[jam90]

many thanks, i hav gone on the norton removal site, and gthere is a list of products- i have to select which norton tool i have. As i do not know i have norton installed, which product shall i choose? i am very grateful fpr your cooperation....
JHargreaves

[evilfantasy]

Just use this link and download the universal uninstaller. http://www.majorgeeks.com/downloadge...31482b8e4a8e42

[jam90]

ComboFix 08-12-14.03 - Jay 2008-12-14 21:23:21.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1194 [GMT 0:00]
Running from: c:\users\Jay\shit\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.
2008-12-14 21:14 . 2008-12-14 21:14 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-12-14 21:14 . 2008-12-14 21:14 <DIR> d-------- c:\programdata\NortonInstaller
2008-12-14 19:59 . 2008-12-14 19:59 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\users\Jay\AppData\Roaming\Malwarebytes
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 19:35 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-14 19:35 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-14 18:24 . 2008-12-14 18:24 90,632 --a------ c:\windows\System32\drivers\avgtdix.sys
2008-12-14 18:24 . 2008-12-14 18:24 12,936 --a------ c:\windows\System32\drivers\avgrkx86.sys
2008-12-14 18:24 . 2008-12-14 18:24 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-12-14 18:23 . 2008-12-14 18:27 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-12-14 18:23 . 2008-12-14 18:23 <DIR> d-------- c:\users\All Users\avg8
2008-12-14 18:23 . 2008-12-14 18:23 <DIR> d-------- c:\programdata\avg8
2008-12-14 18:23 . 2008-12-14 18:23 98,440 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-12-14 17:20 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-14 16:43 . 2008-12-14 16:43 <DIR> d--h-c--- c:\users\All Users\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-14 16:43 . 2008-12-14 16:43 <DIR> d--h-c--- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-14 16:26 . 2008-12-14 16:26 <DIR> d-------- c:\users\All Users\Uniblue
2008-12-14 16:26 . 2008-12-14 16:26 <DIR> d-------- c:\programdata\Uniblue
2008-12-14 16:14 . 2008-06-20 01:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2008-12-14 16:14 . 2008-06-20 01:14 622,080 --a------ c:\windows\System32\icardagt.exe
2008-12-14 16:14 . 2008-06-20 01:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-12-14 16:14 . 2008-06-20 01:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2008-12-14 16:14 . 2008-06-20 01:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2008-12-14 16:14 . 2008-06-20 01:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2008-12-14 16:14 . 2008-06-20 01:14 11,264 --a------ c:\windows\System32\icardres.dll
2008-12-14 16:13 . 2008-06-20 01:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2008-12-14 15:56 . 2008-07-27 18:03 282,112 --a------ c:\windows\System32\mscoree.dll
2008-12-14 15:56 . 2008-07-27 18:03 158,720 --a------ c:\windows\System32\mscorier.dll
2008-12-14 15:56 . 2008-07-27 18:03 96,760 --a------ c:\windows\System32\dfshim.dll
2008-12-14 15:56 . 2008-07-27 18:03 83,968 --a------ c:\windows\System32\mscories.dll
2008-12-14 15:56 . 2008-07-27 18:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2008-12-14 15:49 . 2008-12-14 15:49 <DIR> dr-h----- C:\AHCache
2008-12-14 15:30 . 2008-12-14 15:30 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-14 15:30 . 2008-12-14 15:30 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-14 15:27 . 2008-12-14 15:27 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-12-14 15:22 . 2008-12-14 15:22 <DIR> d-------- C:\NVIDIA
2008-12-14 15:13 . 2008-12-14 16:26 <DIR> d-------- c:\users\Jay\AppData\Roaming\Uniblue
2008-12-14 15:13 . 2008-12-14 15:19 <DIR> d-------- c:\users\All Users\DriverScanner
2008-12-14 15:13 . 2008-12-14 15:19 <DIR> d-------- c:\programdata\DriverScanner
2008-12-14 15:13 . 2008-12-14 16:05 <DIR> d-------- c:\program files\Uniblue
2008-12-14 15:12 . 2008-12-14 15:13 <DIR> d--h-c--- c:\users\All Users\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-12-14 15:12 . 2008-12-14 15:13 <DIR> d--h-c--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-12-13 16:43 . 2008-11-01 01:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-13 16:43 . 2008-10-21 05:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-13 16:43 . 2008-11-01 03:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-13 16:42 . 2008-10-29 06:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-13 16:42 . 2008-10-16 02:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-13 16:42 . 2008-10-16 04:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-13 16:41 . 2008-06-23 01:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-13 16:41 . 2008-06-23 01:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-13 16:41 . 2008-06-23 01:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-07 17:32 . 2008-12-07 17:32 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-07 16:32 . 2008-12-07 16:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-12-04 21:51 . 2008-12-04 21:53 <DIR> d-------- c:\users\Jay\AppData\Roaming\Stick Tabs
2008-12-04 21:51 . 2008-12-04 21:56 <DIR> d-------- c:\users\Jay\AppData\Roaming\Stick
2008-12-04 21:51 . 2008-12-04 21:53 <DIR> d-------- c:\program files\Stick
2008-12-03 15:12 . 2008-12-03 15:12 <DIR> dr------- c:\users\any 1\Music
2008-11-28 20:58 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-28 20:57 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 20:57 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 20:57 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 20:54 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-20 14:46 . 1997-06-02 12:32 314,880 --a------ c:\windows\IsUninst.exe
2008-11-19 21:34 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 21:34 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 21:34 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 21:34 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 21:33 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 21:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 21:33 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 21:33 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 21:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 17:28 --------- d-----w c:\program files\Windows Mail
2008-12-14 17:06 --------- d-----w c:\users\Jay\AppData\Roaming\DNA
2008-12-14 17:06 --------- d-----w c:\users\Jay\AppData\Roaming\BitTorrent
2008-12-14 16:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-14 15:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 15:25 --------- d-----w c:\programdata\NVIDIA
2008-12-14 14:25 47,360 ----a-w c:\users\Jay\AppData\Roaming\pcouffin.sys
2008-12-14 14:25 --------- d-----w c:\users\Jay\AppData\Roaming\Vso
2008-12-14 14:24 --------- d-----w c:\programdata\AOL
2008-12-14 14:23 --------- d-----w c:\programdata\Apple Computer
2008-12-14 14:23 --------- d-----w c:\program files\Common Files\Apple
2008-12-14 14:18 --------- d-----w c:\programdata\WildTangent
2008-12-14 14:18 --------- d-----w c:\program files\HP Games
2008-12-14 12:13 27,145 ----a-w c:\users\Jay\AppData\Roaming\nvModes.dat
2008-12-07 17:32 --------- d-----w c:\program files\Java
2008-12-01 22:21 222 ----a-w c:\users\Jay\AppData\Roaming\wklnhst.dat
2008-12-01 10:36 27,335 ----a-w c:\users\any 1\AppData\Roaming\nvModes.dat
2008-11-30 13:36 --------- d-----w c:\programdata\CyberLink
2008-11-09 20:05 --------- d-----w c:\users\any 1\AppData\Roaming\BitTorrent
2008-11-04 23:39 --------- d-----w c:\program files\Ubisoft
2008-11-04 23:10 --------- d-----w c:\users\any 1\AppData\Roaming\WildTangent
2008-11-03 18:05 --------- d-----w c:\users\Jay\AppData\Roaming\Microgaming
2008-11-01 19:31 76 ----a-w c:\users\any 1\AppData\Roaming\wklnhst.dat
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-30 20:24 --------- d-----w c:\program files\Synaptics
2008-10-30 20:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 21:46 --------- d-----w c:\program files\CyberLink
2008-10-27 21:04 --------- d-----w c:\program files\BitTorrent
2008-10-24 15:03 --------- d-----w c:\users\any 1\AppData\Roaming\Template
2008-10-22 20:58 --------- d-----w c:\users\any 1\AppData\Roaming\CyberLink
2008-10-21 16:10 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-20 21:43 --------- d-----w c:\users\any 1\AppData\Roaming\HP
2008-10-20 18:53 --------- d-----w c:\programdata\TVU Networks
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 10:14 174 --sha-w c:\program files\desktop.ini
2008-09-18 09:32 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-18 09:32 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-08-26 22:45 88 --sha-r c:\windows\System32\34A78F3B3E.sys
2008-08-15 13:42 321 --sh--w c:\windows\System32\854792279.sys
2008-08-26 22:58 2,828 --sha-w c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-14_18.01.50.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 15:38:52 121,080 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-14 18:35:29 324,528 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-14 17:30:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-14 19:12:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-14 17:30:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-14 19:12:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-14 17:33:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-14 19:14:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-14 19:14:19 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-14 18:00:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-14 21:27:01 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-14 21:27:01 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-14 17:31:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-14 18:27:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-14 17:31:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-14 18:27:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 17:31:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-14 18:27:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-14 17:57:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-14 21:23:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-14 18:23:52 26,824 ----a-w c:\windows\System32\drivers\avgmfx86.sys
- 2008-12-14 17:37:06 121,746 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-14 20:45:41 121,746 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-14 17:37:06 638,782 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-14 20:45:41 638,782 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-14 17:42:19 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-14 18:35:41 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-14 17:34:32 10,610 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649110343-1135834200-2781460533-1000_UserData.bin
+ 2008-12-14 19:15:03 10,626 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649110343-1135834200-2781460533-1000_UserData.bin
- 2008-12-14 17:34:32 71,038 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-14 19:15:03 71,452 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-14 15:43:07 46,738 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-14 19:14:55 46,738 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-14 17:13:34 218,938 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-14 20:44:35 220,934 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-12-07 156952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1235736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 16:48 99624 c:\program files\Uniblue\RegistryBooster\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-12-07 09:42 156952 c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2008-01-08 09:14 1260296 c:\program files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6638D450-0D95-444B-92B6-0F456F25B802}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{106F96DD-ABAD-46A3-BAC0-563DEFD77B54}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B2CBF05-6CC5-46DB-BBBA-E89912F4C7DE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{445F7752-1B01-47E3-8261-2CBFBFC73D92}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{EE6B0629-EB6B-4B38-9F03-6A3209A648EF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{92AD88DF-1A8A-4435-B048-5E34E8895AA2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{48B8603F-FC6B-4FD9-8275-D71000B30DC7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{941817EF-CC76-44AE-81CE-D35F01FD0DE7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A72B0192-8595-458F-8C43-E017653D72E3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7D2CE881-77B0-43CC-9B7E-DFE43F547E1E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{FF8500A7-AE12-425E-B094-567D4A63E3F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{651600A9-9EFD-421F-A193-06A66C30D8DB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{BAA46616-AC2F-4B02-A9C7-5CAA59E4ABB6}c:\\users\\jay\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\jay\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{C81D275C-DFF3-47AE-9344-A7023FD43DAC}c:\\users\\jay\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\jay\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{234FE5D8-5B12-4FFA-8704-816DBECC36A5}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{3579101A-D77C-4684-8F2D-A4EA890AAE0B}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{A005D23A-BDEE-43C9-90DE-D80AD08CF5EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{70BA561D-25BC-465D-AFB4-0613124D3694}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A00B913-F942-40A2-B998-EB57D94BD648}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1F4A2577-169D-4DFA-BE6B-F917E1986B3C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{E367375D-079D-4A32-8AB2-0D9DA135A83C}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5A5819E3-D353-4935-902B-7AAEEA5405F3}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{2646E247-D460-4A9F-8DB2-8DB0A3096E8C}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{E071CAFF-089B-448F-ADF4-F7E42E715EA1}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{3DE6283F-60AC-44B5-8F5D-EC320F045310}c:\\users\\jay\\program files\\dna\\btdna.exe"= UDP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"UDP Query User{6CA5BB97-63E8-44DE-87FD-6CABF4753685}c:\\users\\jay\\program files\\dna\\btdna.exe"= TCP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"TCP Query User{A9758B65-AA9A-45B5-9B23-25BB9D6A04BF}c:\\users\\jay\\program files\\dna\\btdna.exe"= UDP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"UDP Query User{E1FA5658-FDDD-4382-B85B-2DA409D21D47}c:\\users\\jay\\program files\\dna\\btdna.exe"= TCP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"{4FE00D48-677D-4F12-90F7-7228E8702CF0}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{18A35973-DAB3-4B5F-BA93-F5699FFB39F6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{68FF705E-B49E-4DA1-A777-51071A69C9E6}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{A7046010-7CEF-4DEE-B67B-71C8451B5BB9}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{17FD7592-5566-4EE8-BDD1-8AA09765E7B0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{8DC31F73-D758-497E-AF1E-298DA2CB40D4}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{49DB37DE-9C2E-400E-85A7-8A8DE080D9DB}"= UDP:c:\users\Jay\AppData\Local\Temp\7zS8631.tmp\SymNRT.exe:Norton Removal Tool
"{4C85D8D1-C88F-4804-A279-6F48939E6D43}"= TCP:c:\users\Jay\AppData\Local\Temp\7zS8631.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-14 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-14 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-14 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-12-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
2008-12-14 c:\windows\Tasks\User_Feed_Synchronization-{112BE686-CD61-4434-9F0B-AF4B3B150C6E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:26:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-14 21:38:34
ComboFix-quarantined-files.txt 2008-12-14 21:38:26
ComboFix2.txt 2008-12-14 18:13:18
Pre-Run: 117,686,427,648 bytes free
Post-Run: 117,152,333,824 bytes free
294 --- E O F --- 2008-12-14 17:28:27

[jam90]

ComboFix 08-12-14.03 - Jay 2008-12-14 21:23:21.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1194 [GMT 0:00]
Running from: c:\users\Jay\shit\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.
2008-12-14 21:14 . 2008-12-14 21:14 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-12-14 21:14 . 2008-12-14 21:14 <DIR> d-------- c:\programdata\NortonInstaller
2008-12-14 19:59 . 2008-12-14 19:59 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\users\Jay\AppData\Roaming\Malwarebytes
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-14 19:35 . 2008-12-14 19:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 19:35 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-14 19:35 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-14 18:24 . 2008-12-14 18:24 90,632 --a------ c:\windows\System32\drivers\avgtdix.sys
2008-12-14 18:24 . 2008-12-14 18:24 12,936 --a------ c:\windows\System32\drivers\avgrkx86.sys
2008-12-14 18:24 . 2008-12-14 18:24 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-12-14 18:23 . 2008-12-14 18:27 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-12-14 18:23 . 2008-12-14 18:23 <DIR> d-------- c:\users\All Users\avg8
2008-12-14 18:23 . 2008-12-14 18:23 <DIR> d-------- c:\programdata\avg8
2008-12-14 18:23 . 2008-12-14 18:23 98,440 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-12-14 17:20 . 2008-10-22 01:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-14 16:43 . 2008-12-14 16:43 <DIR> d--h-c--- c:\users\All Users\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-14 16:43 . 2008-12-14 16:43 <DIR> d--h-c--- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-12-14 16:26 . 2008-12-14 16:26 <DIR> d-------- c:\users\All Users\Uniblue
2008-12-14 16:26 . 2008-12-14 16:26 <DIR> d-------- c:\programdata\Uniblue
2008-12-14 16:14 . 2008-06-20 01:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2008-12-14 16:14 . 2008-06-20 01:14 622,080 --a------ c:\windows\System32\icardagt.exe
2008-12-14 16:14 . 2008-06-20 01:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2008-12-14 16:14 . 2008-06-20 01:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2008-12-14 16:14 . 2008-06-20 01:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2008-12-14 16:14 . 2008-06-20 01:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2008-12-14 16:14 . 2008-06-20 01:14 11,264 --a------ c:\windows\System32\icardres.dll
2008-12-14 16:13 . 2008-06-20 01:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2008-12-14 15:56 . 2008-07-27 18:03 282,112 --a------ c:\windows\System32\mscoree.dll
2008-12-14 15:56 . 2008-07-27 18:03 158,720 --a------ c:\windows\System32\mscorier.dll
2008-12-14 15:56 . 2008-07-27 18:03 96,760 --a------ c:\windows\System32\dfshim.dll
2008-12-14 15:56 . 2008-07-27 18:03 83,968 --a------ c:\windows\System32\mscories.dll
2008-12-14 15:56 . 2008-07-27 18:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2008-12-14 15:49 . 2008-12-14 15:49 <DIR> dr-h----- C:\AHCache
2008-12-14 15:30 . 2008-12-14 15:30 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-14 15:30 . 2008-12-14 15:30 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-14 15:27 . 2008-12-14 15:27 <DIR> d-------- c:\program files\NVIDIA Corporation
2008-12-14 15:22 . 2008-12-14 15:22 <DIR> d-------- C:\NVIDIA
2008-12-14 15:13 . 2008-12-14 16:26 <DIR> d-------- c:\users\Jay\AppData\Roaming\Uniblue
2008-12-14 15:13 . 2008-12-14 15:19 <DIR> d-------- c:\users\All Users\DriverScanner
2008-12-14 15:13 . 2008-12-14 15:19 <DIR> d-------- c:\programdata\DriverScanner
2008-12-14 15:13 . 2008-12-14 16:05 <DIR> d-------- c:\program files\Uniblue
2008-12-14 15:12 . 2008-12-14 15:13 <DIR> d--h-c--- c:\users\All Users\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-12-14 15:12 . 2008-12-14 15:13 <DIR> d--h-c--- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-12-13 16:43 . 2008-11-01 01:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-13 16:43 . 2008-10-21 05:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-13 16:43 . 2008-11-01 03:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-13 16:42 . 2008-10-29 06:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-13 16:42 . 2008-10-16 02:23 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-12-13 16:42 . 2008-10-16 04:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-13 16:41 . 2008-06-23 01:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-13 16:41 . 2008-06-23 01:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-13 16:41 . 2008-06-23 01:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-07 17:32 . 2008-12-07 17:32 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-07 16:32 . 2008-12-07 16:32 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-12-04 21:51 . 2008-12-04 21:53 <DIR> d-------- c:\users\Jay\AppData\Roaming\Stick Tabs
2008-12-04 21:51 . 2008-12-04 21:56 <DIR> d-------- c:\users\Jay\AppData\Roaming\Stick
2008-12-04 21:51 . 2008-12-04 21:53 <DIR> d-------- c:\program files\Stick
2008-12-03 15:12 . 2008-12-03 15:12 <DIR> dr------- c:\users\any 1\Music
2008-11-28 20:58 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-28 20:57 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 20:57 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 20:57 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 20:54 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-20 14:46 . 1997-06-02 12:32 314,880 --a------ c:\windows\IsUninst.exe
2008-11-19 21:34 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-19 21:34 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-19 21:34 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-19 21:34 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-19 21:33 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-19 21:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-19 21:33 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-19 21:33 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-19 21:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 17:28 --------- d-----w c:\program files\Windows Mail
2008-12-14 17:06 --------- d-----w c:\users\Jay\AppData\Roaming\DNA
2008-12-14 17:06 --------- d-----w c:\users\Jay\AppData\Roaming\BitTorrent
2008-12-14 16:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-14 15:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 15:25 --------- d-----w c:\programdata\NVIDIA
2008-12-14 14:25 47,360 ----a-w c:\users\Jay\AppData\Roaming\pcouffin.sys
2008-12-14 14:25 --------- d-----w c:\users\Jay\AppData\Roaming\Vso
2008-12-14 14:24 --------- d-----w c:\programdata\AOL
2008-12-14 14:23 --------- d-----w c:\programdata\Apple Computer
2008-12-14 14:23 --------- d-----w c:\program files\Common Files\Apple
2008-12-14 14:18 --------- d-----w c:\programdata\WildTangent
2008-12-14 14:18 --------- d-----w c:\program files\HP Games
2008-12-14 12:13 27,145 ----a-w c:\users\Jay\AppData\Roaming\nvModes.dat
2008-12-07 17:32 --------- d-----w c:\program files\Java
2008-12-01 22:21 222 ----a-w c:\users\Jay\AppData\Roaming\wklnhst.dat
2008-12-01 10:36 27,335 ----a-w c:\users\any 1\AppData\Roaming\nvModes.dat
2008-11-30 13:36 --------- d-----w c:\programdata\CyberLink
2008-11-09 20:05 --------- d-----w c:\users\any 1\AppData\Roaming\BitTorrent
2008-11-04 23:39 --------- d-----w c:\program files\Ubisoft
2008-11-04 23:10 --------- d-----w c:\users\any 1\AppData\Roaming\WildTangent
2008-11-03 18:05 --------- d-----w c:\users\Jay\AppData\Roaming\Microgaming
2008-11-01 19:31 76 ----a-w c:\users\any 1\AppData\Roaming\wklnhst.dat
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-30 20:24 --------- d-----w c:\program files\Synaptics
2008-10-30 20:23 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-28 21:46 --------- d-----w c:\program files\CyberLink
2008-10-27 21:04 --------- d-----w c:\program files\BitTorrent
2008-10-24 15:03 --------- d-----w c:\users\any 1\AppData\Roaming\Template
2008-10-22 20:58 --------- d-----w c:\users\any 1\AppData\Roaming\CyberLink
2008-10-21 16:10 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-20 21:43 --------- d-----w c:\users\any 1\AppData\Roaming\HP
2008-10-20 18:53 --------- d-----w c:\programdata\TVU Networks
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 10:14 174 --sha-w c:\program files\desktop.ini
2008-09-18 09:32 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-18 09:32 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-08-26 22:45 88 --sha-r c:\windows\System32\34A78F3B3E.sys
2008-08-15 13:42 321 --sh--w c:\windows\System32\854792279.sys
2008-08-26 22:58 2,828 --sha-w c:\windows\System32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-12-14_18.01.50.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 15:38:52 121,080 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-12-14 18:35:29 324,528 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-14 17:30:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-14 19:12:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-14 17:30:38 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-14 19:12:26 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-14 17:33:08 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-14 19:14:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-14 19:14:19 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-14 18:00:36 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-14 21:27:01 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-14 21:27:01 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-14 17:31:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-14 18:27:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-14 17:31:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-14 18:27:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-14 17:31:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-14 18:27:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-14 17:57:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-14 21:23:06 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-14 18:23:52 26,824 ----a-w c:\windows\System32\drivers\avgmfx86.sys
- 2008-12-14 17:37:06 121,746 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-14 20:45:41 121,746 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-14 17:37:06 638,782 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-14 20:45:41 638,782 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-14 17:42:19 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-14 18:35:41 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-14 17:34:32 10,610 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649110343-1135834200-2781460533-1000_UserData.bin
+ 2008-12-14 19:15:03 10,626 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649110343-1135834200-2781460533-1000_UserData.bin
- 2008-12-14 17:34:32 71,038 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-14 19:15:03 71,452 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-14 15:43:07 46,738 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-14 19:14:55 46,738 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-12-14 17:13:34 218,938 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-14 20:44:35 220,934 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe" [2007-12-07 156952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1235736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
--a------ 2008-08-26 16:48 99624 c:\program files\Uniblue\RegistryBooster\StartRegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-12-07 09:42 156952 c:\program files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2008-01-08 09:14 1260296 c:\program files\Uniblue\SpyEraser\SpyEraser.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6638D450-0D95-444B-92B6-0F456F25B802}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{106F96DD-ABAD-46A3-BAC0-563DEFD77B54}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1B2CBF05-6CC5-46DB-BBBA-E89912F4C7DE}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{445F7752-1B01-47E3-8261-2CBFBFC73D92}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{EE6B0629-EB6B-4B38-9F03-6A3209A648EF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{92AD88DF-1A8A-4435-B048-5E34E8895AA2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{48B8603F-FC6B-4FD9-8275-D71000B30DC7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{941817EF-CC76-44AE-81CE-D35F01FD0DE7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A72B0192-8595-458F-8C43-E017653D72E3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{7D2CE881-77B0-43CC-9B7E-DFE43F547E1E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{FF8500A7-AE12-425E-B094-567D4A63E3F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{651600A9-9EFD-421F-A193-06A66C30D8DB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{BAA46616-AC2F-4B02-A9C7-5CAA59E4ABB6}c:\\users\\jay\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\jay\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{C81D275C-DFF3-47AE-9344-A7023FD43DAC}c:\\users\\jay\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\jay\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{234FE5D8-5B12-4FFA-8704-816DBECC36A5}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{3579101A-D77C-4684-8F2D-A4EA890AAE0B}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{A005D23A-BDEE-43C9-90DE-D80AD08CF5EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{70BA561D-25BC-465D-AFB4-0613124D3694}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A00B913-F942-40A2-B998-EB57D94BD648}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1F4A2577-169D-4DFA-BE6B-F917E1986B3C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{E367375D-079D-4A32-8AB2-0D9DA135A83C}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{5A5819E3-D353-4935-902B-7AAEEA5405F3}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{2646E247-D460-4A9F-8DB2-8DB0A3096E8C}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{E071CAFF-089B-448F-ADF4-F7E42E715EA1}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{3DE6283F-60AC-44B5-8F5D-EC320F045310}c:\\users\\jay\\program files\\dna\\btdna.exe"= UDP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"UDP Query User{6CA5BB97-63E8-44DE-87FD-6CABF4753685}c:\\users\\jay\\program files\\dna\\btdna.exe"= TCP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"TCP Query User{A9758B65-AA9A-45B5-9B23-25BB9D6A04BF}c:\\users\\jay\\program files\\dna\\btdna.exe"= UDP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"UDP Query User{E1FA5658-FDDD-4382-B85B-2DA409D21D47}c:\\users\\jay\\program files\\dna\\btdna.exe"= TCP:c:\users\jay\program files\dna\btdna.exe:btdna.exe
"{4FE00D48-677D-4F12-90F7-7228E8702CF0}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{18A35973-DAB3-4B5F-BA93-F5699FFB39F6}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{68FF705E-B49E-4DA1-A777-51071A69C9E6}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{A7046010-7CEF-4DEE-B67B-71C8451B5BB9}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{17FD7592-5566-4EE8-BDD1-8AA09765E7B0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{8DC31F73-D758-497E-AF1E-298DA2CB40D4}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{49DB37DE-9C2E-400E-85A7-8A8DE080D9DB}"= UDP:c:\users\Jay\AppData\Local\Temp\7zS8631.tmp\SymNRT.exe:Norton Removal Tool
"{4C85D8D1-C88F-4804-A279-6F48939E6D43}"= TCP:c:\users\Jay\AppData\Local\Temp\7zS8631.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-14 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-14 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-14 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2008-12-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 09:14]
2008-12-14 c:\windows\Tasks\User_Feed_Synchronization-{112BE686-CD61-4434-9F0B-AF4B3B150C6E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 21:26:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\avgrsstx.dll
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-14 21:38:34
ComboFix-quarantined-files.txt 2008-12-14 21:38:26
ComboFix2.txt 2008-12-14 18:13:18
Pre-Run: 117,686,427,648 bytes free
Post-Run: 117,152,333,824 bytes free
294 --- E O F --- 2008-12-14 17:28:27

[jam90]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:38, on 14/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/.../armhelper.ocx
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://platinumplay.microgaming.com...y/FlashAX2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8341 bytes

[evilfantasy]

Looks OK.

How is everything now?

[jam90]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:38, on 14/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\StartSUMP2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/.../armhelper.ocx
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://platinumplay.microgaming.com...y/FlashAX2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8341 bytes

[jam90]

still cannot delete the platte file

[evilfantasy]

Hmm, I thought that MBAM has removed it.

Quote:

C:\Program Files\Platte (Adware.Platte) -> Quarantined and deleted successfully.
C:\Program Files\Platte\Get Films Now.htm (Adware.Platte) -> Quarantined and deleted successfully.
C:\Program Files\Platte\Platte Utility.lnk (Adware.Platte) -> Quarantined and deleted successfully.
C:\Program Files\Platte\platte.psys (Adware.Platte) -> Quarantined and deleted successfully.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
• Please post the contents of both logs in the next reply.

[jam90]

info.txt logfile of random's system information tool 1.04 2008-12-14 22:35:46
======Uninstall list======
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{865DB1C9-D5E4-408B-B37D-9927E605BD2D}
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Uniblue DriverScanner 2009-->"C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Uniblue RegistryBooster 2009-->"C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser-->"C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
======Security center information======
AV: AVG Anti-Virus
AS: AVG Anti-Virus (disabled)
AS: Windows Defender (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\CyberLink\Power2Go
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:
-----------------EOF-----------------