLIZZA~1>
2006-12-27 18:53:17 0 d-------- C:\Documents and Settings\Atif\Application Data\PC Tools<PCTOOL~1>
2006-12-27 03:17:21 0 d-------- C:\Documents and Settings\Atif\Application Data\Macromedia<MACROM~1>
2006-12-27 03:16:47 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2006-12-27 03:16:27 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2006-12-26 15:40:30 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2006-12-26 03:00:50 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2006-12-26 02:21:59 0 d-------- C:\Documents and Settings\Atif\Application Data\LimeWire
2006-12-24 20:28:58 0 d-------- C:\Program Files\HP
2006-12-21 23:48:29 0 d-------- C:\Program Files\Gaim
2006-12-21 23:48:19 0 d-------- C:\Program Files\Common Files\GTK
2006-12-19 22:58:45 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2006-12-19 22:47:49 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2006-12-19 17:40:42 0 d-------- C:\Documents and Settings\Atif\Application Data\System Requirements Lab<SYSTEM~1>
2006-12-19 17:40:41 0 d-------- C:\Program Files\Common Files\SystemRequirementsLab<SYSTEM~1>
2006-12-19 09:16:11 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2006-12-19 09:15:59 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2006-12-18 10:14:59 0 d-------- C:\Documents and Settings\Atif\Application Data\Adobe
2006-12-11 05:54:38 671 --a------ C:\WINDOWS\mozver.dat
2006-12-09 23:48:26 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-09 22:54:39 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-09 22:42:00 62 --ahs---- C:\Documents and Settings\Atif\Application Data\desktop.ini
2006-12-09 21:43:03 0 -rahs---- C:\MSDOS.SYS<Unsigned: n/a>
2006-12-09 21:43:03 0 -rahs---- C:\IO.SYS<Unsigned: n/a>
2006-12-09 21:43:03 0 --a------ C:\CONFIG.SYS<Unsigned: n/a>
2006-12-09 21:43:03 0 --a------ C:\AUTOEXEC.BAT
2006-12-07 12:39:28 1077248 --a------ C:\WINDOWS\system32\NMSDVDX.dll<Unsigned: NuMedia Soft, Inc.>
2006-12-07 12:39:16 1101824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll<Unsigned: NuMedia Soft, Inc.>
2006-11-30 15:19:38 159744 --a------ C:\WINDOWS\system32\DirectEncode.dll<DIRECT~1.DLL><Unsigned: Essien Research & Development>
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Steam"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
"OE"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\TMAS_OE\\TMAS_OEMon.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"Athan"="C:\\Program Files\\Athan\\Athan.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2007\\pccguide.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000001
"NoInternetIcon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of ComboScan: finished at 2007-02-15 at 08:19:11 -------------------------
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71
Directory of C:\Documents and Settings\All Users\Application Data
12/09/2006 04:29 PM <DIR> Adobe
12/09/2006 07:27 PM <DIR> Apple Computer
12/09/2006 08:39 PM <DIR> Office Genuine Advantage
12/09/2006 04:34 PM <DIR> Spybot - Search & Destroy
12/09/2006 08:34 PM <DIR> Windows Genuine Advantage
0 File(s) 0 bytes
5 Dir(s) 58,097,188,864 bytes free
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71
Directory of C:\Documents and Settings\Atif\Application Data
02/02/2007 03:15 PM <DIR> .BitTornado
01/08/2007 03:56 PM <DIR> .gaim
12/18/2006 10:14 AM <DIR> Adobe
12/09/2006 11:56 PM <DIR> Apple Computer
01/21/2007 06:13 AM <DIR> CHINBINDBUILD
01/31/2007 08:08 AM <DIR> Google
12/14/2006 10:49 AM <DIR> Hamachi
01/28/2007 11:23 AM <DIR> Help
12/09/2006 11:04 PM <DIR> Identities
01/22/2007 04:33 AM <DIR> Lavasoft
12/26/2006 02:21 AM <DIR> LimeWire
12/27/2006 03:17 AM <DIR> Macromedia
01/08/2007 04:04 PM <DIR> Media Player Classic
12/09/2006 11:48 PM <DIR> Mozilla
12/27/2006 06:53 PM <DIR> PC Tools
01/08/2007 04:04 PM <DIR> Real
12/11/2006 05:55 AM <DIR> Sun
12/19/2006 05:40 PM <DIR> System Requirements Lab
01/19/2007 05:45 AM <DIR> Webroot
01/13/2007 12:05 AM <DIR> World Market Watch
0 File(s) 0 bytes
20 Dir(s) 58,097,184,768 bytes free
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71
Directory of C:\Documents and Settings\Default User\Application Data
12/09/2006 09:33 PM <DIR> .
12/09/2006 09:33 PM <DIR> ..
12/09/2006 09:33 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 58,097,184,768 bytes free
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71
Directory of C:\Documents and Settings\LocalService\Application Data
Volume in drive C has no label.
Volume Serial Number is A0F2-EE71
Directory of C:\Documents and Settings\NetworkService\Application Data
[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties
ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/11/2007 9:51:00
NextRun: 02/18/2007 9:51:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0
1 Trigger
Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: U......
StartDate: 12/09/2006
EndDate: 00/00/0000
StartTime: 09:51
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
NoLop! Log by Skate_Punk_21
Fix running from: C:\Program Files\Mozilla Firefox
[2/15/2007]
[6:16:07 AM]
---Infection Files Found/Removed---
C:\WINDOWS\tasks\94982E3B855FA34F.job
Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**
---Listing AppData sub directories---
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Apple Computer
C:\Documents and Settings\All Users.windows\Application Data\Macromedia
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Microsoft Corporation
C:\Documents and Settings\All Users.windows\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users.windows\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\Paretologic Anti-spyware
C:\Documents and Settings\All Users.windows\Application Data\Real -- EMPTY Directory
C:\Documents and Settings\All Users.windows\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users.windows\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users.windows\Application Data\Trend Micro
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\{86da1710-dc61-458b-82ef-d7944f55c107}
C:\Documents and Settings\Atif\Application Data\.bittornado
C:\Documents and Settings\Atif\Application Data\.gaim
C:\Documents and Settings\Atif\Application Data\Adobe
C:\Documents and Settings\Atif\Application Data\Apple Computer
C:\Documents and Settings\Atif\Application Data\Chinbindbuild
C:\Documents and Settings\Atif\Application Data\Google
C:\Documents and Settings\Atif\Application Data\Hamachi
C:\Documents and Settings\Atif\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Atif\Application Data\Identities
C:\Documents and Settings\Atif\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Atif\Application Data\Limewire
C:\Documents and Settings\Atif\Application Data\Macromedia
C:\Documents and Settings\Atif\Application Data\Media Player Classic
C:\Documents and Settings\Atif\Application Data\Microsoft
C:\Documents and Settings\Atif\Application Data\Mozilla
C:\Documents and Settings\Atif\Application Data\Pc Tools
C:\Documents and Settings\Atif\Application Data\Real
C:\Documents and Settings\Atif\Application Data\Sun
C:\Documents and Settings\Atif\Application Data\System Requirements Lab
C:\Documents and Settings\Atif\Application Data\Webroot
C:\Documents and Settings\Atif\Application Data\World Market Watch -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
-------------------------------------------------------------------
Activescan - Panda
Incident Status Location
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Atif\Cookies\atif@888[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Atif\Cookies\atif@atdmt[1].txt
=================================================================
Sorry, my browser wouldn't let me attach this file:
ComboScan v20070212.14 run by Atif on 2007-02-15 at 08:17:59
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information -----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 510.48 MiB / 128.16 MiB
Pagefile Memory (total/avail): 1246.87 MiB / 720.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1993.45 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 114.48 GiB total, 54.08 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
-- Security Center --------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: ZoneAlarm Pro Firewall v6.5.737.000 (Zone Labs, Inc.)
FW: Trend Micro PC-cillin Internet Security (Firewall) v15 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security 2007 v15.00.1433 (Trend Micro, Inc.)
-- Environment Variables --------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Atif\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ATIF-V00TSHKJO6
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Atif
LOGONSERVER=\\ATIF-V00TSHKJO6
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Atif\LOCALS~1\Temp
TMP=C:\DOCUME~1\Atif\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ATIF-V00TSHKJO6
USERNAME=Atif
USERPROFILE=C:\Documents and Settings\Atif
windir=C:\WINDOWS
-- User Profiles ----------------------------------------------------------------
Atif
(admin)
-- Add/Remove Programs ----------------------------------------------------------
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitTornado 0.3.18 --> C:\Program Files\BitTornado\uninst.exe
Blaze Media Pro --> "C:\Documents and Settings\All Users.WINDOWS\Application Data\{86DA1710-DC61-458B-82EF-D7944F55C107}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
ContextConvert Pro --> "C:\Program Files\Common Files\MimarSinan\Installation Information\{DE05C377-B3AF-4447-9227-B9308203C500}\{64E3AE46-13E6-4613-B688-8F29D3120C15}\mia.exe" REMOVE=TRUE MODIFY=FALSE
Dev-C++ 4 --> C:\WINDOWS\uninst.exe -fC:\Dev-C++\DeIsL1.isu -cC:\Dev-C++\_ISREG32.DLL
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Gaim (remove only) --> C:\Program Files\Gaim\gaim-uninst.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\DOCUME~1\Atif\LOCALS~1\Temp\Rar$EX00.281\HijackThis.exe /uninstall
Horrible Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D049E2F-F15E-40A7-BEDD-CF3C84C6C720}\setup.exe" -l0x9 -removeonly
HP Deskjet 3840 --> msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Messenger Plus! Live & Sponsor --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
noSteam Counter-Strike 1.6 v.7 --> C:\PROGRA~1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye12.tmp\UNWISE.EXE C:\PROGRA~1\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bye12.tmp\INSTALL.LOG
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PromaSoft Autoresponder --> "C:\Program Files\PromaSoft Autoresponder\unins000.exe"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe
Trend Micro PC-cillin Internet Security 2007 --> msiexec.exe /i {BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Trend Micro PC-cillin Internet Security 2007 --> MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Vista Upgrade Advisor --> MsiExec.exe /I{86BB059D-1231-457B-B88F-F9B315A18F90}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XPlite PROFESSIONAL --> "C:\Documents and Settings\Atif\Desktop\XPlite.exe" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- End of ComboScan: finished at 2007-02-15 at 08:19:11 -------------------------