Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Extremely High Cpu Usage Problem.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Urik

Urik

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 17 June 2008 - 02:47 PM

Hello. I lurked around here when I had a Bagle infection and the responses for other people over here really helped me. So now I have another problem and couldn't fix it alone.
This is my problem. The "System" process is eating most of my CPU. However, it constantly switches towards other processes. Sometimes it switches for some moments to the Firefox process, sometimes to Winamp, sometimes to my firewall...
The CPU usage is most of the time at 80% - 100%
I had tried to close processes, disable different programs in the startup, but the problem continues, so I have to think that it's a malware or some rootkit. My antivirus and antispyware (spybot) don't detect it.
My PC specs are:
1.5 Gb of DDR Ram.
Prescot P4 3.0 Ghz.
Asus motherboard.

I'm using Windows XP Pro (32 bits edition), Comodo firewall, and NOD32.
Here's my "DSS" log:
MainL

Deckard's System Scanner v20071014.68
Run by Uri on 2008-06-17 16:58:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
24: 2008-06-17 19:12:22 UTC - RP25 - Deckard's System Scanner Restore Point
23: 2008-06-16 22:47:06 UTC - RP24 - RegRun Virus Scan
22: 2008-06-15 05:55:34 UTC - RP23 - RegRun Virus Scan
21: 2008-06-15 05:42:08 UTC - RP22 - RegRun Virus Scan
20: 2008-06-14 23:28:27 UTC - RP21 - System Checkpoint


-- First Restore Point --
1: 2008-05-28 17:08:22 UTC - RP2 - ComboFix created restore point


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.96 GiB (less than 15%) free.


-- HijackThis (run as Uri.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:08 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\GreedyTorrent\GTor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Uri\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Uri.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.down.co.il/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.58.205.61:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {c821809c-6867-49d7-9ae3-cb6c84506c6c} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Aplicaci?n auxiliar de inicio de sesi?n - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: opnglfs.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito m?vil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.il/Cabs/launcher39.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://ic1.deviantart.com/fs6/f/2005/070/6...superfollow.swf

--
End of file - 14120 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080616-200717-760 O4 - Global Startup: abode
backup-20080616-200717-843 O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
backup-20080616-200719-896 O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FSLX - c:\windows\system32\drivers\fslx.sys <Not Verified; Altiris, Inc.; >
R1 nltdi - c:\windows\system32\drivers\nltdi.sys <Not Verified; Locktime Software; NetLimiter 2>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys

S0 Partizan - c:\windows\system32\drivers\partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
S2 gafwload (GlobeSpan USB ADSL Loader) - c:\windows\system32\drivers\gafwload.sys <Not Verified; GlobeSpan Inc.; GlobeSpan USB ADSL Firmware Loader>
S3 cheetah1 - c:\erik\cheetahengine\cheetah.sys (file missing)
S3 DBKDRVR54 - c:\program files\cheat engine\dbk32.sys
S3 DISK_DRIVE32 - c:\documents and settings\uri\desktop\erik\hacks\hack.exe\disk_1024.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 npkcusb - d:\program files\nexon\maplestory\npkcusb.sys (file missing)
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)
S3 wanusb (GlobeSpan USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobeSpan Inc.; GlobeSpan WAN ADSL USB Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
R2 mi-raysat_3dsmax8 (RaySat_3dsmax8 Server) - "d:\program files\autodesk\3dsmax8\mentalray\satellite\raysat_3dsmax8server.exe"
R2 nlsvc (NetLimiter) - "c:\program files\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 Cepstral License Server - "c:\program files\cepstral\bin\cepstrallicsrv.exe" <Not Verified; Cepstral, LLC; Cepstral, LLC CepstralLicSrv>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {00000000-0000-0000-0000-000000000000}
Description: RAID Controller
Device ID: PCI\VEN_1039&DEV_0180&SUBSYS_810E1043&REV_01\3&267A616A&0&28
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1039&DEV_0180&SUBSYS_810E1043&REV_01\3&267A616A&0&28
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-15 02:29:48 8944 --a------ C:\WINDOWS\system32\drivers\UnHackMeDrv.sys <Not Verified; Greatis Software, LLC.; UnHackme>
2008-06-15 01:39:26 0 d-------- C:\Program Files\Registry Clean Expert
2008-06-12 15:08:41 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-10 20:15:00 0 d-------- C:\Documents and Settings\Uri\Application Data\Comodo
2008-06-10 20:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-06-10 20:14:07 0 d-------- C:\Program Files\COMODO
2008-06-07 13:53:40 0 d-------- C:\The Beatles - Love 2006
2008-06-03 16:34:30 0 d-------- C:\Program Files\PeerGuardian2
2008-06-01 16:08:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-06-01 16:05:44 0 d-------- C:\Program Files\Last.fm
2008-06-01 14:27:26 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-01 14:27:25 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-01 14:27:11 0 d-------- C:\Program Files\Cheat Engine
2008-05-31 13:41:02 0 d-------- C:\drawball tools
2008-05-28 18:17:27 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-05-28 15:20:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 13:46:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-28 13:46:03 68096 --a------ C:\WINDOWS\zip.exe
2008-05-28 13:46:03 80412 --a------ C:\WINDOWS\grep.exe
2008-05-28 13:46:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-28 13:46:02 98816 --a------ C:\WINDOWS\sed.exe
2008-05-28 13:46:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-28 13:46:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-28 13:46:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-28 13:30:54 0 d-------- C:\Program Files\Panda Security
2008-05-27 19:12:25 30946 --a------ C:\WINDOWS\system32\drivers\Partizan.sys <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-27 19:12:21 25088 --a------ C:\WINDOWS\system32\Partizan.exe <Not Verified; Greatis Software; RegRun Security Suite, UnHackMe>
2008-05-27 19:09:34 91 --a------ C:\reanimator.bat
2008-05-27 19:08:59 6457856 --a------ C:\reanimator.exe <Not Verified; Greatis Software; RegRun Security Suite>
2008-05-26 15:21:38 0 d-------- C:\New Folder (2)
2008-05-26 14:53:58 0 d-------- C:\Program Files\Trend Micro
2008-05-26 14:47:45 0 d-------- C:\WINDOWS\BDOSCAN8
2008-05-26 01:08:25 0 d-------- C:\Documents and Settings\Uri\Application Data\ACAMPREF
2008-05-26 01:05:56 0 d-------- C:\Program Files\PDFtoMusic Pro
2008-05-24 12:27:00 0 d-a------ C:\dimp-v1.1beta
2008-05-17 20:02:10 0 d-------- C:\Queen - A Night at the Opera


-- Find3M Report ---------------------------------------------------------------

2008-06-17 16:54:58 0 d-------- C:\Documents and Settings\Uri\Application Data\Skype
2008-06-17 15:45:21 0 d-------- C:\Documents and Settings\Uri\Application Data\Mozilla
2008-06-17 07:45:22 0 d-------- C:\Program Files\eMule_he
2008-06-17 07:31:04 0 d-------- C:\Documents and Settings\Uri\Application Data\uTorrent
2008-06-16 10:09:33 0 d-------- C:\Program Files\NINJAM
2008-06-15 12:29:18 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-06-13 16:43:21 0 d-------- C:\Program Files\REAPER
2008-06-11 23:50:43 0 d-------- C:\Program Files\eMule
2008-06-11 14:47:02 0 d-------- C:\Documents and Settings\Uri\Application Data\Babylon
2008-06-11 03:21:08 0 d-------- C:\Program Files\Steam
2008-06-10 23:11:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-10 22:16:28 0 d-------- C:\Program Files\Easy WebTV & Radio
2008-06-10 21:45:11 0 d-------- C:\Program Files\VstPlugins
2008-05-16 07:21:39 0 d-------- C:\Program Files\RescueTime
2008-05-15 23:01:16 0 d-------- C:\Program Files\Privoxy
2008-05-15 22:58:54 0 d-------- C:\Documents and Settings\Uri\Application Data\Line 6
2008-05-15 22:49:35 0 d-------- C:\Program Files\Vidalia
2008-05-15 22:49:15 0 d-------- C:\Program Files\Tremulous
2008-05-15 22:47:42 0 d-------- C:\Program Files\Paltalk Messenger
2008-05-15 22:43:16 0 d-------- C:\Program Files\Jesusonic
2008-05-15 22:18:13 0 d-------- C:\Program Files\lomda
2008-05-14 15:47:36 16 --a------ C:\WINDOWS\msocreg32.dat
2008-05-11 14:34:18 0 d-------- C:\Documents and Settings\Uri\Application Data\Adobe
2008-05-10 22:25:36 0 d-------- C:\Program Files\The GodFather
2008-05-05 00:20:12 0 d-------- C:\Documents and Settings\Uri\Application Data\Hamachi
2008-05-02 14:06:35 0 d-------- C:\Program Files\ASIO4ALL v2
2008-04-29 01:24:12 0 d-------- C:\Program Files\FlashGet
2008-04-27 16:36:41 0 d-------- C:\Documents and Settings\Uri\Application Data\LimeWire
2008-04-22 23:33:43 0 d-------- C:\Program Files\Hamachi
2008-04-22 22:18:08 23312 --a------ C:\WINDOWS\War3Unin.dat
2008-04-21 07:17:20 0 d-------- C:\Documents and Settings\Uri\Application Data\Vidalia
2008-04-20 14:16:06 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-20 14:16:05 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-19 02:12:13 0 d-------- C:\Program Files\SababaDC
2008-04-19 02:12:03 0 d-------- C:\Program Files\skitu-en
2008-04-19 02:11:37 0 d-------- C:\Program Files\skipu
2008-03-31 18:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 18:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 18:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 18:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 18:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-27 23:18:21 34308 --a------ C:\BASSMOD.DLL
2008-03-21 17:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 17:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 17:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 17:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-17 11:54:08 530 --a------ C:\WINDOWS\eReg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [06/17/2007 04:42 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 11:57 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 11:40 AM]
"BluetoothAuthenticationAgent"="rundll32.exe" [08/03/2004 10:07 PM C:\WINDOWS\system32\rundll32.exe]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [09/20/2006 04:54 PM]
"GSICONEXE"="GSICON.EXE" [01/31/2002 01:44 PM C:\WINDOWS\system32\gsicon.exe]
"NvCplDaemon"="RUNDLL32.exe" [08/03/2004 10:07 PM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [10/22/2006 07:22 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [08/03/2004 10:07 PM C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 07:47 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [04/25/2007 12:44 PM]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [08/19/2003 12:18 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/28/2008 06:17 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/10/2008 08:13 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:07 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [04/30/2006 03:48 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [05/15/2006 10:40 AM]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [09/08/2006 09:53 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/15/2005 03:27 PM]
"GreedyTorrent"="C:\Program Files\GreedyTorrent\GTor.exe" [03/08/2007 11:09 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 07:55 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 01:24 PM]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [09/07/2007 01:24 AM]
"UnHackMe Monitor"="C:\Program Files\UnHackMe\hackmon.exe" [09/17/2007 03:37 PM]

C:\Documents and Settings\Uri\Start Menu\Programs\Startup\
RescueTime.lnk - C:\Program Files\RescueTime\RescueTime.exe [3/19/2008 2:46:10 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [8/28/2006 7:50:47 AM]
opnglfs.exe [6/24/2006 8:36:14 PM]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [6/20/2006 3:10:00 AM]
Watch.lnk - C:\WINDOWS\twain_32\S6U12BX\WATCH.exe [1/23/2008 5:48:19 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^opnglfs.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\opnglfs.exe
backup=C:\WINDOWS\pss\opnglfs.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^palstart.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\palstart.exe
backup=C:\WINDOWS\pss\palstart.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uri^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Uri\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uri^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Uri\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
"dslagent.exe" USB

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files\DU Meter\DUMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
\AtomicAlarmClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_3DWonder]
\_3DWonder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Erik#Oblivion (F)]
AutoRun\command- P:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##marioh#F]
AutoRun\command- Y:\autorun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-17 17:16:58 ------------


Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1535.23 MiB / 922.6 MiB
Pagefile Memory (total/avail): 2155.97 MiB / 1678.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 0.96 GiB free.
D: is Fixed (NTFS) - 37.62 GiB total, 4.62 GiB free.
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is Fixed (NTFS) - 149.04 GiB total, 82.59 GiB free.
J: is CDROM (CDFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.62 GiB - D:

\\.\PHYSICALDRIVE1 - TOSHIBA MK1637GSX USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 149.04 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Emule\\emule.exe"="C:\\Program Files\\Emule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Hebrew Kazaa Lite\\clean.kmd"="C:\\Program Files\\Hebrew Kazaa Lite\\clean.kmd:*:Enabled:clean"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\RA2RA2_yuris_revenge\\Red_Alert_2+Red_Alert_2_yuri's_revenge\\gamemd.exe"="C:\\RA2RA2_yuris_revenge\\Red_Alert_2+Red_Alert_2_yuri's_revenge\\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"
"C:\\Program Files\\BPFTP Server\\bpftpserver.exe"="C:\\Program Files\\BPFTP Server\\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"C:\\mIRC\\mirc.exe"="C:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"D:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe"="D:\\Program Files\\Rockstar Games\\GTA2\\gta2.exe:*:Enabled:GTA2 main executable"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Soldat\\Soldat.exe"="C:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"D:\\Program Files\\C4D Studio Bundle v9.012\\C4D Client.exe"="D:\\Program Files\\C4D Studio Bundle v9.012\\C4D Client.exe:*:Enabled:CINEMA 4D ®"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\WWW File Share Pro\\WWWFileSharePro.exe"="C:\\Program Files\\WWW File Share Pro\\WWWFileSharePro.exe:*:Enabled:WWWFileSharePro"
"C:\\Program Files\\AirHockey 3D\\hockey.exe"="C:\\Program Files\\AirHockey 3D\\hockey.exe:*:Enabled:hockey"
"D:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"="D:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 8"
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe"="C:\\Program Files\\RhinoSoft.com\\Serv-U\\ServUDaemon.exe:*:Enabled:Serv-U FTP Server"
"C:\\ratiofake\\ratiomaker_0[1].5.1.115.exe"="C:\\ratiofake\\ratiomaker_0[1].5.1.115.exe:*:Enabled:RatioMaker 0.5"
"C:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"="C:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp:*:Enabled:kazaalite"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\zsnes\\zsnesw.exe"="C:\\zsnes\\zsnesw.exe:*:Enabled:zsnesw"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Ninjam\\ninjamserver.exe"="C:\\Ninjam\\ninjamserver.exe:*:Enabled:ninjamserver"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Emule RA\\emule RA.exe"="C:\\Program Files\\Emule RA\\emule RA.exe:*:Enabled:eMule"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\ooVoo\\ooVoo.exe"="C:\\Program Files\\ooVoo\\ooVoo.exe:*:Enabled:ooVoo"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\Steam\\steamapps\\uriberman\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\uriberman\\garrysmod\\hl2.exe:*:Enabled:hl2"
"D:\\Program Files\\Armada Online Alpha\\ArmadaAlpha\\ArmadaOnline.exe"="D:\\Program Files\\Armada Online Alpha\\ArmadaAlpha\\ArmadaOnline.exe:*:Enabled:ArmadaOnline"
"C:\\Program Files\\GreedyTorrent\\GTor.exe"="C:\\Program Files\\GreedyTorrent\\GTor.exe:*:Enabled:GTor"
"D:\\Program Files\\Emule\\eMule.exe"="D:\\Program Files\\Emule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Gunz\\Xfire\\xfire.exe"="C:\\Gunz\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Commandos - Behind Enemy Lines\\mpserver.exe"="D:\\Commandos - Behind Enemy Lines\\mpserver.exe:*:Enabled:mpserver"
"C:\\dosbox\\duke3d\\DukesterX.exe"="C:\\dosbox\\duke3d\\DukesterX.exe:*:Enabled:TCP/IP Launcher for Duke Nukem 3D ports."
"C:\\dosbox\\duke3d\\duke3d_w32.exe"="C:\\dosbox\\duke3d\\duke3d_w32.exe:*:Enabled:duke3d_w32"
"C:\\Duke3D\\eduke32.exe"="C:\\Duke3D\\eduke32.exe:*:Enabled:eduke32"
"C:\\Program Files\\eMule_he\\emule.exe"="C:\\Program Files\\eMule_he\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Warcraft III\\Warcraft III.exe"="D:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox 3\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3\\firefox.exe:*:Enabled:Firefox"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"D:\\Program Files\\Liquid Entertainment\\Battle Realms\\Battle_Realms_F.exe"="D:\\Program Files\\Liquid Entertainment\\Battle Realms\\Battle_Realms_F.exe:*:Enabled:Battle_Realms_F"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Uri\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=URIK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Uri
LOGONSERVER=\\URIK
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Altiris\Software Virtualization Agent;D:\Program Files\MathWorks\MATLAB Component Runtime\v72\runtime\win32;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Cepstral\bin;C:\Program Files\Common Files\iZotope\Runtimes
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Uri\LOCALS~1\Temp
TMP=C:\DOCUME~1\Uri\LOCALS~1\Temp
USERDOMAIN=URIK
USERNAME=Uri
USERPROFILE=C:\Documents and Settings\Uri
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Uri (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.0 (הסרה בלבד) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Advanced IM Password Recovery (remove only) --> C:\Program Files\ElcomSoft\AIMPR\uninstall.exe
AGEIA PhysX v6.10.05 --> MsiExec.exe /X{582876EC-A178-44D4-9823-C10D6C62EAFF}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AI RoboForm Adapter for Firefox/Mozilla/Netscape --> "C:\Program Files\Siber Systems\Gecko Adapter\rfwipeout.exe" -moz
AirHockey 3D 1.81 --> C:\Program Files\AirHockey 3D\hockey.exe
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\Setup.exe"
Altiris Software Virtualization Agent --> MsiExec.exe /I{7D8DBB7C-1C55-4950-A107-043C164F379A}
AP Tuner 3.06 --> "C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Atomic Alarm Clock 3.2 --> "C:\Program Files\Atomic Alarm Clock\unins000.exe"
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Autodesk 3ds Max 8 --> MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
AutoIt v3.2.2.0 --> C:\Program Files\AutoIt3\Uninstall.exe
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Battle Realms --> MsiExec.exe /I{9AA761E6-CA51-4FF2-A552-D51638BF0595}
bioVirtual 3DMeNow Professional 2 --> "C:\Program Files\bioVirtual\3DMeNow Professional 2\unins000.exe"
BitComet 0.66 --> C:\Program Files\BitComet\uninst.exe
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
BoringCQ 2.0 --> "C:\Program Files\BoringCQ\unins000.exe"
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
BulletProof FTP Server (remove only) --> "C:\Program Files\BPFTP Server\Uninstall\unins000.exe"
Bus Driver 1.0 --> c:\Program Files\Bus Driver\uninst.exe
ByteCount --> "C:\Program Files\ByteCount\unins000.exe"
Cakewalk Pro Audio 9 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cakewalk\Cakewalk Pro Audio 9\CWPA9_Uninst.isu"
Cakewalk VST Adapter 4 --> C:\PROGRA~1\Cakewalk\CAKEWA~2\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~2\INSTALL.LOG
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Camtasia Studio 5 --> MsiExec.exe /I{7EADB65C-70E8-4C94-AD0A-221462D41A85}
Canon Camera WIA Driver 6.2.5 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4B66765B-8596-4698-A208-E23D11D84AA7} /l1033 /x
CB Model Pro 1.0 beta --> "C:\Program Files\CB Model Pro\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cepstral Miguel 4.1.4 --> MsiExec.exe /I{46D374FB-E350-4D64-B59B-DC5FB515B663}
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
Chicken Invaders 2 --> C:\WINDOWS\iun6002.exe "C:\Documents and Settings\Uri\Desktop\erik\irunin.ini"
CIF USB CAMERA --> C:\WINDOWS\CleanDev.exe C:\WINDOWS\DC3110.txt
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
D-Fend v2 --> "C:\Program Files\D-Fend\uninstall.exe"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drumsite 1.6 (demo) --> "C:\Program Files\Drumsite\Uninstall.exe" "C:\Program Files\Drumsite\install.log" -u
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
FlashGet(JetCar) --> C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
FontCreator 5.5 --> "C:\Program Files\High-Logic\FontCreator\unins000.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Natural text to speech reader --> MsiExec.exe /I{E2134348-2544-4B00-82C5-8E478A73689A}
Freetar --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.freetar.net/webstart/Freetar_Hero.jnlp"
Gaim (remove only) --> C:\Program Files\Gaim\gaim-uninst.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GlobeSpan DSL Modem --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7B39B40-52C3-11D4-AFCE-00E0B8138A4A}\setup.exe" -l0x9 REMOVE
GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\system32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\system32\ShellExt\GMailFS.inf
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
GreedyTorrent v1.01 beta build 170 --> "C:\Program Files\GreedyTorrent\unins000.exe"
GST 1.36.0.2 --> "C:\Program Files\Guitar Speed Trainer\uninst\unins000.exe"
GTA2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Guitar Tracks Pro 3 --> D:\PROGRA~1\Cakewalk\GUITAR~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\GUITAR~1\INSTALL.LOG
Half-Life --> "C:\Program Files\Steam\steam.exe" steam://uninstall/70
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HammerHead Rhythm Station --> C:\Program Files\HammerHead\Uninstall.exe
Hebrew Kazaa Lite 2.6.1 --> C:\Program Files\Hebrew Kazaa Lite\UnInstall_16880.exe
HijackThis 2.0.2 --> "C:\New Folder (2)\HijackThis.exe" /uninstall
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Password --> C:\Program Files\ICQ Password\unsetup.exe /u
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
IK Multimedia Amplitube DX/VST/RTAS v2.0 --> C:\PROGRA~1\IKMULT~1\AMPLIT~1\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~1\INSTALL.LOG
Indiana Jones and the Fountain of Youth Demo --> "C:\Program Files\Screen 7\Fountain of Youth\Demo\uninstall\unins000.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JAP --> C:\Program Files\JAP\uninstall.exe
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Joost ™ 0.9.0 --> C:\Program Files\Joost\uninst.exe
K-Lite Codec Pack 3.2.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kazaa Lite Resurrection 0.0.8 --> "C:\Program Files\Kazaa Lite Resurrection\unins000.exe"
KRISTAL Audio Engine --> C:\Program Files\Kreatives.org\KRISTAL Audio Engine\Uninstall.exe
Language Extender --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86E843F0-E334-11D4-8868-008048EB2595}\Setup.exe" -uninst
Last.fm 1.5.1.29527 --> "C:\Program Files\Last.fm\unins000.exe"
Launchy 0.9.6 --> "C:\Program Files\Launchy\unins000.exe"
Lexmark X1100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
LimeWire PRO 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mafia Game --> C:\WINDOWS\system32\MafiaSetup.exe
MATLAB Component Runtime --> MsiExec.exe /I{36397154-0993-445D-A22F-8049559D4B22}
Maxon C4D Studio Bundle v9.012 --> D:\PROGRA~1\C4DSTU~1.012\UNWISE.EXE D:\PROGRA~1\C4DSTU~1.012\INSTALL.LOG
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\mIRC\mirc.exe" -uninstall
Motorama 1.0 --> "C:\Program Files\Motorama\unins000.exe"
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 4.00 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
Mp3tag v2.39 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MPEG4 Direct Maker --> C:\PROGRA~1\MPEG4D~1\UNWISE.EXE C:\PROGRA~1\MPEG4D~1\INSTALL.LOG
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
Mustek 1200 UB PLUS v1.2 --> C:\WINDOWS\TWAIN_32\S6U12BX\UNINST.EXE
Native Instruments Battery v1.0 --> C:\Audio\NATIVE~1\Battery\UNWISE.EXE C:\Audio\NATIVE~1\Battery\INSTALL.LOG
Native Instruments Battery v2.0 --> C:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Native Instruments Guitar Rig 3 --> C:\PROGRA~1\NATIVE~1\GUITAR~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~2\INSTALL.LOG
Native Instruments GuitarRig2 RTAS VSTi DXi --> C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Nero 7 Ultra Edition --> MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1033}
NetAbalone --> C:\PROGRA~1\GOTO~1.GAM\NETABA~1\UNWISE.EXE C:\PROGRA~1\GOTO~1.GAM\NETABA~1\INSTALL.LOG
NetLimiter 2 Pro (remove only) --> "C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Nvidia Omega Drivers Setup Files --> C:\WINDOWS\iun6002.exe "d:\Program Files\Nvidia Omega Drivers\v1.6693\Omega.ini"
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
ooVoo --> C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe -runfromtemp -l0x0009 -removeonly
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Panavue ImageAssembler 3.1.0 (Trial) --> MsiExec.exe /I{E7823151-0898-4A90-8171-C25632BBE87C}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF2Word v1.4 --> "C:\Program Files\PDF2Word v1.4\unins000.exe"
PDFtoMusic Pro --> C:\Program Files\PDFtoMusic Pro\Uninstal\Uninstal.exe
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Plasma Pong v1.3b --> "C:\Program Files\Plasma Pong\unins000.exe"
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Radeon Omega Drivers v3.8.252 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.252 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.252\Omega Uninstall.xml"
RapidCheck v0.3 --> "C:\Program Files\RapidCheck\unins000.exe"
REAPER --> "C:\Program Files\REAPER\Uninstall.exe"
Registry Clean Expert --> "C:\Program Files\Registry Clean Expert\unins000.exe"
RescueTime 1.0.5 --> "C:\Program Files\RescueTime\unins000.exe"
Riva FLV Encoder 2.0 --> "C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Riva Producer Lite --> "C:\Program Files\Riva\Riva Producer Lite\unins000.exe"
RPG Maker 2000 - Super Columbine Massacre RPG! --> C:\WINDOWS\gamedelete.exe "C:\Program Files\ASCII\RPG2000\ColumbineRPG\RPG_RT.ind"
SababaDC s1.02_110 --> "C:\Program Files\SababaDC\uninstall_SababaDC_s1.02_110.exe"
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Serious Sam: The First Encounter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{815050E5-F545-11D4-9569-004095812ACC}\Setup.exe" -l0x9
Serv-U 6.3 --> "C:\Program Files\RhinoSoft.com\Serv-U\unins000.exe"
skipu 1.00 --> "C:\Program Files\skipu\uninstall_skipu_1.00.exe"
skitu-en Toolbar --> C:\PROGRA~1\skitu-en\UNWISE.EXE C:\PROGRA~1\skitu-en\INSTALL.LOG
Skype (BETA) --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype™ for Pocket PC 2.0 --> "C:\Program Files\Microsoft ActiveSync\Skype for Pocket PC\unins000.exe"
SnagIt 8 --> MsiExec.exe /I{524228C9-826F-4B58-9E47-4F2E5C7E9F45}
Soldat 1.4.2 --> "c:\Soldat\unins000.exe"
Songbird 0.1 (Win32) --> "C:\Program Files\Songbird\songbird-uninstall.exe"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg LM-4 VSTi v1.1 --> C:\PROGRA~1\VSTPLU~1\LM-4\LM4-UN~1.EXE C:\PROGRA~1\VSTPLU~1\LM-4\LM4-INSTALL.LOG
StepMania CVS (remove only) --> "C:\Program Files\StepMania CVS\uninst.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Subtitle Workshop 2.51 --> "C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
SUPER © Version 2006.19 (FIX) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Taskbar Shuffle version 2.2 --> "C:\Program Files\Taskbar Shuffle\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TextAloud --> "C:\Program Files\TextAloud\unins000.exe"
Turbo Pascal 7.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\TP\DeIsL1.isu" -c"C:\Program Files\TP\_ISREG32.DLL"
UnHackMe 4.70 release --> "C:\Program Files\UnHackMe\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /X{619B8475-0F48-41B7-A370-5147F7092989}
virtuAMP 1.2.0 --> "C:\Program Files\virtuAMP\unins000.exe"
Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Asistente para el inicio de sesi?n --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{9E1DDBE7-BF44-4AC8-87CA-3D25FC63C6E1}
Windows Live Messenger --> MsiExec.exe /I{1692CC0E-8798-493A-9580-23555E21C14B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WWW File Share Pro 5.0 --> "C:\Program Files\WWW File Share Pro\unins000.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widget Engine --> C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe
Yahoo! Widget Engine --> MsiExec.exe /X{35917680-C0DA-4618-B878-54B74694A2FB}
Zuma for Pocket PC --> C:\Program Files\Astraware\Zuma for Pocket PC\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7551 / Success
Event Submitted/Written: 06/17/2008 04:31:04 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7538 / Success
Event Submitted/Written: 06/17/2008 07:30:54 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7530 / Error
Event Submitted/Written: 06/16/2008 10:05:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.9.0.3071, faulting module xul.dll, version 1.9.0.3071, fault address 0x00099d85.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type7527 / Success
Event Submitted/Written: 06/16/2008 07:51:18 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type7512 / Success
Event Submitted/Written: 06/16/2008 06:20:27 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3554 / Error
Event Submitted/Written: 06/17/2008 04:21:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Parallel port driver service failed to start due to the following error:
%%1058

Event Record #/Type3553 / Error
Event Submitted/Written: 06/17/2008 04:21:22 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type3552 / Error
Event Submitted/Written: 06/17/2008 04:21:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The GlobeSpan USB ADSL Loader service failed to start due to the following error:
%%1058

Event Record #/Type3551 / Warning
Event Submitted/Written: 06/17/2008 04:20:10 PM / 06/17/2008 04:20:31 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Event Record #/Type3550 / Error
Event Submitted/Written: 06/17/2008 04:20:01 PM / 06/17/2008 04:20:31 PM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom0.



-- End of Deckard's System Scanner: finished at 2008-06-17 17:16:58 ------------


The Hosts file is attached.
Thank you very much from your help in advance.

Attached File  Copy_of_hosts.txt   238.22KB   15 downloads

Edited by Urik, 17 June 2008 - 03:24 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:10 PM

Posted 10 July 2008 - 02:32 AM

Hello Urick,


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:11:10 AM

Posted 18 July 2008 - 09:04 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users