Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Super Bowl day malware, adware, computer slow, frequent "dangerous" browser window popups


  • This topic is locked This topic is locked
13 replies to this topic

#1 vern90

vern90

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 10 February 2009 - 01:51 AM

Greetings,

This all started when my significant other visited FaceBook on Super Bowl Sunday (yeah how about that) and clicked on the wrong things. Suddenly, a window offering some free anti-adware or anti-virus software appeared, she rebooted the computer without answering that window query. Then the popups started, and online gaming slowed way down.

That night on 2/01/09 I tried removing what I could, with an after the infection, brand new installation of Trend Micro Internet Security, and ran AdAware 2008. But the numerous annoying popups and warnings of DLL files not compatible with Explorer.exe persisted.

Most (?) of the offending DLLs:

jyvdpjcr.dll
djtdbmng.dll
yktabwyy.dll
nmkctvjs.dll
lnqqxkbo.dll

srorfs.dll is another judging by time and date.

Since then, I have:
installed Spybot Search & Destroy which found more than AdAware and Trend Micro Internet Security, or so it seems.
downloaded DDS.SCR to give you my DDS.txt file as follows:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Gustavo at 20:44:37.48 on Mon 02/09/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1350 [GMT -8:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Ad-Aware 2008\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Documents and Settings\Gustavo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {2e024d5b-f6f2-9568-45c4-8e86453fd5b8}: {8b5df354-68e8-4c54-8659-2f6fb5d420e2} - c:\windows\system32\srorfs.dll
BHO: {915e1083-76e1-4530-9480-c81f046a9267} - c:\windows\system32\urqQggeC.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [VolPanel] "c:\program files\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UVS12 Preload] c:\program files\corel videostudio 12\uvPL.exe
mRun: [InstantBurn] c:\progra~1\cyberl~1\instan~1\win2k\IBurn.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Nitro PDF Printer Monitor] "c:\program files\nitro pdf pro\NitroPDFPrinterMonitor.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [StxTrayMenu] "c:\program files\freeagentpro\systemtray\StxMenuMgr.exe"
mRun: [<NO NAME>]
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\gustavo\startm~1\programs\startup\autoba~1.lnk - c:\program files\memeo\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitechg5mouse\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: opnonLBR -
AppInit_DLLs: srorfs.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\eudora7\EuShlExt.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqQggeC

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gustavo\applic~1\mozilla\firefox\profiles\a97gjzc5.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\gustavo\application data\mozilla\firefox\profiles\a97gjzc5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-1-4 16048]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2009-1-4 61424]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\ad-aware 2008\aawservice.exe [2008-7-7 611664]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-1-4 162096]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-1 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-2-1 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-1 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-1 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-2-1 334352]
S2 WasayPMsv;WasayPMsv;c:\wasay\promagic\wspmsv.exe --> c:\wasay\promagic\wspmsv.exe [?]
S3 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
S3 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-2-26 29183504]

=============== Created Last 30 ================

2009-02-08 22:41 <DIR> --d----- c:\program files\Memeo
2009-02-08 22:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Tanagra
2009-02-08 22:38 <DIR> --d----- c:\program files\FreeAgentPro
2009-02-08 22:38 619 a------- c:\windows\setup.iss
2009-02-08 22:29 5,947 a------- c:\windows\system32\slmotuir.dll
2009-02-08 22:27 5,946 a------- c:\windows\system32\hporylhn.dll
2009-02-08 22:26 <DIR> --d----- c:\windows\system32\Service
2009-02-08 22:24 395,744 a------- c:\windows\system32\drivers\timntr.sys
2009-02-08 22:24 39,264 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-02-08 22:23 114,048 a------- c:\windows\system32\drivers\snapman.sys
2009-02-08 21:05 5,947 a------- c:\windows\system32\wbhavmlq.dll
2009-02-08 21:02 5,946 a------- c:\windows\system32\hdxslebv.dll
2009-02-08 20:38 442,217 a--sh--- c:\windows\system32\CeggQqru.ini2
2009-02-08 03:51 95 a------- c:\windows\wininit.ini
2009-02-08 03:13 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-08 03:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-07 21:01 5,947 a------- c:\windows\system32\lnqqxkbo.dll
2009-02-07 20:57 5,946 a------- c:\windows\system32\nmkctjvs.dll
2009-02-06 18:47 5,947 a------- c:\windows\system32\ikbgvgbc.dll
2009-02-06 18:46 5,946 a------- c:\windows\system32\werbjrbn.dll
2009-02-05 21:59 5,946 a------- c:\windows\system32\yktabwyy.dll
2009-02-05 14:48 5,946 a------- c:\windows\system32\wxjrwgbn.dll
2009-02-05 14:45 5,947 a------- c:\windows\system32\lckrytep.dll
2009-02-05 11:38 5,946 a------- c:\windows\system32\uefmyjqq.dll
2009-02-05 00:30 5,947 a------- c:\windows\system32\djtdbmng.dll
2009-02-04 22:48 5,946 a------- c:\windows\system32\jyvdpjcr.dll
2009-02-03 22:50 5,947 a------- c:\windows\system32\iwwjxwqb.dll
2009-02-03 22:48 5,946 a------- c:\windows\system32\mwjfyyfr.dll
2009-02-02 21:21 16,384 a------- c:\windows\DCEBoot.exe
2009-02-02 21:19 5,947 a------- c:\windows\system32\xroxdctu.dll
2009-02-02 21:16 5,946 a------- c:\windows\system32\kjytsrlj.dll
2009-02-01 20:52 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-01 20:52 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-02-01 20:51 <DIR> --d----- c:\program files\Trend Micro
2009-02-01 20:48 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-01 20:48 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2009-02-01 20:48 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-02-01 20:48 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-02-01 20:47 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-02-01 20:47 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-02-01 20:47 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-02-01 18:55 123,904 a------- c:\windows\system32\srorfs.dll
2009-02-01 18:55 123,904 a------- c:\windows\system32\xmpujvtd.dll
2009-02-01 18:55 442,217 a--sh--- c:\windows\system32\CeggQqru.ini
2009-02-01 18:55 316,416 a------- c:\windows\system32\urqQggeC.dll
2009-02-01 18:50 <DIR> --d----- c:\docume~1\gustavo\applic~1\cogad
2009-01-29 21:37 <DIR> --d----- c:\docume~1\gustavo\applic~1\Intuit
2009-01-29 21:36 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-01-29 21:35 <DIR> --d----- c:\program files\common files\Intuit
2009-01-29 21:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-01-29 21:29 <DIR> --d----- c:\program files\TurboTax
2009-01-24 14:40 <DIR> --d----- c:\program files\Nitro PDF Pro
2009-01-24 14:40 <DIR> --d----- c:\program files\common files\Nitro PDF
2009-01-24 14:40 <DIR> --d----- c:\program files\common files\BCL Technologies

==================== Find3M ====================

2008-12-12 09:01 3,067,904 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\dllcache\srv.sys

============= FINISH: 20:45:59.23 ===============


By the way, I've used this website for help before without being a member and have found it invaluable! Because of this I am glad you folks volunteer your time to help so many.

Thank you very much for your help!

Vern90


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 11 February 2009 - 06:19 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 12 February 2009 - 04:57 AM

Here is the MBAM log, will have to continue tomorrow evening:

Malwarebytes' Anti-Malware 1.34
Database version: 1753
Windows 5.1.2600 Service Pack 3

2/12/2009 1:50:25 AM
mbam-log-2009-02-12 (01-50-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 196785
Time elapsed: 50 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\urqQggeC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\srorfs.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b5df354-68e8-4c54-8659-2f6fb5d420e2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8b5df354-68e8-4c54-8659-2f6fb5d420e2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f0ff8a5-c280-48f4-b74d-400518b80b1d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9f0ff8a5-c280-48f4-b74d-400518b80b1d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b5df354-68e8-4c54-8659-2f6fb5d420e2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqggec -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqggec -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\Gustavo\Application Data\cogad (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\srorfs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqQggeC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\CeggQqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CeggQqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gustavo\Local Settings\Temporary Internet Files\Content.IE5\K52B49YN\CAI3XJV9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04BE7CC9-F048-48B1-AEA0-E4B01F61B2EC}\RP323\A0036058.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmpujvtd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 12 February 2009 - 06:57 AM

Waiting for your RSIT and GMER logs :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 12 February 2009 - 10:56 PM

RSIT logs:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Gustavo at 2009-02-12 19:52:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 384 GB (81%) free of 477 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:36 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2008\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gustavo\Desktop\RSIT.exe
C:\Program Files\trend micro\Gustavo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9F0FF8A5-C280-48F4-B74D-400518B80B1D} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O20 - AppInit_DLLs: srorfs.dll
O20 - Winlogon Notify: opnonLBR - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2008\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WasayPMsv - Unknown owner - C:\Wasay\ProMagic\wspmsv.exe (file missing)

--
End of file - 11420 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F0FF8A5-C280-48F4-B74D-400518B80B1D}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2007-05-06 405504]
"VolPanel"=C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-13 122880]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2006-06-23 1029712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"UVS12 Preload"=C:\Program Files\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"InstantBurn"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-10-07 75048]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-07-21 87336]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-05-14 62760]
"Nitro PDF Printer Monitor"=C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe [2008-07-10 210224]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-02-01 970808]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-16 87584]
"StxTrayMenu"=C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2007-07-23 2499880]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-02-01 497008]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-12 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-17 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
C:\WINDOWS\CTRegRun.EXE [1999-10-10 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP1315\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-05-14 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2008-01-09 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-07-21 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2006-08-14 20066856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Games\Half Life 2\Steam.exe [2008-10-19 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP1315\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP1315\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\LOGITE~1\SetPoint\SetPoint.exe [2008-05-02 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2006-09-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gustavo^Start Menu^Programs^Startup^Product Registration.lnk]
C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2
"WMPNetworkSvc"=3
"SCardSvr"=3
"RichVideo"=2
"Pml Driver HPZ12"=3
"NMIndexingService"=3
"NBService"=3
"iPod Service"=3
"InCDsrv"=2
"idsvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe

C:\Documents and Settings\Gustavo\Start Menu\Programs\Startup
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="srorfs.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnonLBR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\PROGRA~1\Eudora7\EuShlExt.dll [2006-08-17 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Games\UO9thAnniv\client.exe"="C:\Games\UO9thAnniv\client.exe:*:Enabled:Ultima Online Client"
"C:\Games\FEAR\fpupdate.exe"="C:\Games\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"C:\Games\FEAR\FEAR.exe"="C:\Games\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Games\FEAR\FEARMP.exe"="C:\Games\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Games\UOAutoMap\uoam.exe"="C:\Games\UOAutoMap\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"C:\Games\SupremeCommander\Supreme Commander\bin\SupremeCommander.exe"="C:\Games\SupremeCommander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"C:\Games\SupremeCommander\GPGNet\GPG.Multiplayer.Client.exe"="C:\Games\SupremeCommander\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Games\Half Life 2\SteamApps\common\trackmania nations forever\TmForever.exe"="C:\Games\Half Life 2\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\Crysis SP Demo\Bin32\Crysis.exe"="C:\Games\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-02-12 19:52:16 ----D---- C:\rsit
2009-02-12 00:52:19 ----D---- C:\Documents and Settings\Gustavo\Application Data\Malwarebytes
2009-02-12 00:52:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-12 00:52:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-12 00:47:15 ----A---- C:\WINDOWS\system32\snmaglrk.dll
2009-02-12 00:45:52 ----A---- C:\WINDOWS\system32\avelqavu.dll
2009-02-10 22:27:54 ----A---- C:\WINDOWS\system32\tylhvmho.dll
2009-02-10 22:25:57 ----A---- C:\WINDOWS\system32\rvlvcfhw.dll
2009-02-09 22:32:50 ----A---- C:\WINDOWS\system32\kxfciitn.dll
2009-02-09 22:29:50 ----A---- C:\WINDOWS\system32\dngdsxac.dll
2009-02-08 22:41:14 ----D---- C:\Program Files\Memeo
2009-02-08 22:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\Tanagra
2009-02-08 22:38:52 ----D---- C:\Program Files\FreeAgentPro
2009-02-08 22:29:39 ----A---- C:\WINDOWS\system32\slmotuir.dll
2009-02-08 22:27:37 ----A---- C:\WINDOWS\system32\hporylhn.dll
2009-02-08 22:27:14 ----D---- C:\Documents and Settings\All Users\Application Data\Acronis
2009-02-08 22:26:46 ----D---- C:\WINDOWS\system32\Service
2009-02-08 22:23:41 ----D---- C:\Program Files\Common Files\Acronis
2009-02-08 22:23:41 ----D---- C:\Program Files\Acronis
2009-02-08 21:05:57 ----A---- C:\WINDOWS\system32\wbhavmlq.dll
2009-02-08 21:02:57 ----A---- C:\WINDOWS\system32\hdxslebv.dll
2009-02-08 03:51:32 ----A---- C:\WINDOWS\wininit.ini
2009-02-08 03:13:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-08 03:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-07 21:01:38 ----A---- C:\WINDOWS\system32\lnqqxkbo.dll
2009-02-07 20:57:33 ----A---- C:\WINDOWS\system32\nmkctjvs.dll
2009-02-06 18:47:58 ----A---- C:\WINDOWS\system32\ikbgvgbc.dll
2009-02-06 18:46:08 ----A---- C:\WINDOWS\system32\werbjrbn.dll
2009-02-05 21:59:52 ----A---- C:\WINDOWS\system32\yktabwyy.dll
2009-02-05 14:48:13 ----A---- C:\WINDOWS\system32\wxjrwgbn.dll
2009-02-05 14:45:31 ----A---- C:\WINDOWS\system32\lckrytep.dll
2009-02-05 11:38:27 ----A---- C:\WINDOWS\system32\uefmyjqq.dll
2009-02-05 00:30:55 ----A---- C:\WINDOWS\system32\djtdbmng.dll
2009-02-04 22:48:49 ----A---- C:\WINDOWS\system32\jyvdpjcr.dll
2009-02-03 22:50:14 ----A---- C:\WINDOWS\system32\iwwjxwqb.dll
2009-02-03 22:48:06 ----A---- C:\WINDOWS\system32\mwjfyyfr.dll
2009-02-02 21:21:34 ----A---- C:\WINDOWS\DCEBoot.exe
2009-02-02 21:19:04 ----A---- C:\WINDOWS\system32\xroxdctu.dll
2009-02-02 21:16:52 ----A---- C:\WINDOWS\system32\kjytsrlj.dll
2009-02-01 20:51:54 ----D---- C:\Program Files\Trend Micro
2009-02-01 18:55:48 ----A---- C:\WINDOWS\system32\f3c75422-.txt
2009-01-29 21:37:34 ----D---- C:\Documents and Settings\Gustavo\Application Data\Intuit
2009-01-29 21:36:54 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2009-01-29 21:35:03 ----D---- C:\Program Files\Common Files\Intuit
2009-01-29 21:35:03 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2009-01-29 21:29:07 ----D---- C:\Program Files\TurboTax
2009-01-24 14:52:52 ----D---- C:\Documents and Settings\Gustavo\Application Data\Ahead
2009-01-24 14:41:49 ----D---- C:\Documents and Settings\Gustavo\Application Data\Nitro PDF
2009-01-24 14:40:24 ----D---- C:\Program Files\Nitro PDF Pro
2009-01-24 14:40:24 ----D---- C:\Program Files\Common Files\Nitro PDF
2009-01-24 14:40:24 ----D---- C:\Program Files\Common Files\BCL Technologies
2009-01-24 14:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\Nitro PDF
2009-01-14 01:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-04 21:06:21 ----A---- C:\WINDOWS\IBUnInst.exe
2009-01-04 21:05:23 ----D---- C:\Program Files\LightScribeODK
2008-12-17 23:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 21:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 21:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 21:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 21:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 21:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-26 13:45:38 ----D---- C:\Program Files\Common Files\Futuremark Shared
2008-11-19 01:12:12 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2008-11-19 01:11:49 ----D---- C:\Program Files\Common Files\Logishrd

======List of files/folders modified in the last 3 months======

2009-02-12 19:52:25 ----D---- C:\WINDOWS\Prefetch
2009-02-12 19:51:43 ----D---- C:\WINDOWS\Temp
2009-02-12 19:49:56 ----D---- C:\Program Files\Mozilla Firefox
2009-02-12 19:48:29 ----D---- C:\WINDOWS
2009-02-12 19:48:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-12 14:39:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-12 01:51:57 ----D---- C:\WINDOWS\system32\drivers
2009-02-12 01:51:57 ----D---- C:\WINDOWS\system32
2009-02-12 00:52:12 ----RD---- C:\Program Files
2009-02-08 22:41:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-08 22:41:21 ----SHD---- C:\WINDOWS\Installer
2009-02-08 22:41:21 ----HD---- C:\Config.Msi
2009-02-08 22:37:04 ----HD---- C:\WINDOWS\inf
2009-02-08 22:23:41 ----D---- C:\Program Files\Common Files
2009-02-08 03:59:41 ----SD---- C:\Documents and Settings\Gustavo\Application Data\Microsoft
2009-02-08 03:51:28 ----SD---- C:\WINDOWS\Tasks
2009-02-08 03:22:24 ----D---- C:\Downloads
2009-02-08 02:50:51 ----D---- C:\Program Files\Ad-Aware 2008
2009-02-02 22:31:47 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-01 20:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-31 22:29:54 ----D---- C:\Documents and Settings\Gustavo\Application Data\Move Networks
2009-01-29 22:14:14 ----RD---- C:\Songs
2009-01-29 21:39:34 ----RSD---- C:\WINDOWS\assembly
2009-01-29 21:39:32 ----D---- C:\WINDOWS\WinSxS
2009-01-29 21:35:54 ----RSD---- C:\WINDOWS\Fonts
2009-01-17 14:23:23 ----D---- C:\WINDOWS\system32\DirectX
2009-01-17 14:20:35 ----D---- C:\Games
2009-01-15 01:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-14 01:08:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-14 01:08:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-11 18:56:49 ----D---- C:\MyWorks
2009-01-09 17:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-08 01:06:26 ----D---- C:\Documents and Settings\Gustavo\Application Data\Skype
2009-01-04 21:17:53 ----D---- C:\Program Files\CyberLink
2009-01-04 21:10:49 ----D---- C:\Documents and Settings\Gustavo\Application Data\CyberLink
2009-01-04 21:05:32 ----D---- C:\Program Files\Common Files\LightScribe
2009-01-04 21:02:53 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-26 21:31:56 ----A---- C:\DVDPATH.TXT
2008-12-17 23:36:45 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 09:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-05 12:32:05 ----D---- C:\Program Files\Eudora7
2008-11-30 05:45:13 ----D---- C:\Program Files\NetMeeting
2008-11-21 01:21:30 ----D---- C:\WINDOWS\system32\wbem
2008-11-21 01:21:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-19 01:12:15 ----D---- C:\Program Files\Common Files\Logitech
2008-11-17 00:00:37 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 CLBStor;InstantBurn Storage Helper Driver; C:\WINDOWS\system32\drivers\CLBStor.sys [2007-06-04 16048]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-02-01 80400]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\WINDOWS\system32\drivers\CLBUDF.sys [2007-06-04 162096]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-02-08 39264]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-17 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-17 500480]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-17 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-17 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-17 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2008-09-24 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-17 116224]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-03-05 1228296]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-02-01 334352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2006-08-17 340176]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-10 393088]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Ad-Aware 2008\aawservice.exe [2008-07-07 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-16 230944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 BMUService;AutoBackup; C:\Program Files\Memeo\AutoBackup\MemeoService.exe [2007-02-08 56344]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2006-06-23 276048]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-02-01 707128]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2007-05-06 94208]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-02-01 492888]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-02-01 677128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 WasayPMsv;WasayPMsv; C:\Wasay\ProMagic\wspmsv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-27 79136]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2006-05-25 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-12 19:52:42

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->"C:\Program Files\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\setup.exe" -uninstall
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Chart Navigator-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Maptech\Chart Navigator\DeIsL1.isu"
Corel VideoStudio 12-->C:\Program Files\InstallShield Installation Information\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\setup.exe -runfromtemp -l0x0409
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Crysis® SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
CyberLink InstantBurn-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -l0x9 -uninstall
CyberLink PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Doomsday Engine 1.9.0-beta5-->C:\Games\Doomsday\unins000.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Eudora-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AA18901-1C9A-48BB-8D6E-03387DD44536}\setup.exe" -l0x9
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Half-Life 2: Deathmatch-->"C:\Games\HALFLI~1\steam.exe" steam://uninstall/320
Half-Life 2-->"C:\Games\HALFLI~1\steam.exe" steam://uninstall/220
Hi-Def Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP1315\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP1315\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
ICQ6-->C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe Optical Disc Kit-->MsiExec.exe /X{71F17309-007D-43F9-9313-DBFBA5FCB3B3}
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
LUMIX Simple Viewer-->C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2008 Equifax Addin-->MsiExec.exe /X{0C2AF762-0565-4C91-9F55-B8B53BB82A38}
Microsoft Office Accounting 2008 Fixed Asset Manager-->MsiExec.exe /X{E3DF6916-2472-43D9-8B3C-9F2F0AAB01B5}
Microsoft Office Accounting 2008 PayPal Addin-->MsiExec.exe /X{B391EECE-DFEA-4FC5-9D40-47FA43E2DBE6}
Microsoft Office Accounting 2008-->"C:\Program Files\Microsoft Small Business\Office Accounting 2008\SetupBootstrap\Setup.exe" /remove {270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting 2008-->MsiExec.exe /X{270940EA-C235-40D9-B2AE-2D450356DF8E}
Microsoft Office Accounting ADP Payroll Addin-->MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials-->MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nitro PDF Professional-->MsiExec.exe /I{081D00DF-35F0-4570-8037-3E289795928F}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x0009Package -removeonly
Portal-->"C:\Games\Half Life 2\steam.exe" steam://uninstall/400
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Pure Networks Network Magic-->C:\Program Files\Pure Networks\Network Magic\Uninstall.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Source SDK Base-->"C:\Games\HALFLI~1\steam.exe" steam://uninstall/215
Source SDK-->"C:\Games\HALFLI~1\steam.exe" steam://uninstall/211
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
TrackMania Nations Forever-->"C:\Games\Half Life 2\steam.exe" steam://uninstall/11020
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Basic 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
Ultima Online: 9th Anniversary Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F4D129C-6DB8-43D7-A73C-7F93D471DD0C}\setup.exe" -l0x9 -removeonly
UO Auto-Map-->c:\Games\UOAutoMap\uoam.exe -uninstall
UOAssist-->C:\Games\UOAssist\UOAssist.exe /Uninstall
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

System event log

Computer Name: MARS
Event Code: 7035
Message: The SQL Server (MSSMLBIZ) service was successfully sent a start control.

Record Number: 14069
Source Name: Service Control Manager
Time Written: 20081207084111.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MARS
Event Code: 7036
Message: The SigmaTel Audio Service service entered the running state.

Record Number: 14068
Source Name: Service Control Manager
Time Written: 20081207084110.000000-480
Event Type: information
User:

Computer Name: MARS
Event Code: 7000
Message: The WasayPMsv service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 14067
Source Name: Service Control Manager
Time Written: 20081207084110.000000-480
Event Type: error
User:

Computer Name: MARS
Event Code: 2
Message: Device identified.

Record Number: 14066
Source Name: nvata
Time Written: 20081207084108.000000-480
Event Type: information
User:

Computer Name: MARS
Event Code: 6005
Message: The Event log service was started.

Record Number: 14065
Source Name: EventLog
Time Written: 20081207084056.000000-480
Event Type: information
User:

Application event log

Computer Name: MARS
Event Code: 1
Message:
Record Number: 20043
Source Name: nview_info
Time Written: 20090126003055.000000-480
Event Type: error
User:

Computer Name: MARS
Event Code: 1
Message:
Record Number: 20042
Source Name: nview_info
Time Written: 20090126003055.000000-480
Event Type: error
User:

Computer Name: MARS
Event Code: 1
Message:
Record Number: 20041
Source Name: nview_info
Time Written: 20090126003055.000000-480
Event Type: error
User:

Computer Name: MARS
Event Code: 1
Message:
Record Number: 20040
Source Name: nview_info
Time Written: 20090126003055.000000-480
Event Type: error
User:

Computer Name: MARS
Event Code: 1
Message:
Record Number: 20039
Source Name: nview_info
Time Written: 20090126003055.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Watermark Master;C:\Program Files\Common Files\Ulead Systems\MPEG;c:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 12 February 2009 - 11:44 PM

Gmer log attached

Appreciate your help! :thumbup2:

Vern90

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 13 February 2009 - 04:01 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)



Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\snmaglrk.dll
    C:\WINDOWS\system32\avelqavu.dll
    C:\WINDOWS\system32\tylhvmho.dll
    C:\WINDOWS\system32\rvlvcfhw.dll
    C:\WINDOWS\system32\kxfciitn.dll
    C:\WINDOWS\system32\slmotuir.dll
    C:\WINDOWS\system32\dngdsxac.dll
    C:\WINDOWS\system32\hporylhn.dll
    C:\WINDOWS\system32\wbhavmlq.dll
    C:\WINDOWS\system32\hdxslebv.dll
    C:\WINDOWS\system32\lnqqxkbo.dll
    C:\WINDOWS\system32\nmkctjvs.dll
    C:\WINDOWS\system32\ikbgvgbc.dll
    C:\WINDOWS\system32\werbjrbn.dll
    C:\WINDOWS\system32\yktabwyy.dll
    C:\WINDOWS\system32\wxjrwgbn.dll
    C:\WINDOWS\system32\lckrytep.dll
    C:\WINDOWS\system32\uefmyjqq.dll
    C:\WINDOWS\system32\djtdbmng.dll
    C:\WINDOWS\system32\jyvdpjcr.dll
    C:\WINDOWS\system32\iwwjxwqb.dll
    C:\WINDOWS\system32\mwjfyyfr.dll
    C:\WINDOWS\DCEBoot.exe
    C:\WINDOWS\system32\xroxdctu.dll
    C:\WINDOWS\system32\kjytsrlj.dll
    C:\WINDOWS\system32\f3c75422-.txt
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F0FF8A5-C280-48F4-B74D-400518B80B1D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnonLBR]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 February 2009 - 04:49 AM

OTmoveIT3 Log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\snmaglrk.dll
C:\WINDOWS\system32\snmaglrk.dll NOT unregistered.
C:\WINDOWS\system32\snmaglrk.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\avelqavu.dll
C:\WINDOWS\system32\avelqavu.dll NOT unregistered.
C:\WINDOWS\system32\avelqavu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\tylhvmho.dll
C:\WINDOWS\system32\tylhvmho.dll NOT unregistered.
C:\WINDOWS\system32\tylhvmho.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\rvlvcfhw.dll
C:\WINDOWS\system32\rvlvcfhw.dll NOT unregistered.
C:\WINDOWS\system32\rvlvcfhw.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\kxfciitn.dll
C:\WINDOWS\system32\kxfciitn.dll NOT unregistered.
C:\WINDOWS\system32\kxfciitn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\slmotuir.dll
C:\WINDOWS\system32\slmotuir.dll NOT unregistered.
C:\WINDOWS\system32\slmotuir.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\dngdsxac.dll
C:\WINDOWS\system32\dngdsxac.dll NOT unregistered.
C:\WINDOWS\system32\dngdsxac.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\hporylhn.dll
C:\WINDOWS\system32\hporylhn.dll NOT unregistered.
C:\WINDOWS\system32\hporylhn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wbhavmlq.dll
C:\WINDOWS\system32\wbhavmlq.dll NOT unregistered.
C:\WINDOWS\system32\wbhavmlq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\hdxslebv.dll
C:\WINDOWS\system32\hdxslebv.dll NOT unregistered.
C:\WINDOWS\system32\hdxslebv.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lnqqxkbo.dll
C:\WINDOWS\system32\lnqqxkbo.dll NOT unregistered.
C:\WINDOWS\system32\lnqqxkbo.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\nmkctjvs.dll
C:\WINDOWS\system32\nmkctjvs.dll NOT unregistered.
C:\WINDOWS\system32\nmkctjvs.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ikbgvgbc.dll
C:\WINDOWS\system32\ikbgvgbc.dll NOT unregistered.
C:\WINDOWS\system32\ikbgvgbc.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\werbjrbn.dll
C:\WINDOWS\system32\werbjrbn.dll NOT unregistered.
C:\WINDOWS\system32\werbjrbn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yktabwyy.dll
C:\WINDOWS\system32\yktabwyy.dll NOT unregistered.
C:\WINDOWS\system32\yktabwyy.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\wxjrwgbn.dll
C:\WINDOWS\system32\wxjrwgbn.dll NOT unregistered.
C:\WINDOWS\system32\wxjrwgbn.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\lckrytep.dll
C:\WINDOWS\system32\lckrytep.dll NOT unregistered.
C:\WINDOWS\system32\lckrytep.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\uefmyjqq.dll
C:\WINDOWS\system32\uefmyjqq.dll NOT unregistered.
C:\WINDOWS\system32\uefmyjqq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\djtdbmng.dll
C:\WINDOWS\system32\djtdbmng.dll NOT unregistered.
C:\WINDOWS\system32\djtdbmng.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\jyvdpjcr.dll
C:\WINDOWS\system32\jyvdpjcr.dll NOT unregistered.
C:\WINDOWS\system32\jyvdpjcr.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\iwwjxwqb.dll
C:\WINDOWS\system32\iwwjxwqb.dll NOT unregistered.
C:\WINDOWS\system32\iwwjxwqb.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mwjfyyfr.dll
C:\WINDOWS\system32\mwjfyyfr.dll NOT unregistered.
C:\WINDOWS\system32\mwjfyyfr.dll moved successfully.
C:\WINDOWS\DCEBoot.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\xroxdctu.dll
C:\WINDOWS\system32\xroxdctu.dll NOT unregistered.
C:\WINDOWS\system32\xroxdctu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\kjytsrlj.dll
C:\WINDOWS\system32\kjytsrlj.dll NOT unregistered.
C:\WINDOWS\system32\kjytsrlj.dll moved successfully.
C:\WINDOWS\system32\f3c75422-.txt moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F0FF8A5-C280-48F4-B74D-400518B80B1D}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnonLBR\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Gustavo\LOCALS~1\Temp\etilqs_9fAtFBAFIRxgpY4eS7M2 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gustavo\LOCALS~1\Temp\etilqs_nMomalMW70iU8VKeQK3M scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Gustavo\LOCALS~1\Temp\etilqs_nMomalMW70iU8VKeQK3M-journal scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_013300

Files moved on Reboot...
File C:\DOCUME~1\Gustavo\LOCALS~1\Temp\etilqs_9fAtFBAFIRxgpY4eS7M2 not found!
File C:\DOCUME~1\Gustavo\LOCALS~1\Temp\etilqs_nMomalMW70iU8VKeQK3M not found!
File C:\DOCUME~1\Gustavo\LOCALS~1\Temp\etilqs_nMomalMW70iU8VKeQK3M-journal not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\OfflineCache\index.sqlite moved successfully.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Gustavo\Local Settings\Application Data\Mozilla\Firefox\Profiles\a97gjzc5.default\XUL.mfl moved successfully.

Now the RSIT log.txt file:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Gustavo at 2009-02-14 01:47:02
Microsoft Windows XP Professional Service Pack 3
System drive C: has 385 GB (81%) free of 477 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:12 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Gustavo\Desktop\RSIT.exe
C:\Program Files\trend micro\Gustavo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WasayPMsv - Unknown owner - C:\Wasay\ProMagic\wspmsv.exe (file missing)

--
End of file - 10663 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2007-05-06 405504]
"VolPanel"=C:\Program Files\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [2006-07-13 122880]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-11-04 49152]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2006-06-23 1029712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"UVS12 Preload"=C:\Program Files\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
"InstantBurn"=C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-10-07 75048]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-07-21 87336]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-05-14 62760]
"Nitro PDF Printer Monitor"=C:\Program Files\Nitro PDF Pro\NitroPDFPrinterMonitor.exe [2008-07-10 210224]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-02-01 970808]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-16 87584]
"StxTrayMenu"=C:\Program Files\FreeAgentPro\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2007-07-23 2499880]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2009-02-01 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-11-12 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe [2006-11-09 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-17 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
C:\WINDOWS\CTRegRun.EXE [1999-10-10 41984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP1315\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-05-15 1057328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2008-05-14 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2008-01-09 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2008-07-21 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-05-15 1628208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2006-08-14 20066856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Games\Half Life 2\Steam.exe [2008-10-19 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP1315\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HP1315\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\LOGITE~1\SetPoint\SetPoint.exe [2008-05-02 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LUMIX Simple Viewer.lnk]
C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2006-09-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gustavo^Start Menu^Programs^Startup^Product Registration.lnk]
C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe [2007-04-09 3036688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2
"WMPNetworkSvc"=3
"SCardSvr"=3
"RichVideo"=2
"Pml Driver HPZ12"=3
"NMIndexingService"=3
"NBService"=3
"iPod Service"=3
"InCDsrv"=2
"idsvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\LogitechG5mouse\SetPoint\SetPoint.exe

C:\Documents and Settings\Gustavo\Start Menu\Programs\Startup
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=C:\PROGRA~1\Eudora7\EuShlExt.dll [2006-08-17 86016]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Games\UO9thAnniv\client.exe"="C:\Games\UO9thAnniv\client.exe:*:Enabled:Ultima Online Client"
"C:\Games\FEAR\fpupdate.exe"="C:\Games\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"C:\Games\FEAR\FEAR.exe"="C:\Games\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Games\FEAR\FEARMP.exe"="C:\Games\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Games\UOAutoMap\uoam.exe"="C:\Games\UOAutoMap\uoam.exe:*:Enabled:Ultima Online's premier mapping tool."
"C:\Games\SupremeCommander\Supreme Commander\bin\SupremeCommander.exe"="C:\Games\SupremeCommander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"C:\Games\SupremeCommander\GPGNet\GPG.Multiplayer.Client.exe"="C:\Games\SupremeCommander\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Games\Half Life 2\SteamApps\common\trackmania nations forever\TmForever.exe"="C:\Games\Half Life 2\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\Crysis SP Demo\Bin32\Crysis.exe"="C:\Games\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"="C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Network Magic Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-02-14 01:33:00 ----D---- C:\_OTMoveIt
2009-02-14 01:24:38 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-12 20:16:15 ----A---- C:\WINDOWS\gmer.ini
2009-02-12 20:16:14 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-12 20:16:14 ----A---- C:\WINDOWS\gmer.dll
2009-02-12 20:16:13 ----RA---- C:\WINDOWS\gmer.exe
2009-02-12 19:52:16 ----D---- C:\rsit
2009-02-12 00:52:19 ----D---- C:\Documents and Settings\Gustavo\Application Data\Malwarebytes
2009-02-12 00:52:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-12 00:52:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-08 22:41:14 ----D---- C:\Program Files\Memeo
2009-02-08 22:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\Tanagra
2009-02-08 22:38:52 ----D---- C:\Program Files\FreeAgentPro
2009-02-08 22:27:14 ----D---- C:\Documents and Settings\All Users\Application Data\Acronis
2009-02-08 22:26:46 ----D---- C:\WINDOWS\system32\Service
2009-02-08 22:23:41 ----D---- C:\Program Files\Common Files\Acronis
2009-02-08 22:23:41 ----D---- C:\Program Files\Acronis
2009-02-08 03:51:32 ----A---- C:\WINDOWS\wininit.ini
2009-02-08 03:13:22 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-08 03:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-01 20:51:54 ----D---- C:\Program Files\Trend Micro
2009-01-29 21:37:34 ----D---- C:\Documents and Settings\Gustavo\Application Data\Intuit
2009-01-29 21:36:54 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2009-01-29 21:35:03 ----D---- C:\Program Files\Common Files\Intuit
2009-01-29 21:35:03 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2009-01-29 21:29:07 ----D---- C:\Program Files\TurboTax
2009-01-24 14:52:52 ----D---- C:\Documents and Settings\Gustavo\Application Data\Ahead
2009-01-24 14:41:49 ----D---- C:\Documents and Settings\Gustavo\Application Data\Nitro PDF
2009-01-24 14:40:24 ----D---- C:\Program Files\Nitro PDF Pro
2009-01-24 14:40:24 ----D---- C:\Program Files\Common Files\Nitro PDF
2009-01-24 14:40:24 ----D---- C:\Program Files\Common Files\BCL Technologies
2009-01-24 14:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\Nitro PDF
2009-01-14 01:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-04 21:06:21 ----A---- C:\WINDOWS\IBUnInst.exe
2009-01-04 21:05:23 ----D---- C:\Program Files\LightScribeODK
2008-12-17 23:36:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 21:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 21:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 21:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 21:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 21:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-26 13:45:38 ----D---- C:\Program Files\Common Files\Futuremark Shared
2008-11-19 01:12:12 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2008-11-19 01:11:49 ----D---- C:\Program Files\Common Files\Logishrd

======List of files/folders modified in the last 3 months======

2009-02-14 01:47:05 ----D---- C:\WINDOWS\Temp
2009-02-14 01:39:16 ----D---- C:\Program Files\Mozilla Firefox
2009-02-14 01:38:58 ----D---- C:\WINDOWS
2009-02-14 01:38:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-14 01:38:23 ----D---- C:\WINDOWS\Prefetch
2009-02-14 01:36:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-14 01:33:50 ----D---- C:\WINDOWS\system32
2009-02-14 01:24:38 ----SHD---- C:\WINDOWS\Installer
2009-02-14 01:24:38 ----HD---- C:\Config.Msi
2009-02-14 01:24:38 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-14 01:24:35 ----RD---- C:\Program Files
2009-02-14 01:24:35 ----D---- C:\WINDOWS\system32\drivers
2009-02-08 22:41:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-08 22:37:04 ----HD---- C:\WINDOWS\inf
2009-02-08 22:23:41 ----D---- C:\Program Files\Common Files
2009-02-08 03:59:41 ----SD---- C:\Documents and Settings\Gustavo\Application Data\Microsoft
2009-02-08 03:51:28 ----SD---- C:\WINDOWS\Tasks
2009-02-08 03:22:24 ----D---- C:\Downloads
2009-02-02 22:31:47 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-01 20:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-01-31 22:29:54 ----D---- C:\Documents and Settings\Gustavo\Application Data\Move Networks
2009-01-29 22:14:14 ----RD---- C:\Songs
2009-01-29 21:39:34 ----RSD---- C:\WINDOWS\assembly
2009-01-29 21:39:32 ----D---- C:\WINDOWS\WinSxS
2009-01-29 21:35:54 ----RSD---- C:\WINDOWS\Fonts
2009-01-17 14:23:23 ----D---- C:\WINDOWS\system32\DirectX
2009-01-17 14:20:35 ----D---- C:\Games
2009-01-15 01:19:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-14 01:08:42 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-14 01:08:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-11 18:56:49 ----D---- C:\MyWorks
2009-01-09 17:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-08 01:06:26 ----D---- C:\Documents and Settings\Gustavo\Application Data\Skype
2009-01-04 21:17:53 ----D---- C:\Program Files\CyberLink
2009-01-04 21:10:49 ----D---- C:\Documents and Settings\Gustavo\Application Data\CyberLink
2009-01-04 21:05:32 ----D---- C:\Program Files\Common Files\LightScribe
2009-01-04 21:02:53 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-12-26 21:31:56 ----A---- C:\DVDPATH.TXT
2008-12-17 23:36:45 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 09:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-05 12:32:05 ----D---- C:\Program Files\Eudora7
2008-11-30 05:45:13 ----D---- C:\Program Files\NetMeeting
2008-11-21 01:21:30 ----D---- C:\WINDOWS\system32\wbem
2008-11-21 01:21:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-19 01:12:15 ----D---- C:\Program Files\Common Files\Logitech
2008-11-17 00:00:37 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 CLBStor;InstantBurn Storage Helper Driver; C:\WINDOWS\system32\drivers\CLBStor.sys [2007-06-04 16048]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-05-15 38576]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-02-01 80400]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\WINDOWS\system32\drivers\CLBUDF.sys [2007-06-04 162096]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-02-08 39264]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-17 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-17 500480]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-17 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-17 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-17 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2008-09-24 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-17 116224]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-03-05 1228296]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-02-01 334352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-05-15 118576]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]
S3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2006-08-17 340176]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-12 85969]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-04-11 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-04-11 79376]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-10 393088]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-16 230944]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 BMUService;AutoBackup; C:\Program Files\Memeo\AutoBackup\MemeoService.exe [2007-02-08 56344]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2006-06-23 276048]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-02-01 707128]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2007-05-06 94208]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-02-01 492888]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-02-01 677128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 WasayPMsv;WasayPMsv; C:\Wasay\ProMagic\wspmsv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-27 79136]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2006-05-25 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-05-15 1550896]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 14 February 2009 - 07:00 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 15 February 2009 - 02:54 AM

Eset log.txt:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3853 (20090214)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=db99b0e7a54cbb45b1f3349bf9816595
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-15 07:51:03
# local_time=2009-02-14 11:51:03 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=376537
# found=1
# scan_time=4833
C:\Documents and Settings\Gustavo\Local Settings\Temporary Internet Files\Content.IE5\8DAF0DEZ\count[1].htm JS/TrojanDownloader.Agent.NHJ trojan (unable to clean - deleted) 00000000000000000000000000000000

#11 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 15 February 2009 - 03:02 AM

No popups lately.

When we are done, I'd like to reinstall a good adware removal program. Also what are your thoughts on the anti-virus quality of Trend Micro Internet Security program? Basically I'd like to have an excellent adware program and anti-virus program. I know the malware experts here, yourself included, tend to recommend about six or so programs for each purpose with no stated preferences. Also, would like to know how safe, advisable, it might be to run a couple of each, like maybe AdAware and Spybot Search & Destroy for adware, and maybe Trend Micro and AVG. Never running them simultaneously, but would like to know which ones can be installed and safely run at different times.

I haven't tested an online game yet to see if the speed has improved to where it was before all this.

Thanks for your help so far!

Vern90

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 15 February 2009 - 03:51 AM

Hello.. First of all, you already have Trend Micro Internet Security which consist of antivirus and firewall.. That's good enough for me as long as you continuously keep it updated.. You also have Malwarebytes' that I highly recommend to everyone including to my family and friends..

I've seen malware in many logs consisting of users have each and every types of antivirus I can recommend on the net.. So, to me, the most important thing is to be safe on the net.. Avoid such cracksites, warez, keygens, pornsites, gambling sites... Avoid click at any advertisements, pop ups, banners, questionable things that unknown to you.. Avoid download software from unofficial sites and unknown source.. Avoid click on unknown emails..

While P2P program such as Limewire is legit and contains no malware, the files downloaded from them might contains unknown malware that even remote from us.. Which in easy words, P2P program is the main source of malware..


Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 vern90

vern90
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 15 February 2009 - 04:25 AM

Popups gone, but have been gone since about the 2nd set of cleaning stelps. After I turned off auto running of some processes things seem to be more like normal, although still a little slow so I'll do more reading of the "Help! My computer is slow!" link. As for malware seems to be gone.

Hmm, if I reinstall Spybot won't that slow my computer down a little? Thanks for the reminder about being safe in one's internet travels. I usually am careful, foregoing gaming websites, and I don't even visit the other types you mentioned. This all started with my dear lady friend clicking on a link inside of Face Book! Yeah, Face Book zapped my computer with malware!

So sounds like I'm good to go and reinstall Spybot right? And then you can close the topic.

Thank you very much!

Have a great day!

Vern90

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:06 AM

Posted 15 February 2009 - 06:47 AM

Yup.. you can reinstall Spybot if you wish :thumbup2:

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users