Antivirus exe's "not a valid win32 app"

Dev Shed Forums Sponsor:

Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!

March 21st, 2008, 10:48 AM

Paulkw

Registered User

Join Date: Mar 2008

Posts: 10

Time spent in forums: 2 h 4 m 37 sec
Reputation Power: 0

YET ANOTHER Antivirus exe's "not a valid win32 app"

Well it seems I did the same as few others on here.
Have a PC with XP Home SP2.
Stupidly downloaded a file off a p2p and it shutdown my antivirus tools so now anytime I try to use HiJackThis, AVG, or any other virus or adaware-type program I get the "*.exe is not a valid win32 application".
I tried to reboot in safe mode but it's not even available as an option now.
I reviewed the other posts on here and downloaded the file association fix ran it & then used Deckard's System Scanner.
Here's a copy of the main.txt file.
Thanks for any help.

Deckard's System Scanner v20071014.68
Run by Quo on 2008-03-21 10:59:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; unknown error code 0x0000000F

-- Last 5 Restore Point(s) --
130: 2008-03-21 14:59:42 UTC - RP4584 - Deckard's System Scanner Restore Point
129: 2008-03-21 00:04:27 UTC - RP4583 - Installed Ad-Aware 2007
128: 2008-03-20 22:17:49 UTC - RP4582 - System Checkpoint
127: 2008-03-20 21:32:19 UTC - RP4581 - System Checkpoint
126: 2008-03-20 20:59:03 UTC - RP4580 - System Checkpoint

-- First Restore Point --
1: 2008-03-10 18:01:33 UTC - RP4455 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-21 11:09:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\kmw_show.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Quo\Desktop\dss.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [Echo Digital Audio Console3 auto-start] C:\PROGRA~1\ECHODI~1\Console3\launch.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Echo Digital Audio Console3 auto-start] C:\PROGRA~1\ECHODI~1\Console3\launch.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = C:\Program Files\onOne Software\Mask Pro 4.1\<FILE_REGISTRATION_APP>
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158444100385
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - C:\WINDOWS\system32
O23 - Service: Iomega App Services - Iomega Corporation - C:\Program Files\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 6847 bytes

March 21st, 2008, 10:49 AM

Paulkw

Registered User

Join Date: Mar 2008

Posts: 10

Time spent in forums: 2 h 4 m 37 sec
Reputation Power: 0

Continued...

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft(R) Windows NT(R) Operating System>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R3 echo3g (Echo3G Service) - c:\windows\system32\drivers\echo3g.sys <Not Verified; Echo Digital Audio Corp.; x86 WDM driver for Echo 3G>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 AlphaTrack (AlphaTrack Driver) - c:\windows\system32\drivers\alphatrack.sys (file missing)
S3 AlphaTrackWdmService (AlphaTrack Wdm Audio) - c:\windows\system32\drivers\alphatrackwdm.sys (file missing)
S3 CSQ200 (CSQ driver) - c:\windows\system32\drivers\csq200.sys
S3 CW100 (CW100 Device) - c:\windows\system32\drivers\cw100.sys (file missing)
S3 echogals (Layla20 Service) - c:\windows\system32\drivers\echogals.sys <Not Verified; Echo Digital Audio Corp.; WDM driver for Darla, Gina, Layla, and Darla24>
S3 EVOLUSB (%EVOL_USB.SvcDesc%) - c:\windows\system32\drivers\evolusb.sys (file missing)
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 GT681x (%GrandTechICNameNT%) - c:\windows\system32\drivers\gt681x.sys <Not Verified; ; USB Scanner Driver>
S3 MA_CMIDI (M-Audio USB Driver) - c:\windows\system32\drivers\ma_cmidi.sys (file missing)
S3 usb2vcom (USB to Serial Bridge Controller) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; ; USB to Serial Bridge Controller>
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Iomega Activity Disk2 - ""

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 08:30:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-21 and 2008-03-21 -----------------------------

2008-03-20 22:43:03 0 d-------- C:\Program Files\IObit
2008-03-20 20:15:37 0 d-------- C:\Program Files\CCleaner
2008-03-20 20:05:46 0 d-------- C:\Program Files\Lavasoft
2008-03-20 20:05:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-20 20:03:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 19:24:51 0 d-------- C:\Program Files\Trend Micro
2008-03-20 19:18:39 71684 --a------ C:\WINDOWS\system32\mdelk.exe
2008-03-20 19:15:30 696320 -----n--- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-03-20 19:06:52 0 d-------- C:\Program Files\eMule
2008-03-20 18:29:14 0 d-------- C:\Program Files\Common Files\FontLab
2008-03-20 18:29:11 0 d-------- C:\Program Files\FontLab
2008-03-15 14:46:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-12 21:07:11 0 d-------- C:\Program Files\u-he
2008-03-12 21:07:06 0 d-------- C:\Program Files\Celemony
2008-03-11 18:43:33 0 d-------- C:\Documents and Settings\Quo\Application Data\Mr Retro
2008-03-03 14:54:18 0 d-------- C:\Program Files\iTunes
2008-02-29 16:41:39 0 d-------- C:\Program Files\Antares Audio Technologies
2008-02-29 15:36:57 0 d-------- C:\Program Files\KORG

-- Find3M Report ---------------------------------------------------------------

2008-03-21 10:39:34 0 d-------- C:\Documents and Settings\Quo\Application Data\WTablet
2008-03-20 20:03:29 0 d-------- C:\Program Files\Common Files
2008-03-20 19:29:42 0 d-------- C:\Documents and Settings\Quo\Application Data\uTorrent
2008-03-20 19:11:22 0 d-------- C:\Documents and Settings\Quo\Application Data\AVG7
2008-03-14 23:38:51 0 d-------- C:\Program Files\Java
2008-03-13 18:02:13 0 d-------- C:\Program Files\Steinberg
2008-03-12 21:07:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 14:54:24 0 d-------- C:\Program Files\iPod
2008-03-03 14:52:42 0 d-------- C:\Program Files\QuickTime
2008-03-01 20:51:53 0 d-------- C:\Documents and Settings\Quo\Application Data\dvdcss
2008-02-29 16:40:18 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX>
2008-02-29 16:40:18 69632 --a------ C:\WINDOWS\system32\FxShared.dll
2008-02-22 21:05:20 0 d-------- C:\Program Files\Ableton
2008-02-22 21:01:05 0 d-------- C:\Documents and Settings\Quo\Application Data\Ableton
2008-02-18 21:20:52 0 d-------- C:\Documents and Settings\Quo\Application Data\Adobe
2008-02-02 20:48:39 0 d-------- C:\Program Files\Naevius YouTube Converter
2008-01-23 13:55:33 0 d-------- C:\Documents and Settings\Quo\Application Data\Apple Computer
2008-01-23 00:39:13 0 d-------- C:\Program Files\Canon

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/29/2004 04:50 PM]
"nwiz"="nwiz.exe" [10/29/2004 04:50 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/29/2004 04:50 PM]
"kmw_run.exe"="kmw_run.exe" [01/27/2004 09:39 AM C:\WINDOWS\system32\kmw_run.exe]
"Echo Digital Audio Console3 auto-start"="C:\PROGRA~1\ECHODI~1\Console3\launch.exe" [01/07/2005 01:02 AM]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/21/2008 10:40 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [10/28/2005 04:25 PM]
"Echo Digital Audio Console3 auto-start"="C:\PROGRA~1\ECHODI~1\Console3\launch.exe" [01/07/2005 01:02 AM]

C:\Documents and Settings\Quo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02defe70-b265-11dc-bbd8-000d723d1831}]
AutoRun\command- G:\LaunchU3.exe -a

-- End of Deckard's System Scanner: finished at 2008-03-21 11:16:10 ------------

March 21st, 2008, 10:52 AM

Paulkw

Registered User

Join Date: Mar 2008

Posts: 10

Time spent in forums: 2 h 4 m 37 sec
Reputation Power: 0

extra.txt

The extra.txt file:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 1791.48 MiB / 1437.13 MiB
Pagefile Memory (total/avail): 2794.52 MiB / 2611.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.57 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 33.24 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Fixed (NTFS) - 232.88 GiB total, 107.67 GiB free.
L: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00JHC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE6 - Kingston DataTraveler 2.0 USB Device - 7.45 GiB - 1 partition
\PARTITION0 - Unknown - 7.46 GiB - L:

\\.\PHYSICALDRIVE2 - SMSC 223 U HS-CF USB Device

\\.\PHYSICALDRIVE3 - SMSC 223 U HS-MS USB Device

\\.\PHYSICALDRIVE5 - SMSC 223 U HS-SD/MMC USB Device

\\.\PHYSICALDRIVE4 - SMSC 223 U HS-SM USB Device

\\.\PHYSICALDRIVE1 - WD 2500JB External USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - K:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.
FirewallOverride is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\system32\\wmipevse.exe"="C:\\WINDOWS\\system32\\wmipevse.exe:*

isabled:wmipevse"
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver2.exe"="C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver2.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"="C:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe:*:Enabled:eBay Turbo Lister 2"
"C:\\Documents and Settings\\Quo\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Quo\\Desktop\\utorrent.exe:*

isabled:µTorrent"
"C:\\Program Files\\ABBYY FineReader 4.0 Sprint\\sprint.exe"="C:\\Program Files\\ABBYY FineReader 4.0 Sprint\\sprint.exe:*

isabled:ABBYY FineReader 4.0 Sprint"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*

isabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Quo\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STUDIO1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Quo
LOGONSERVER=\\STUDIO1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Quo\LOCALS~1\Temp
TMP=C:\DOCUME~1\Quo\LOCALS~1\Temp
USERDOMAIN=STUDIO1
USERNAME=Quo
USERPROFILE=C:\Documents and Settings\Quo
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Quo (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini
Ableton Live v7.0.2 --> "C:\Program Files\Ableton\Live 7.0.2\Uninstall\unins000.exe"
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 2.0 --> msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
Alien Skin Exposure 2 --> C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EXPOSU~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\EXPOSU~1\INSTALL.LOG
AnalogX AutoTune --> C:\Program Files\AnalogX\AutoTune\autou.exe
Antares Autotune VST RTAS TDM v5.08 --> "C:\Program Files\Antares Audio Technologies\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Applied Acoustics Lounge Lizard EP VSTi DXi v3.0 --> C:\PROGRA~1\AAS\LOUNGE~1.0\UNWISE.EXE C:\PROGRA~1\AAS\LOUNGE~1.0\INSTALL.LOG
Audio Damage 907A VST v1.0.0.7 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\907UNI~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\907UNI~1\INSTALL.LOG
Audio Damage DeVerb VST v1.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\INSTALL.LOG
Audio Damage DubStation VST v1.0.2.0 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\DUBUNI~1\INSTALL.LOG
Audio.Damage.Ronin.v1.0.VST-DAC --> C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\AUDIOD~1\\INSTALL.LOG
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AVI Movie Player --> C:\Program Files\AVI Movie Player\uninstall.exe
BigSeq VST plug-in --> C:\WINDOWS\BigSeq VST plug-in Uninstaller.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CD-DVD Printer Application --> MsiExec.exe /I{9D94EB3B-6209-4A8D-A723-582CF3DEFCD9}
CutePDF Writer 2.6 --> C:\WINDOWS\System32\uninscpw.exe C:\Program Files\
Data Lifeguard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\STEINBERG\SHARED COMPONENTS\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Echo 3G --> C:\Program Files\Echo Digital Audio\Echo3G\uninst.exe
Echogals Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{49F85617-705D-4764-B11F-97EE3AB20CF0}
Eraser --> "C:\Program Files\Eraser\unins000.exe"
Eye Candy 4000 --> C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\ADOBEP~1\Plug-Ins\EYECAN~1\INSTALL.LOG
FastStone Image Viewer 2.8 --> C:\Program Files\FastStone Image Viewer\uninst.exe
FileZilla (remove only) --> "C:\Program Files\FileZilla\uninstall.exe"
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
FontExpert 2007 --> C:\Program Files\FontExpert\pssetup.exe /u
FontLab Studio 5 --> "C:\Program Files\FontLab\Studio5\Uninstall.exe" "C:\Program Files\FontLab\Studio5\install.log"
GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ --> C:\PROGRA~1\GFORCE~1\MINIMO~1\UNWISE.EXE C:\PROGRA~1\GFORCE~1\MINIMO~1\INSTALL.LOG
HijackThis 1.99.1 --> C:\Documents and Settings\Quo\Desktop\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kensington MouseWorks --> C:\Program Files\Kensington\MouseWorks\KMW_UN.EXE
KORG padKONTROL Editor Librarian --> MsiExec.exe /I{98C93365-3A20-46F6-80B4-AD4835D384C7}
KORG USB-MIDI Driver Tools for Windows XP --> MsiExec.exe /I{F83C4B49-8313-4ADC-9E63-A07151421585}
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
LUXONIX LFX-1310 --> C:\Program Files\LUXONIX\LFX-1310\uninst LFX-1310.exe
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Mask Pro 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DFAC810-6DD8-4E23-96A4-BEB118408203}\setup.exe" -l0x9 -uninst -removeonly
Melodyne 3.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}\setup.exe" -l0x9 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobiMB Mobile Media Browser --> C:\Program Files\MobiMB Mobile Media Browser\_Unins.exe
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPC Editor V3 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\MPC Editor V3\ST6UNST.LOG"
MPC Editor V3 (C:\Program Files\MPC Editor V3\) --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\MPC Editor V3\ST6UNST.000"
Naevius YouTube Converter 1.8 --> "C:\Program Files\Naevius YouTube Converter\unins000.exe"
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
nik Color Efex Pro 2.0 Complete --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\nik Color Efex Pro 2.0 Complete\uninstal.log
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Ohmforce Hematohm PRO VST v1.22 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\HEMATO~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\HEMATO~1\UNINST~1\INSTALL.LOG
Ohmforce Mobilohm PRO VST v1.12 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\MOBILO~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\MOBILO~1\UNINST~1\INSTALL.LOG
Ohmforce Ohmboyz PRO VST v1.42 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\OHMBOY~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\OHMBOY~1\UNINST~1\INSTALL.LOG
Ohmforce Predatohm PRO VST v1.32 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\PREDAT~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\PREDAT~1\UNINST~1\INSTALL.LOG
Ohmforce Quad Frohmage Pro VST v1.10 --> C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\QUADFR~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\OHMFOR~1\QUADFR~1\INSTALL.LOG
Overloud BREVERB VST RTAS v1.1 --> "C:\Program Files\Overloud\Uninstall\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhaseTwo VST plug-in --> C:\WINDOWS\PhaseTwo VST plug-in Uninstaller.exe
PhotoFrame Pro 3.0 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E871B6E5-6B93-4A69-AF76-1F8270AAA2F7}\setup.exe" -l0x9 -uninst -removeonly
PSP VintageWarmer v1.5d --> C:\PROGRA~1\PSPVIN~1\UNWISE.EXE C:\PROGRA~1\PSPVIN~1\INSTALL.LOG
PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ --> C:\PROGRA~1\PSP_AU~1\MASTER~1\UNWISE.EXE C:\PROGRA~1\PSP_AU~1\MASTER~1\INSTALL.LOG
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealPlayer Bandwidth Simulator --> C:\Program Files\Real\BandwidthSim\rnuninst.exe RealNetworks|BandwidthSimulator|6.0
RealProducer Plus 8.5 --> C:\Program Files\Real\RealProducerPlus\rnuninst.exe RealNetworks|RealProducer|8.5
ReCycle 2.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Propellerhead\ReCycle\Uninst.isu"
Reverence VST plug-in --> C:\WINDOWS\Reverence VST plug-in Uninstaller.exe
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
ScanExpress A3 USB v1.4 --> C:\WINDOWS\twain_32\L3U16\UNINST.EXE
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Snd2Wav --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Snd2Wav\ST6UNST.LOG"
Sonalksis Plug-Ins for Windows 2.04 --> "C:\WINDOWS\unins000.exe"
SONAR 6 Producer Edition --> "C:\Program Files\Cakewalk\SONAR 6 Producer Edition\unins000.exe"
Sonic Foundry CD Architect 5.0 --> MsiExec.exe /I{28C80CD6-14DF-42E7-B460-CBF194A6439C}
Sonic Foundry Express FX2 --> C:\audio\SONICF~1\EXPRES~2\UNWISE.EXE C:\audio\SONICF~1\EXPRES~2\INSTALL.LOG
Sony ACID Pro 6.0 --> MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony Media Manager 2.2 --> MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sony Noise Reduction Plug-In 2.0e --> MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0 --> MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
Steinberg Mastering Edition v1.0 --> C:\WINDOWS\UNWISE.EXE C:\audio\STEINB~1\MASTER~1\INSTALL.LOG
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Undelete Plus 2.51 --> "C:\Program Files\FDRLab\Undelete Plus\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Vertus Fluid Mask 3 3.0.2 --> "C:\Program Files\Vertus Fluid Mask 3\Uninstall.exe"
Voxengo Analogflux Suite 1.5.1 --> "C:\Program Files\Steinberg\Vstplugins\Voxengo Analogflux Suite\uninstall.exe"
Wacom Tablet --> C:\Program Files\Tablet\Wacom\Remove.exe /u
Wav2snd --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Wav2snd\ST6UNST.LOG"
Waves Diamond Bundle v5.2 --> C:\PROGRA~1\Waves\DIAMON~1\UNWISE.EXE C:\PROGRA~1\Waves\DIAMON~1\INSTALL.LOG
Waves Guitar Tool Rack 2.0 --> C:\PROGRA~1\Waves\AIRLOG~1\WAVESG~1\UNWISE.EXE C:\PROGRA~1\Waves\AIRLOG~1\WAVESG~1\INSTALL.LOG
Waves L3 LL --> C:\PROGRA~1\Waves\Logs\WAVESL~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESL~1\INSTALL.LOG
Waves L3 Multimaximizer v1.0 --> C:\PROGRA~1\Waves\MULTIM~1\UNWISE.EXE C:\PROGRA~1\Waves\MULTIM~1\INSTALL.LOG
Waves SSL Collection v1.2 --> C:\PROGRA~1\STEINB~1\AIRLOG~1\WAVESS~1.2\UNWISE.EXE C:\PROGRA~1\STEINB~1\AIRLOG~1\WAVESS~1.2\INSTALL.LOG
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Win32 --> MsiExec.exe /I{A47CC380-5C96-4542-98EA-23884ECB42C6}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xenofex 1.0 --> C:\PROGRA~1\PHOTOS~1\Plug-ins\UNWISE.EXE C:\PROGRA~1\PHOTOS~1\Plug-ins\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type4879 / Warning
Event Submitted/Written: 03/21/2008 10:39:32 AM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type4878 / Warning
Event Submitted/Written: 03/21/2008 10:39:32 AM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type4876 / Warning
Event Submitted/Written: 03/20/2008 11:24:32 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type4875 / Warning
Event Submitted/Written: 03/20/2008 11:24:32 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type4872 / Warning
Event Submitted/Written: 03/20/2008 10:33:42 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type92718 / Error
Event Submitted/Written: 03/21/2008 10:40:53 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG E-mail Scanner service failed to start due to the following error:
%%193

Event Record #/Type92715 / Warning
Event Submitted/Written: 03/21/2008 10:39:32 AM
Event ID/Source: 1101 / SNMP
Event Description:
The SNMP Service is ignoring extension agent key SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion because it is missing or misconfigured.

Event Record #/Type92695 / Error
Event Submitted/Written: 03/20/2008 11:25:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG E-mail Scanner service failed to start due to the following error:
%%193

Event Record #/Type92694 / Error
Event Submitted/Written: 03/20/2008 11:25:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! Antivirus service failed to start due to the following error:
%%193

Event Record #/Type92693 / Error
Event Submitted/Written: 03/20/2008 11:25:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The avast! iAVS4 Control Service service failed to start due to the following error:
%%193

-- End of Deckard's System Scanner: finished at 2008-03-21 11:16:10 ------------

March 21st, 2008, 11:23 AM

Porthos

Malware Warrior /AV forum Mod

Join Date: Nov 2006

Location: San Antonio Tx

Posts: 1,033

Time spent in forums: 1 Week 1 Day 17 h 27 m 54 sec
Reputation Power: 363

Quote:

Stupidly downloaded a file off a p2p

Hope you will learn a lesson and stop using P2P.

Now on to repairs........

Make sure any antivirus or protective software is disabled before running combofix.
Here is a tutorial for most programs.
http://www.bleepingcomputer.com/forums/topic114351.html

Then Download ComboFix.exe from HERE to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it). Just save it to your desktop as MyCombo.exe. Then click the MyCombo.exe file to run the repair.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop, however given the infection there ComboFix will likely cause a reboot in order to complete it's repairs.

(ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver)

Post back the C:\ComboFix.txt log

__________________
O'Neill: "So, we basically saved your whole planet, right?"
Chancellor: "Yes."
O'Neill: "Are you, therefore, indebted to us in any modest way?"
Chancellor: "I suppose that is the case."
O'Neill: "So how 'bout the blueprints to build one of those ion cannons?"
Chancellor: "You have been told our policy. That has not changed."

March 21st, 2008, 01:48 PM

Paulkw

Registered User

Join Date: Mar 2008

Posts: 10

Time spent in forums: 2 h 4 m 37 sec
Reputation Power: 0

log.txt

Thanks for the quick replay, here's the log.txt:

ComboFix 08-03-20.5 - Quo 2008-03-21 13:12:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1292 [GMT -4:00]
Running from: C:\Documents and Settings\Quo\Desktop\MyComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Quo\Application Data\macromedia\Flash Player\#SharedObjects\WBS5DNM6\broadcaster.com
C:\Documents and Settings\Quo\Application Data\macromedia\Flash Player\#SharedObjects\WBS5DNM6\broadcaster.com\played_list.sol
C:\Documents and Settings\Quo\Application Data\macromedia\Flash Player\#SharedObjects\WBS5DNM6\broadcaster.com\video_queue.sol
C:\Documents and Settings\Quo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#broadcaster.com
C:\Documents and Settings\Quo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#broadcaster.com\settings.sol
C:\WINDOWS\install.exe
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\100734.exe
C:\WINDOWS\system32\drivers\down\102086.exe
C:\WINDOWS\system32\drivers\down\103378.exe
C:\WINDOWS\system32\drivers\down\104069.exe
C:\WINDOWS\system32\drivers\down\105251.exe
C:\WINDOWS\system32\drivers\down\111660.exe
C:\WINDOWS\system32\drivers\down\113272.exe
C:\WINDOWS\system32\drivers\down\113793.exe
C:\WINDOWS\system32\drivers\down\115666.exe
C:\WINDOWS\system32\drivers\down\115766.exe
C:\WINDOWS\system32\drivers\down\115776.exe
C:\WINDOWS\system32\drivers\down\117919.exe
C:\WINDOWS\system32\drivers\down\119101.exe
C:\WINDOWS\system32\drivers\down\120012.exe
C:\WINDOWS\system32\drivers\down\120563.exe
C:\WINDOWS\system32\drivers\down\121264.exe
C:\WINDOWS\system32\drivers\down\121424.exe
C:\WINDOWS\system32\drivers\down\122606.exe
C:\WINDOWS\system32\drivers\down\123157.exe
C:\WINDOWS\system32\drivers\down\124839.exe
C:\WINDOWS\system32\drivers\down\126001.exe
C:\WINDOWS\system32\drivers\down\126441.exe
C:\WINDOWS\system32\drivers\down\127232.exe
C:\WINDOWS\system32\drivers\down\129005.exe
C:\WINDOWS\system32\drivers\down\129796.exe
C:\WINDOWS\system32\drivers\down\132400.exe
C:\WINDOWS\system32\drivers\down\132690.exe
C:\WINDOWS\system32\drivers\down\133321.exe
C:\WINDOWS\system32\drivers\down\134293.exe
C:\WINDOWS\system32\drivers\down\134853.exe
C:\WINDOWS\system32\drivers\down\139811.exe
C:\WINDOWS\system32\drivers\down\141203.exe
C:\WINDOWS\system32\drivers\down\143085.exe
C:\WINDOWS\system32\drivers\down\144517.exe
C:\WINDOWS\system32\drivers\down\145429.exe
C:\WINDOWS\system32\drivers\down\146961.exe
C:\WINDOWS\system32\drivers\down\147101.exe
C:\WINDOWS\system32\drivers\down\147742.exe
C:\WINDOWS\system32\drivers\down\149004.exe
C:\WINDOWS\system32\drivers\down\149294.exe
C:\WINDOWS\system32\drivers\down\150346.exe
C:\WINDOWS\system32\drivers\down\150416.exe
C:\WINDOWS\system32\drivers\down\151497.exe
C:\WINDOWS\system32\drivers\down\153931.exe
C:\WINDOWS\system32\drivers\down\154061.exe
C:\WINDOWS\system32\drivers\down\154672.exe
C:\WINDOWS\system32\drivers\down\154872.exe
C:\WINDOWS\system32\drivers\down\158547.exe
C:\WINDOWS\system32\drivers\down\159198.exe
C:\WINDOWS\system32\drivers\down\159459.exe
C:\WINDOWS\system32\drivers\down\160080.exe
C:\WINDOWS\system32\drivers\down\162383.exe
C:\WINDOWS\system32\drivers\down\165558.exe
C:\WINDOWS\system32\drivers\down\166108.exe
C:\WINDOWS\system32\drivers\down\166609.exe
C:\WINDOWS\system32\drivers\down\167761.exe
C:\WINDOWS\system32\drivers\down\169153.exe
C:\WINDOWS\system32\drivers\down\169934.exe
C:\WINDOWS\system32\drivers\down\172277.exe
C:\WINDOWS\system32\drivers\down\173128.exe
C:\WINDOWS\system32\drivers\down\173479.exe
C:\WINDOWS\system32\drivers\down\174400.exe
C:\WINDOWS\system32\drivers\down\180118.exe
C:\WINDOWS\system32\drivers\down\180890.exe
C:\WINDOWS\system32\drivers\down\181380.exe
C:\WINDOWS\system32\drivers\down\182993.exe
C:\WINDOWS\system32\drivers\down\185967.exe
C:\WINDOWS\system32\drivers\down\187810.exe
C:\WINDOWS\system32\drivers\down\188090.exe
C:\WINDOWS\system32\drivers\down\189562.exe
C:\WINDOWS\system32\drivers\down\190483.exe
C:\WINDOWS\system32\drivers\down\193207.exe
C:\WINDOWS\system32\drivers\down\193548.exe
C:\WINDOWS\system32\drivers\down\193928.exe
C:\WINDOWS\system32\drivers\down\194629.exe
C:\WINDOWS\system32\drivers\down\195360.exe
C:\WINDOWS\system32\drivers\down\196712.exe
C:\WINDOWS\system32\drivers\down\198034.exe
C:\WINDOWS\system32\drivers\down\198675.exe
C:\WINDOWS\system32\drivers\down\198725.exe
C:\WINDOWS\system32\drivers\down\199266.exe
C:\WINDOWS\system32\drivers\down\207949.exe
C:\WINDOWS\system32\drivers\down\210362.exe
C:\WINDOWS\system32\drivers\down\211444.exe
C:\WINDOWS\system32\drivers\down\217462.exe
C:\WINDOWS\system32\drivers\down\220477.exe
C:\WINDOWS\system32\drivers\down\221057.exe
C:\WINDOWS\system32\drivers\down\225754.exe
C:\WINDOWS\system32\drivers\down\228108.exe
C:\WINDOWS\system32\drivers\down\229459.exe
C:\WINDOWS\system32\drivers\down\232033.exe
C:\WINDOWS\system32\drivers\down\233015.exe
C:\WINDOWS\system32\drivers\down\233535.exe
C:\WINDOWS\system32\drivers\down\233966.exe
C:\WINDOWS\system32\drivers\down\236389.exe
C:\WINDOWS\system32\drivers\down\237541.exe
C:\WINDOWS\system32\drivers\down\237641.exe
C:\WINDOWS\system32\drivers\down\238162.exe
C:\WINDOWS\system32\drivers\down\241617.exe
C:\WINDOWS\system32\drivers\down\243059.exe
C:\WINDOWS\system32\drivers\down\243410.exe
C:\WINDOWS\system32\drivers\down\245132.exe
C:\WINDOWS\system32\drivers\down\248467.exe
C:\WINDOWS\system32\drivers\down\251721.exe
C:\WINDOWS\system32\drivers\down\252352.exe
C:\WINDOWS\system32\drivers\down\255206.exe
C:\WINDOWS\system32\drivers\down\256238.exe
C:\WINDOWS\system32\drivers\down\256759.exe
C:\WINDOWS\system32\drivers\down\261826.exe
C:\WINDOWS\system32\drivers\down\264640.exe
C:\WINDOWS\system32\drivers\down\280393.exe
C:\WINDOWS\system32\drivers\down\283337.exe
C:\WINDOWS\system32\drivers\down\297057.exe
C:\WINDOWS\system32\drivers\down\297928.exe
C:\WINDOWS\system32\drivers\down\314301.exe
C:\WINDOWS\system32\drivers\down\316785.exe
C:\WINDOWS\system32\drivers\down\330715.exe
C:\WINDOWS\system32\drivers\down\450136441.exe
C:\WINDOWS\system32\drivers\down\450140387.exe
C:\WINDOWS\system32\drivers\down\450143812.exe
C:\WINDOWS\system32\drivers\down\450146045.exe
C:\WINDOWS\system32\drivers\down\60096.exe
C:\WINDOWS\system32\drivers\down\61007.exe
C:\WINDOWS\system32\drivers\down\61718.exe
C:\WINDOWS\system32\drivers\down\62359.exe
C:\WINDOWS\system32\drivers\down\66776.exe
C:\WINDOWS\system32\drivers\down\68037.exe
C:\WINDOWS\system32\drivers\down\69790.exe
C:\WINDOWS\system32\drivers\down\69920.exe
C:\WINDOWS\system32\drivers\down\70351.exe
C:\WINDOWS\system32\drivers\down\71182.exe
C:\WINDOWS\system32\drivers\down\71192.exe
C:\WINDOWS\system32\drivers\down\71352.exe
C:\WINDOWS\system32\drivers\down\71923.exe
C:\WINDOWS\system32\drivers\down\73365.exe
C:\WINDOWS\system32\drivers\down\74396.exe
C:\WINDOWS\system32\drivers\down\75097.exe
C:\WINDOWS\system32\drivers\down\76279.exe
C:\WINDOWS\system32\drivers\down\77000.exe
C:\WINDOWS\system32\drivers\down\77511.exe
C:\WINDOWS\system32\drivers\down\77561.exe
C:\WINDOWS\system32\drivers\down\77801.exe
C:\WINDOWS\system32\drivers\down\78082.exe
C:\WINDOWS\system32\drivers\down\78572.exe
C:\WINDOWS\system32\drivers\down\78993.exe
C:\WINDOWS\system32\drivers\down\79684.exe
C:\WINDOWS\system32\drivers\down\79985.exe
C:\WINDOWS\system32\drivers\down\80595.exe
C:\WINDOWS\system32\drivers\down\81767.exe
C:\WINDOWS\system32\drivers\down\81957.exe
C:\WINDOWS\system32\drivers\down\83349.exe
C:\WINDOWS\system32\drivers\down\83379.exe
C:\WINDOWS\system32\drivers\down\84050.exe
C:\WINDOWS\system32\drivers\down\84341.exe
C:\WINDOWS\system32\drivers\down\84691.exe
C:\WINDOWS\system32\drivers\down\86203.exe
C:\WINDOWS\system32\drivers\down\87005.exe
C:\WINDOWS\system32\drivers\down\87215.exe
C:\WINDOWS\system32\drivers\down\88627.exe
C:\WINDOWS\system32\drivers\down\89198.exe
C:\WINDOWS\system32\drivers\down\89719.exe
C:\WINDOWS\system32\drivers\down\94565.exe
C:\WINDOWS\system32\drivers\down\95717.exe
C:\WINDOWS\system32\drivers\down\98531.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.

2008-03-21 14:27 . 2008-03-21 14:27 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-03-21 12:12 . 2008-03-21 12:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-21 12:12 . 2008-03-21 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 10:59 . 2008-03-21 10:59 <DIR> d-------- C:\Deckard
2008-03-20 22:58 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-20 22:58 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-20 22:58 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-20 22:58 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-20 22:58 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-20 22:58 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-20 22:58 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-20 22:58 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-20 22:43 . 2008-03-20 22:43 <DIR> d-------- C:\Program Files\IObit
2008-03-20 20:15 . 2008-03-20 20:15 <DIR> d-------- C:\Program Files\CCleaner
2008-03-20 20:05 . 2008-03-20 20:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-20 20:05 . 2008-03-20 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-20 20:03 . 2008-03-20 20:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 19:24 . 2008-03-20 19:24 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 19:06 . 2008-03-20 21:17 <DIR> d-------- C:\Program Files\eMule
2008-03-20 18:29 . 2008-03-20 18:29 <DIR> d-------- C:\Program Files\FontLab
2008-03-20 18:29 . 2008-03-20 18:29 <DIR> d-------- C:\Program Files\Common Files\FontLab
2008-03-15 18:53 . 2008-03-15 18:53 334 --a------ C:\index.html
2008-03-15 14:46 . 2008-03-15 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-12 21:07 . 2008-03-12 21:08 <DIR> d-------- C:\Program Files\u-he
2008-03-12 21:07 . 2008-03-12 21:07 <DIR> d-------- C:\Program Files\Celemony
2008-03-11 18:43 . 2008-03-11 18:43 <DIR> d-------- C:\Documents and Settings\Quo\Application Data\Mr Retro
2008-03-03 14:54 . 2008-03-03 14:54 <DIR> d-------- C:\Program Files\iTunes
2008-02-29 16:41 . 2008-02-29 16:41 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2008-02-29 15:36 . 2008-02-29 15:37 <DIR> d-------- C:\Program Files\KORG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 18:27 7,304 ----a-w C:\WINDOWS\TMP0001.TMP
2008-03-21 18:27 --------- d-----w C:\Documents and Settings\Quo\Application Data\WTablet
2008-03-21 03:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-03-20 23:29 --------- d-----w C:\Documents and Settings\Quo\Application Data\uTorrent
2008-03-20 23:11 --------- d-----w C:\Documents and Settings\Quo\Application Data\AVG7
2008-03-20 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-03-15 03:38 --------- d-----w C:\Program Files\Java
2008-03-13 22:02 --------- d-----w C:\Program Files\Steinberg
2008-03-13 03:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-13 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 18:54 --------- d-----w C:\Program Files\iPod
2008-03-03 18:52 --------- d-----w C:\Program Files\QuickTime
2008-03-02 00:51 --------- d-----w C:\Documents and Settings\Quo\Application Data\dvdcss
2008-02-23 01:05 --------- d-----w C:\Program Files\Ableton
2008-02-23 01:01 --------- d-----w C:\Documents and Settings\Quo\Application Data\Ableton
2008-02-03 00:48 --------- d-----w C:\Program Files\Naevius YouTube Converter
2008-01-23 17:55 --------- d-----w C:\Documents and Settings\Quo\Application Data\Apple Computer
2008-01-23 04:39 --------- d-----w C:\Program Files\Canon
2006-05-11 02:57 128 -csha-r C:\WINDOWS\Regbak.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"Echo Digital Audio Console3 auto-start"="C:\PROGRA~1\ECHODI~1\Console3\launch.exe" [2005-01-07 01:02 696320]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-03-21 12:12 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 16:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 16:50 86016]
"kmw_run.exe"="kmw_run.exe" [2004-01-27 09:39 106496 C:\WINDOWS\system32\kmw_run.exe]
"Echo Digital Audio Console3 auto-start"="C:\PROGRA~1\ECHODI~1\Console3\launch.exe" [2005-01-07 01:02 696320]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-21 13:36 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-21 12:01 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\WINDOWS\\system32\\wmipevse.exe"=
"C:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver2.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\eBay\\Turbo Lister2\\Tl.exe"=
"C:\\Program Files\\ABBYY FineReader 4.0 Sprint\\sprint.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*

isabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouter