[bschiele]

Here is my MBAM Log, broken into two posts because it is too long to post as one.

Malwarebytes' Anti-Malware 1.41
Database version: 3192
Windows 5.1.2600 Service Pack 3

11/18/2009 5:53:54 AM
mbam-log-2009-11-18 (05-53-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194102
Time elapsed: 3 hour(s), 40 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 338

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegTool (Rogue.RegTool) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260 (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490 (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570 (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Results (Rogue.RegTool) -> No action taken.
C:\Program Files\RegTool (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RegTool (Rogue.RegTool) -> No action taken.

Files Infected:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP773\A0183921.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP787\A0203153.sys (Rootkit.Rustock) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\resultsw.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\spy_ignore.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-10 16-53-100.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-10 17-13-560.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-10 17-26-130.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-10 17-28-290.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-15 12-00-080.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-15 12-00-100.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-16 12-38-400.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-17 17-25-180.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-17 18-02-030.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-17 18-38-370.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-17 21-10-520.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Logs\2009-11-17 21-25-510.log (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\filelist.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-0.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-1.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-10.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-100.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-101.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-102.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-103.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-104.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-105.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-106.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-107.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-108.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-109.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-11.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-110.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-111.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-112.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-113.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-114.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-115.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-116.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-117.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-118.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-119.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-12.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-120.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-121.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-122.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-123.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-124.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-125.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-126.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-127.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-128.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-129.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-13.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-130.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-131.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-132.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-133.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-134.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-135.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-136.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-137.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-138.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-139.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-14.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-140.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-141.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-142.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-143.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-144.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-145.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-146.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-147.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-148.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-149.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-15.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-150.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-151.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-152.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-153.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-154.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-155.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-156.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-157.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-158.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-159.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-16.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-160.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-161.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-162.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-163.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-164.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-165.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-166.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-167.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-168.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-169.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-17.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-170.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-171.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-172.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-173.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-174.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-175.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-176.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-177.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-178.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-179.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-18.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-180.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-181.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-182.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-183.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-184.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-185.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-186.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-187.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-188.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-189.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-19.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-190.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-191.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-192.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-193.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-194.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-195.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-196.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-197.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-198.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-199.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-2.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-20.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-200.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-201.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-202.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-203.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-204.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-205.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-206.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-207.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-208.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-209.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-21.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-210.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-211.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-212.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-213.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-214.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-215.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-216.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-217.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-218.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-219.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-22.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-220.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-221.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-222.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-223.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-224.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-225.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-226.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-227.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-228.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-229.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-23.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-230.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-231.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-232.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-233.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-234.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-235.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-236.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-237.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-238.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-239.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-24.db (Rogue.RegTool) -> No action taken.

[bschiele]

C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-240.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-241.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-242.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-243.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-244.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-245.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-246.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-247.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-248.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-249.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-25.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-250.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-251.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-252.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-253.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-254.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-255.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-256.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-257.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-258.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-259.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-26.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-27.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-28.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-29.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-3.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-30.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-31.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-32.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-33.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-34.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-35.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-36.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-37.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-38.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-39.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-4.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-40.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-41.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-42.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-43.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-44.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-45.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-46.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-47.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-48.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-49.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-5.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-50.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-51.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-52.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-53.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-54.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-55.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-56.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-57.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-58.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-59.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-6.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-60.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-61.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-62.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-63.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-64.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-65.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-66.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-67.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-68.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-69.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-7.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-70.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-71.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-72.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-73.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-74.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-75.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-76.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-77.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-78.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-79.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-8.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-80.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-81.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-82.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-83.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-84.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-85.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-86.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-87.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-88.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-89.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-9.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-90.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-91.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-92.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-93.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-94.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-95.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-96.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-97.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-98.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-00-260\regb-99.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\filelist.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-0.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-1.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-10.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-11.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-12.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-13.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-14.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-2.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-3.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-4.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-5.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-6.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-7.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-8.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-35-490\regb-9.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\filelist.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-0.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-1.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-10.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-11.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-12.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-13.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-14.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-15.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-16.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-17.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-18.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-19.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-2.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-20.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-21.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-22.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-23.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-24.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-25.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-26.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-27.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-28.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-29.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-3.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-4.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-5.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-6.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-7.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-8.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\QuarantineW\2009-11-10 17-45-570\regb-9.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Results\Evidence.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Results\Junk.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Results\Registry.db (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\Bryan Schiele\Application Data\RegTool\Results\Update.db (Rogue.RegTool) -> No action taken.
C:\Program Files\RegTool\definitions.db (Rogue.RegTool) -> No action taken.
C:\Program Files\RegTool\privacy.db (Rogue.RegTool) -> No action taken.
C:\Program Files\RegTool\RegTool.exe (Rogue.RegTool) -> No action taken.
C:\Program Files\RegTool\RegTool.url (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RegTool\RegTool Help.lnk (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RegTool\RegTool on the Web.lnk (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\RegTool\RegTool.lnk (Rogue.RegTool) -> No action taken.
C:\Documents and Settings\All Users\Desktop\RegTool.lnk (Rogue.RegTool) -> No action taken.
C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.

[muppy03]

Quote:

No action taken

Did you fix/ remove all the selected Items?

[bschiele]

Yes, I removed all the selected items and then it restarted my computer to remove the remaining items. My computer restarted perfectly normal without needing to use the F8 function to reboot.

[muppy03]

Quote:

Yes, I removed all the selected items and then it restarted my computer to remove the remaining items. My computer restarted perfectly normal without needing to use the F8 function to reboot.

Ok now we are cooking!

I asked earlier if you could post the balance of the Combofix log. If it is there that is. What you posted was only partial. If it is not complete please do the following instead and see if RSIT will run now.

NEXT Download and Run: RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-

• RSIT logs ( info.txt and log.txt)

[bschiele]

Great!! Need to post this in multiple posts, the logs are long, but RSIT is working now but I do not have the complete Combofix log.

First:

info.txt logfile of random's system information tool 1.06 2009-11-19 03:02:48

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\SBAudigy\Program\CTZapxx.EXE" ctsbmb.ini /U /N /S /W
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Andrea VoiceCenter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}\Setup.exe" -Remove
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETU P.EXE -U -Idel1028k.inf
Creative Audio Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{5EEE551B-7692-4D68-91BF-DAD745243AFB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellConnect-->MsiExec.exe /X{52D56C42-8C69-4882-A661-39695537C9CF}
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Codec Pack 4.3.4 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninst all.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.ex e"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst. exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PokerStars-->C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RegTool-->MsiExec.exe /X{3488685E-6364-4327-81E1-CFFB8C60E451}
RollerCoaster Tycoon 2: Wacky Worlds-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1AD83A0-DC92-41E3-B111-E9472349768C}\SETUP.EXE" -l0x9
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snood for Windows version 3.52-W-->"C:\Program Files\Snood\unins000.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
Sound Blaster ADVANCED MB Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB Product Registration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{EEEF992E-270C-4B4C-8389-4B3DEEE33190}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Music Jukebox-->MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O4 - Startup: PowerReg Scheduler V3.exe [2009-11-17]
O1 - Hosts: ??????????????? spyware-protector-2009.com [2009-11-17]
O2 - BHO: (no name) - {1E54BD70-E524-4A22-94FB-B39B3DBBF1F5} - (no file) [2009-11-17]
O20 - AppInit_DLLs: avgrsstx.dll uzkooq.dll mrujgh.dll ssrvfa.dll gtaygi.dll C:\WINDOWS\system32\tahohinu.dll tsmtuq.dll uxpczk.dll gmpypa.dll kbigqv.dll dmawgv.dll fianbr.dll oiudgc.dll [2009-11-17]
O4 - HKUS\S-1-5-19\..\Run: [tapazepine] Rundll32.exe "C:\WINDOWS\system32\nonudoja.dll",s (User '?') [2009-11-17]
O2 - BHO: (no name) - {E8A4224E-2B0B-4AA1-87CC-8B808E090FD4} - (no file) [2009-11-17]
O4 - S-1-5-21-3448593371-4056756141-39484967-1006 Startup: PowerReg Scheduler V3.exe (User '?') [2009-11-17]
O1 - Hosts: ::1 localhost [2009-11-17]
O1 - Hosts: ??????????????? secure.spyware-protector-2009.com [2009-11-17]
O1 - Hosts: ??????????????? browser-security.microsoft.com [2009-11-17]
O2 - BHO: (no name) - {3B4D3ED1-96C7-4457-89AF-1326CDC6EC2D} - (no file) [2009-11-17]
O1 - Hosts: ??????????????? www.spyware-protector-2009.com [2009-11-17]
O2 - BHO: (no name) - {AE90DE80-0930-45B0-BFD1-D0708AA48DA6} - (no file) [2009-11-17]
O4 - HKUS\S-1-5-20\..\Run: [tapazepine] Rundll32.exe "C:\WINDOWS\system32\nonudoja.dll",s (User '?') [2009-11-17]

======Security center information======

AV: AVG Anti-Virus Free
AV: ZoneAlarm Antivirus (disabled) (outdated)
FW: ZoneAlarm Firewall
FW: PC-cillin Internet Security - Firewall

======System event log======

Computer Name: BRYAN
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Dell Network Assistant"

Record Number: 5496
Source Name: PlugPlayManager
Time Written: 20091030034851.000000-360
Event Type: warning
User:

Computer Name: BRYAN
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Dell Network Assistant"

Record Number: 5495
Source Name: PlugPlayManager
Time Written: 20091030034851.000000-360
Event Type: warning
User:

Computer Name: BRYAN
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Dell Network Assistant"

Record Number: 5494
Source Name: PlugPlayManager
Time Written: 20091030034851.000000-360
Event Type: warning
User:

Computer Name: BRYAN
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Dell Network Assistant"

Record Number: 5493
Source Name: PlugPlayManager
Time Written: 20091030034851.000000-360
Event Type: warning
User:

Computer Name: BRYAN
Event Code: 256
Message: Timed out sending notification of device interface change to window of "Dell Network Assistant"

Record Number: 5492
Source Name: PlugPlayManager
Time Written: 20091030034851.000000-360
Event Type: warning
User:

[bschiele]

Continued:

=====Application event log=====

Computer Name: BRYAN
Event Code: 1517
Message: Windows saved user BRYAN\Bryan Schiele registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 91
Source Name: Userenv
Time Written: 20091110162451.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BRYAN
Event Code: 1517
Message: Windows saved user BRYAN\Bryan Schiele registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 68
Source Name: Userenv
Time Written: 20091110160429.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: BRYAN
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 39
Source Name: Application Hang
Time Written: 20091108163826.000000-420
Event Type: error
User:

Computer Name: BRYAN
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 38
Source Name: Application Hang
Time Written: 20091108152853.000000-420
Event Type: error
User:

Computer Name: BRYAN
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 12
Source Name: Application Hang
Time Written: 20091107194558.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pro gram Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------




Second:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bryan Schiele at 2009-11-19 03:02:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (20%) free of 108 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:45 AM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\BRYANS~1\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bryan Schiele\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Bryan Schiele.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=1061216
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11295 bytes

[bschiele]

Second Continued:

======Scheduled tasks folder======

C:\WINDOWS\tasks\aifegitk.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-02 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-02 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-02 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-02 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"MBMon"=Rundll32 CTMBHA.DLL,MBMon []
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-05-02 184320]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-28 1261336]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-07-22 1181064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2004-12-22 24576]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Documents and Settings\Bryan Schiele\Start Menu\Programs\Startup
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\tahohinu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=323
"NoThumbnailCache"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabledell Network Assistant"
"C:\Documents and Settings\Bryan Schiele\Desktop\utorrent.exe"="C:\Documents and Settings\Bryan Schiele\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enable d:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enab led:winlogon"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2009-11-17 21:31:37 ----D---- C:\rsit
2009-11-17 19:01:20 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-11-17 19:01:19 ----A---- C:\WINDOWS\system32\wups2.dll
2009-11-17 19:01:19 ----A---- C:\WINDOWS\system32\wups.dll
2009-11-17 19:01:17 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-11-17 19:01:14 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-11-17 19:01:12 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-11-17 19:01:11 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-11-17 19:01:08 ----A---- C:\WINDOWS\system32\cdm.dll
2009-11-17 18:10:49 ----A---- C:\Boot.bak
2009-11-17 18:10:39 ----RASHD---- C:\cmdcons
2009-11-17 18:08:40 ----A---- C:\WINDOWS\zip.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\SWSC.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\SWREG.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\sed.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\PEV.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\MBR.exe
2009-11-17 18:08:40 ----A---- C:\WINDOWS\grep.exe
2009-11-17 18:08:18 ----D---- C:\WINDOWS\ERDNT
2009-11-17 18:08:16 ----D---- C:\ComboFix
2009-11-17 18:07:08 ----D---- C:\Qoobox
2009-10-20 00:56:25 ----D---- C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool
2009-10-20 00:55:58 ----D---- C:\Program Files\Reg Tool

======List of files/folders modified in the last 1 months======

2009-11-19 03:02:44 ----D---- C:\WINDOWS\Temp
2009-11-19 03:02:23 ----D---- C:\WINDOWS\Prefetch
2009-11-19 02:45:10 ----SD---- C:\WINDOWS\Tasks
2009-11-19 02:45:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-11-19 02:43:00 ----D---- C:\Program Files\Mozilla Firefox
2009-11-19 02:10:20 ----D---- C:\WINDOWS\Internet Logs
2009-11-19 02:03:08 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-11-18 13:50:56 ----D---- C:\Documents and Settings\Bryan Schiele\Application Data\uTorrent
2009-11-18 10:19:44 ----D---- C:\WINDOWS\system32
2009-11-18 10:19:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-18 10:17:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-18 10:16:56 ----D---- C:\WINDOWS
2009-11-18 10:16:39 ----D---- C:\MDT
2009-11-18 10:15:45 ----D---- C:\WINDOWS\Registration
2009-11-18 06:08:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-18 05:54:33 ----D---- C:\Program Files
2009-11-18 05:54:31 ----D---- C:\WINDOWS\system32\drivers
2009-11-18 01:45:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-17 22:29:54 ----D---- C:\$AVG8.VAULT$
2009-11-17 21:23:41 ----SHD---- C:\WINDOWS\CSC
2009-11-17 21:11:53 ----D---- C:\WINDOWS\system32\dllcache
2009-11-17 21:11:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-17 21:07:56 ----HD---- C:\WINDOWS\inf
2009-11-17 19:01:19 ----D---- C:\WINDOWS\Help
2009-11-17 18:31:59 ----A---- C:\WINDOWS\system.ini
2009-11-17 18:27:01 ----D---- C:\WINDOWS\system32\config
2009-11-17 18:20:30 ----D---- C:\WINDOWS\AppPatch
2009-11-17 18:20:28 ----D---- C:\Program Files\Common Files
2009-11-17 18:10:49 ----RASH---- C:\boot.ini
2009-11-17 17:24:50 ----D---- C:\Program Files\RegistryFix8
2009-11-17 17:21:19 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-16 12:35:52 ----D---- C:\WINDOWS\Minidump
2009-11-10 18:53:55 ----D---- C:\WINDOWS\Debug
2009-11-10 17:35:59 ----D---- C:\Documents and Settings\Bryan Schiele\Application Data\LimeWire
2009-11-10 17:35:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-10 17:35:58 ----D---- C:\Documents and Settings\Bryan Schiele\Application Data\Skype
2009-11-10 17:00:30 ----D---- C:\WINDOWS\Media
2009-11-10 17:00:30 ----D---- C:\WINDOWS\ehome
2009-11-10 17:00:30 ----D---- C:\Program Files\Internet Explorer
2009-11-10 17:00:30 ----D---- C:\i386
2009-11-10 17:00:29 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-10 17:00:28 ----D---- C:\WINDOWS\system32\en-US
2009-11-10 16:53:04 ----SHD---- C:\WINDOWS\Installer
2009-11-10 16:53:04 ----D---- C:\Config.Msi
2009-10-20 00:11:26 ----HDC---- C:\WINDOWS\ie8

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-28 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-28 26824]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-28 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-12-18 12672]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-25 44544]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 CTUSFSYN;Creative SoundFont Synthesizer; C:\WINDOWS\system32\drivers\ctusfsyn.sys [2005-05-25 158464]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2006-01-04 1389056]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S2 aiisgzdjssg;aiisgzdjssg; \??\C:\WINDOWS\system32\drivers\iitrsdllvecq.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2002-09-10 24808]
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-07-18 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
S3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-28 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-28 231704]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2006-12-16 69632]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hnmsvc;Advanced Networking Service; C:\Program Files\Dell Network Assistant\hnm_svc.exe [2007-08-27 111912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-20 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-20 137752]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 182768]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 dlcf_device;dlcf_device; C:\WINDOWS\system32\dlcfcoms.exe -service []
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

[muppy03]

Please give me an update of problems after doing the following.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

• O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe (file missing)
  O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
  

Once selected close all windows except HJT an click on Fix Checked

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.

• Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
• Copy the lines in the codebox below.

Code:

:Files
C:\WINDOWS\tasks\aifegitk.job
C:\WINDOWS\system32\tahohinu.dll
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool
C:\Program Files\Reg Tool
C:\Program Files\Common Files\Symantec Shared

:Commands

[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTM.exe

Please reply with:-

• OTM log
• New HJT log
• Update on how things are running

[bschiele]

OTM Log:

All processes killed
========== FILES ==========
C:\WINDOWS\tasks\aifegitk.job moved successfully.
File/Folder C:\WINDOWS\system32\tahohinu.dll not found.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool\Results folder moved successfully.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool\QuarantineW\2009-10-20 20-16-500 folder moved successfully.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool\QuarantineW\2009-10-20 02-03-550 folder moved successfully.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool\QuarantineW folder moved successfully.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool\PCOBackups folder moved successfully.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool\Logs folder moved successfully.
C:\Documents and Settings\Bryan Schiele\Application Data\Reg Tool folder moved successfully.
C:\Program Files\Reg Tool\PW folder moved successfully.
C:\Program Files\Reg Tool folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp5a81.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp46c2.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp4687.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3f27.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3eb5.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp3c22.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp2fe1.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmp1cff.tmp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\incoming folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080710.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080630.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080411.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080410.009 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080404.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080331.019 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080329.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080324.005 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080321.004 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080320.009 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080306.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080304.016 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080221.002 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080204.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080202.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080130.004 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080127.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080111.020 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080106.004 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071228.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071226.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071225.004 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071211.002 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071130.003 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071115.016 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071028.005 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071027.007 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071024.017 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071020.006 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071016.009 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071003.035 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070928.016 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\VirusDefs folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bryan Schiele
->Temp folder emptied: 4418311 bytes
->Temporary Internet Files folder emptied: 7382550 bytes
->Java cache emptied: 3643231 bytes
->FireFox cache emptied: 102861699 bytes
->Apple Safari cache emptied: 120502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 33819 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 630 bytes

Total Files Cleaned = 113.04 mb


OTM by OldTimer - Version 3.1.2.0 log created on 11192009_034245

Files moved on Reboot...
C:\Documents and Settings\Bryan Schiele\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved successfully.
C:\Documents and Settings\Bryan Schiele\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.
C:\Documents and Settings\Bryan Schiele\Local Settings\Temp\~DFA740.tmp moved successfully.
File C:\WINDOWS\temp\ZLT05ad6.TMP not found!

Registry entries deleted on Reboot...


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:50:08 AM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\BRYANS~1\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=1061216
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11184 bytes


Computer is running much better. Has had to restart automatically a few times after you had me run some scans and it has done so quickly and smoothly without any problems at all. The only thing that I even still notice is that I cannot restore ZoneAlarm from my system tray to check the settings/status of the program. It appears to still be working though, as I occasionally still get messages from ZoneAlarm asking me to accept/reject certain connections, new programs you have me download, etc, so I'm not sure if it's actually a problem or not.

[muppy03]

Quote:

The only thing that I even still notice is that I cannot restore ZoneAlarm from my system tray to check the settings/status of the program.

You might have to uninstall and reinstall the program as it was probably damaged by the malware. Leave if for now until we finish.

Question. AVG was showing as outdated before. Does it update at all? Was it outdated due to the malware and if so can you update it now?

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 17.

• Go to Java Site
• Click to Download Java SE Runtime Environment (JRE) 6 Update 17
• In Platform box choose Windows.
• Check the box to Accept License Agreement and click Continue.
• Click on Windows Offline Installation, click on the link under it which says "jre-6u17-windows-i586.exe" and save the downloaded file to your desktop.
• Go to Start => Control Panel => Add or Remove Programs
• Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
  
  Code:

  J2SE Runtime Environment 5.0 Update 6
  

• Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<

• Read through the requirements and privacy statement and click on Accept button
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
• When the downloads have finished, click on Settings
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan
• Once the scan is complete, it will display the results. Click on View Scan Report
• You will see a list of infected items there. Click on Save Report As...
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
• Please post this log in your next reply

Please reply with:-

• Kaspersky report
• New HJT log
• Answer to question

[bschiele]

I was able to update AVG perfectly, so it is now up-to-date.

Here is the Kaspersky Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, November 19, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, November 19, 2009 20:51:51
Records in database: 3245376
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 81868
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 04:10:43


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Infected: Trojan.HTML.Fraud.b 1

Selected area has been scanned.


And the HJT Log too:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:22 PM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\BRYANS~1\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=1061216
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11573 bytes

[muppy03]

Any other problems?

I would delete this folder as you no longer appear to have or us Trend Micro

C:\Program Files\Trendmicro

Once it is deleted you can then fix this line in HijackThis if still showing.

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (file missing)

Let me know if any other problems, if not we can go on to the final steps.

[bschiele]

No, I don't notice anymore problems. The Trend Micro folder contains HijackThis, should I still delete it?

Also, do I need to do anything to address the threat that Kaspersky Report found?

Other than those two questions, I think we could move on to the final steps!

[muppy03]

Quote:

No, I don't notice anymore problems. The Trend Micro folder contains HijackThis, should I still delete it?

Oops, no that’s ok.

Quote:

Also, do I need to do anything to address the threat that Kaspersky Report found?

What Kaspersky found is in Combofix quarantine. We will remove it our last steps.


So if you are not having any further problems, I would suggest you proceed as follows.

MBAM and ATF are great tools for you to keep and use on a regular basis.

You can delete RSIT from your Desktop and it associated folder C:\RSIT

Remove Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK ( please note the space between Combofix and the /, it is needed.)
• 

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Read some information here how to prevent Malware.


Please reply if you have any problems or questions

Happy Safe Surfing