Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run "cmd" and "regedit"


  • This topic is locked This topic is locked
8 replies to this topic

#1 Muffolono

Muffolono

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 February 2009 - 03:46 PM

Good evening!

I started having some troubles with my computer yesterday, or at least I first noticed it yesterday. My trouble is that I can't run "cmd" or "regedit", doing that simply crashes windows explorer. I have no trouble executing other programs. At the same time I started getting redirected to all kinds of ad-sites when clicking on search result links in google. The redirects appears to have stopped now, after cleaning out my system with AVG, Avira, Spybot S&D and Ad-Aware. The other problems remain however.

I read through the instructions on this forum and downloaded DDS, but was unable to get it to run. A black window flashes for a split second and then disappears when I try to run it. Instead I downloaded and ran RSIT, the log is posted below.

I would appreciate if you could help me out, thanks in advance!


Logfile of random's system information tool 1.05 (written by random/random)
Run by Mufflon at 2009-02-21 21:14:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (4%) free of 238 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:57, on 2009-02-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\LOGI_MWX.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Personal\bin\Personal.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Mufflon\Desktop\RSIT.exe
C:\Program Files\HijackThis\Mufflon.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: //127.0.0.1 adwords.google.com
O1 - Hosts: //127.0.0.1 google-analytics.com
O1 - Hosts: //127.0.0.1 google-counter.com
O1 - Hosts: //127.0.0.1 imageads.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads1.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads2.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads3.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads4.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads5.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads6.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads7.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads8.googleadservices.com
O1 - Hosts: //127.0.0.1 imageads9.googleadservices.com
O1 - Hosts: //127.0.0.1 myspace.com
O1 - Hosts: //127.0.0.1 paypal.112.2o7.net
O1 - Hosts: //127.0.0.1 paypalssl.doubleclick.net
O1 - Hosts: //127.0.0.1 sendspace.com
O1 - Hosts: //127.0.0.1 ssl.google-analytics.com
O1 - Hosts: //127.0.0.1 www.googleadservices.com
O1 - Hosts: //127.0.0.1 www.google-analytics.com
O1 - Hosts: //127.0.0.1 www.googlecaches.com
O1 - Hosts: //127.0.0.1 www.google-counter.com
O1 - Hosts: //127.0.0.1 www.myspace.com
O1 - Hosts: //127.0.0.1 www.sendspace.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10225 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-01 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-27 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"CTDVDDET"=C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"RCSystem"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-06-16 49152]
"VolPanel"=C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe [2005-07-11 122880]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2005-08-08 16384]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2005-08-08 18944]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"Logitech Utility"=C:\WINDOWS\LOGI_MWX.EXE [2003-12-17 19968]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-01 1601304]
"CameraFixer"=C:\WINDOWS\CameraFixer.exe [2006-06-02 20480]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2005-10-11 339968]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-02-21 509784]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-02-20 1410296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BankID säkerhetsprogram.lnk - C:\Program Files\Personal\bin\Personal.exe

C:\Documents and Settings\Mufflon\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-01 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Spel\Sid Meier's Civilization 4\Civilization4.exe"="D:\Spel\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"D:\Spel\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe"="D:\Spel\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"D:\Spel\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe"="D:\Spel\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"D:\Spel\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe"="D:\Spel\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"D:\Spel\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe"="D:\Spel\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe:*:Enabled:SWRepublicCommando"
"D:\Spel\soldat12\Soldat.exe"="D:\Spel\soldat12\Soldat.exe:*:Enabled:Soldat"
"D:\Spel\Soldat\Soldat.exe"="D:\Spel\Soldat\Soldat.exe:*:Enabled:Soldat"
"D:\Spel\World of Warcraft\WoW-1.12.0-enGB-downloader.exe"="D:\Spel\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\Mufflon\Desktop\MoviePlayer.exe"="C:\Documents and Settings\Mufflon\Desktop\MoviePlayer.exe:*:Enabled:MoviePlayer"
"D:\Spel\World of Warcraft\WoW-2.0.3-enGB-downloader.exe"="D:\Spel\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spel\World of Warcraft\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"="D:\Spel\World of Warcraft\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spel\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe"="D:\Spel\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spel\SWAT 4\ContentExpansion\System\Swat4X.exe"="D:\Spel\SWAT 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate"
"D:\Spel\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe"="D:\Spel\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server"
"D:\Spel\Call of Duty\CoDUOMP.exe"="D:\Spel\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP"
"D:\Spel\Quake2\quake2.exe"="D:\Spel\Quake2\quake2.exe:*:Enabled:quake2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Spel\Fallout Tactics\BOS.exe"="D:\Spel\Fallout Tactics\BOS.exe:*:Enabled:BOS"
"D:\Spel\WormsWorldParty\WormsWorldParty\wwp.exe"="D:\Spel\WormsWorldParty\WormsWorldParty\wwp.exe:*:Enabled:Worms World Party"
"D:\Spel\Supreme Commander\bin\SupremeCommander.exe"="D:\Spel\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"D:\Spel\GPGNet\GPG.Multiplayer.Client.exe"="D:\Spel\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander"
"D:\Spel\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe"="D:\Spel\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spel\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe"="D:\Spel\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spel\Dawn of War - Dark Crusade\DarkCrusade.exe"="D:\Spel\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"D:\Spel\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="D:\Spel\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Documents and Settings\Mufflon\Local Settings\Temp\ElectronicArts_Patcher_000.exe"="C:\Documents and Settings\Mufflon\Local Settings\Temp\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"D:\Spel\Command & Conquer 3\RetailExe\1.2\cnc3game.dat"="D:\Spel\Command & Conquer 3\RetailExe\1.2\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"D:\Spel\magic installation\Program\Manalink.exe"="D:\Spel\magic installation\Program\Manalink.exe:*:Enabled:manalink"
"D:\Spel\Magic the gathering\Program\Manalink.exe"="D:\Spel\Magic the gathering\Program\Manalink.exe:*:Enabled:manalink"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"D:\Spel\Lost Planet Extreme Condition\LostPlanetDx9.exe"="D:\Spel\Lost Planet Extreme Condition\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"D:\Spel\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"="D:\Spel\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"D:\Spel\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe"="D:\Spel\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"D:\Spel\Neverwinter Nights 2\nwn2main.exe"="D:\Spel\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\Spel\Neverwinter Nights 2\nwn2main_amdxp.exe"="D:\Spel\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\Spel\Neverwinter Nights 2\nwupdate.exe"="D:\Spel\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\Spel\Neverwinter Nights 2\nwn2server.exe"="D:\Spel\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"D:\Spel\Dawn of War - Soulstorm\Soulstorm.exe"="D:\Spel\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Spel\Call of Duty 4 - Modern Warfare\iw3mp.exe"="D:\Spel\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "
"D:\Spel\Company of Heroes\RelicCOH.exe"="D:\Spel\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"G:\Left4Dead\hl2.exe"="G:\Left4Dead\hl2.exe:*:Enabled:hl2"
"G:\Left4Dead\left4dead.exe"="G:\Left4Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Steam\steamapps\mufflonzor\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\mufflonzor\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe"="C:\Program Files\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe"="C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme"
"C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe"="C:\Program Files\Steam\steamapps\common\xcom apocalypse\dosbox.exe:*:Enabled:X-COM: Apocalypse"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac013ec2-61fc-11dc-9afa-0019db297750}]
shell\AutoRun\command - M:\LaunchU3.exe -a


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-02-21 21:14:48 ----D---- C:\rsit
2009-02-21 17:06:44 ----D---- C:\Program Files\Avira
2009-02-21 17:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-02-21 10:45:30 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-02-21 10:37:07 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-21 10:37:02 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-21 08:23:00 ----D---- C:\Program Files\HijackThis
2009-02-20 22:25:54 ----D---- C:\Program Files\CCleaner
2009-02-20 20:48:38 ----D---- C:\Program Files\Steam
2009-02-20 20:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-20 20:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-20 19:55:12 ----D---- C:\Program Files\backup steam
2009-02-19 19:34:33 ----D---- C:\WINDOWS\Prefetch
2009-02-19 19:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-19 19:31:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-19 19:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-19 19:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-02-19 19:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-19 19:31:11 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-19 19:23:34 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-19 19:16:08 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-11 22:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-01 12:07:46 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-02-01 12:07:06 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-02-01 12:07:06 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-02-01 12:07:06 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-02-01 12:07:05 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-02-01 12:07:05 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-02-01 12:07:04 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-01-27 20:17:30 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-27 20:17:30 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-27 20:17:30 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-27 20:17:29 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2009-02-21 20:51:39 ----D---- C:\Program Files\Mozilla Firefox
2009-02-21 20:49:03 ----D---- C:\WINDOWS
2009-02-21 20:48:50 ----D---- C:\WINDOWS\Temp
2009-02-21 20:48:14 ----D---- C:\WINDOWS\Registration
2009-02-21 20:45:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-21 17:06:47 ----D---- C:\WINDOWS\system32\drivers
2009-02-21 17:06:44 ----RD---- C:\Program Files
2009-02-21 17:00:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-21 16:52:30 ----AD---- C:\WINDOWS\system32
2009-02-21 11:08:29 ----D---- C:\Documents and Settings\Mufflon\Application Data\Azureus
2009-02-21 10:55:15 ----HD---- C:\WINDOWS\inf
2009-02-21 10:50:23 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-21 10:39:30 ----SD---- C:\WINDOWS\Tasks
2009-02-21 10:39:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-21 10:39:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-21 10:37:07 ----SHD---- C:\WINDOWS\Installer
2009-02-21 10:37:02 ----D---- C:\Program Files\Lavasoft
2009-02-21 10:36:58 ----D---- C:\WINDOWS\WinSxS
2009-02-21 09:07:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-20 23:12:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-20 23:10:16 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-20 21:47:23 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-02-20 20:47:13 ----D---- C:\WINDOWS\system32\DirectX
2009-02-20 20:46:47 ----RSD---- C:\WINDOWS\assembly
2009-02-20 20:31:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-20 20:31:15 ----A---- C:\WINDOWS\imsins.BAK
2009-02-20 11:16:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-19 23:32:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-19 23:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-19 19:39:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-19 19:39:26 ----D---- C:\Program Files\MSN Messenger
2009-02-19 19:36:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-19 19:34:39 ----A---- C:\WINDOWS\setuplog.txt
2009-02-19 19:33:54 ----D---- C:\WINDOWS\system32\Setup
2009-02-19 19:33:54 ----D---- C:\WINDOWS\AppPatch
2009-02-19 19:33:53 ----D---- C:\WINDOWS\system32\wbem
2009-02-19 19:33:52 ----RSD---- C:\WINDOWS\Fonts
2009-02-19 19:31:16 ----D---- C:\Program Files\Messenger
2009-02-19 19:30:58 ----D---- C:\WINDOWS\security
2009-02-19 19:26:45 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-19 19:26:45 ----D---- C:\WINDOWS\network diagnostic
2009-02-19 19:26:45 ----D---- C:\WINDOWS\ime
2009-02-19 19:26:44 ----D---- C:\WINDOWS\Help
2009-02-19 19:26:33 ----D---- C:\WINDOWS\system32\usmt
2009-02-19 19:26:33 ----D---- C:\WINDOWS\system32\en-us
2009-02-19 19:26:33 ----AD---- C:\WINDOWS\system32\oobe
2009-02-19 19:26:32 ----D---- C:\WINDOWS\system32\scripting
2009-02-19 19:26:32 ----D---- C:\WINDOWS\system32\en
2009-02-19 19:26:32 ----D---- C:\WINDOWS\l2schemas
2009-02-19 19:26:32 ----D---- C:\Program Files\Internet Explorer
2009-02-19 19:26:31 ----D---- C:\WINDOWS\system32\bits
2009-02-19 19:26:31 ----D---- C:\WINDOWS\PeerNet
2009-02-19 19:26:31 ----D---- C:\Program Files\Movie Maker
2009-02-19 19:23:21 ----D---- C:\WINDOWS\system32\Restore
2009-02-19 19:23:21 ----D---- C:\WINDOWS\system32\npp
2009-02-19 19:23:21 ----D---- C:\WINDOWS\mui
2009-02-19 19:23:19 ----D---- C:\WINDOWS\msagent
2009-02-19 19:23:17 ----D---- C:\WINDOWS\srchasst
2009-02-19 19:23:14 ----D---- C:\Program Files\NetMeeting
2009-02-19 19:23:12 ----D---- C:\WINDOWS\system32\Com
2009-02-19 19:23:09 ----D---- C:\Program Files\Windows NT
2009-02-19 19:23:09 ----D---- C:\Program Files\Outlook Express
2009-02-19 19:23:04 ----D---- C:\Program Files\Common Files\System
2009-02-19 19:22:37 ----D---- C:\WINDOWS\system
2009-02-19 19:16:07 ----D---- C:\WINDOWS\ehome
2009-02-19 18:29:42 ----D---- C:\Documents and Settings\Mufflon\Application Data\Skype
2009-02-19 18:28:23 ----D---- C:\Documents and Settings\Mufflon\Application Data\skypePM
2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-03 12:11:53 ----HD---- C:\$AVG8.VAULT$
2009-02-01 12:07:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-01 09:53:50 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-01 09:53:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-01 09:32:18 ----D---- C:\Documents and Settings\Mufflon\Application Data\U3
2009-01-27 20:17:04 ----D---- C:\Program Files\Java
2009-01-27 07:23:26 ----D---- C:\Program Files\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-01 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-01 27656]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-08-08 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-08-08 439424]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-08-08 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-08-08 142848]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-08-08 77824]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-02-23 1118208]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-08-08 114688]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 a4n366sf;a4n366sf; C:\WINDOWS\system32\drivers\a4n366sf.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-29 25280]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P1120VID;Creative WebCam NX Ultra; C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 1252474]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 snpstd;TD998; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-11-18 390656]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264]
R2 Bonjour Service;Bonjour-tjänst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-27 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-21 950096]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-14 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-20 202040]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-08-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Muffolono

Muffolono
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 February 2009 - 04:04 PM

I spoke too soon, the google redirects are still very much in effect :/

#3 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:04:57 AM

Posted 24 February 2009 - 08:57 AM

Hello Muffolono,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.


You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm.

  • Download GMER from here:
    http://www.gmer.net/files.php

    Unzip it to the desktop.

    Rename GMER.exe to G-mir.exe.
    Open the program and click on the Rootkit tab.
    Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
    Click on Scan.
    When the scan has run click Copy and paste the results (if any) into this thread.
Please post back the result of GMER.

With Regards,
mas_pogi

#4 Muffolono

Muffolono
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 24 February 2009 - 02:34 PM

Thank you for your fast reply mas_pogi!

I downloaded and ran GMER as instructed, log is posted below.

The google search redirects are still active like I mentioned. I have managed to circumvent the regedit block by renaming the .exe file, but I have not modified anything in the register.

I noticed that some of the feedback in the GMER log under "Kernel code sections" is in swedish because of the swedish settings on my computer. The first one (sptd.sys) says that the file can't be accessed because it's being used by another program, the other one (atxx6fqf.sys) says that the file path can't be found.


EDIT: After running GMER it appears that the lockup of regedit and cmd has been removed. I also have not suffered any google redirects since the scan, but I can not yet say for sure that they are completely gone. Could this have been enough to clean out the malware completely?



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-24 20:18:15
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT BAE9025C ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xBA6D684C]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6D6BEC]
SSDT sptd.sys ZwOpenKey [0xBA6D1090]
SSDT BAE90248 ZwOpenProcess
SSDT BAE9024D ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xBA6D6CC4]
SSDT sptd.sys ZwQueryValueKey [0xBA6D6B44]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918C10]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB2A67F20]
SSDT BAE90252 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys Det går inte att komma åt filen eftersom den
används av en annan process.
.text USBPORT.SYS!DllUnload B92F38AC 5 Bytes JMP 8A77D1B8
? System32\Drivers\atxx6fqf.SYS Det går inte att hitta sökvägen. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\ehome\ehtray.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\ehome\ehtray.exe[296] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\ehome\ehtray.exe[296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\ehome\ehtray.exe[296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\ehome\ehtray.exe[296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\ehome\ehtray.exe[296] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1001301C
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[372] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10012F90
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[372] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10012ACC
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[372] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100123FC
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[372] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10012380
.text C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe[372] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10012F44
.text C:\WINDOWS\CTHELPER.EXE[400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\CTHELPER.EXE[400] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\CTHELPER.EXE[400] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\CTHELPER.EXE[400] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\CTHELPER.EXE[400] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\CTHELPER.EXE[400] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\CTXFIHLP.EXE[408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\CTXFIHLP.EXE[408] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\CTXFIHLP.EXE[408] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\CTXFIHLP.EXE[408] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\CTXFIHLP.EXE[408] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\CTXFIHLP.EXE[408] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\wbem\unsecapp.exe[540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[540] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\wbem\unsecapp.exe[540] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[540] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[540] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\wbem\unsecapp.exe[540] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[548] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[548] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[548] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[548] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[548] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[560] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[560] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[560] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[560] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\SYSTEM32\CTXFISPI.EXE[560] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\Program Files\iTunes\iTunesHelper.exe[636] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1001301C
.text C:\Program Files\iTunes\iTunesHelper.exe[636] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10012F90
.text C:\Program Files\iTunes\iTunesHelper.exe[636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10012ACC
.text C:\Program Files\iTunes\iTunesHelper.exe[636] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100123FC
.text C:\Program Files\iTunes\iTunesHelper.exe[636] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012380
.text C:\Program Files\iTunes\iTunesHelper.exe[636] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10012F44
.text C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\ctfmon.exe[688] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\ctfmon.exe[688] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\ctfmon.exe[688] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\ctfmon.exe[688] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\ctfmon.exe[688] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1002301C
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[700] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10022F90
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[700] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10022ACC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[700] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100223FC
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[700] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10022380
.text C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe[700] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10022F44
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\winlogon.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\winlogon.exe[748] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\winlogon.exe[748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\winlogon.exe[748] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\winlogon.exe[748] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\winlogon.exe[748] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\lsass.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\lsass.exe[804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\svchost.exe[996] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\svchost.exe[1068] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\svchost.exe[1068] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\svchost.exe[1068] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\svchost.exe[1068] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\svchost.exe[1068] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\System32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\System32\svchost.exe[1168] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\System32\svchost.exe[1168] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\System32\svchost.exe[1168] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\System32\svchost.exe[1168] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\System32\svchost.exe[1168] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1006301C
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1204] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10062F90
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10062ACC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100623FC
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10062380
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10062F44
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\svchost.exe[1340] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1004301C
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10042F90
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10042ACC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1388] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100423FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1388] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10042380
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1388] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10042F44
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1632] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\spoolsv.exe[1640] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\spoolsv.exe[1640] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\spoolsv.exe[1640] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\spoolsv.exe[1640] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\spoolsv.exe[1640] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\spoolsv.exe[1640] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1001301C
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1704] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10012F90
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1704] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10012ACC
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1704] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100123FC
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1704] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012380
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1704] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10012F44
.text C:\WINDOWS\eHome\ehRecvr.exe[2076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\eHome\ehRecvr.exe[2076] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\eHome\ehRecvr.exe[2076] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\eHome\ehRecvr.exe[2076] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\eHome\ehRecvr.exe[2076] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\eHome\ehRecvr.exe[2076] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\eHome\ehSched.exe[2220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\eHome\ehSched.exe[2220] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\eHome\ehSched.exe[2220] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\eHome\ehSched.exe[2220] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\eHome\ehSched.exe[2220] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\eHome\ehSched.exe[2220] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\dllhost.exe[2296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\dllhost.exe[2296] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\dllhost.exe[2296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\dllhost.exe[2296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\dllhost.exe[2296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\dllhost.exe[2296] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\System32\alg.exe[2596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\System32\alg.exe[2596] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\System32\alg.exe[2596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\System32\alg.exe[2596] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\System32\alg.exe[2596] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\System32\alg.exe[2596] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\nvsvc32.exe[2816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10D2301C
.text C:\WINDOWS\system32\nvsvc32.exe[2816] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10D22F90
.text C:\WINDOWS\system32\nvsvc32.exe[2816] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10D22ACC
.text C:\WINDOWS\system32\nvsvc32.exe[2816] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10D223FC
.text C:\WINDOWS\system32\nvsvc32.exe[2816] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10D22380
.text C:\WINDOWS\system32\nvsvc32.exe[2816] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10D22F44
.text C:\WINDOWS\system32\svchost.exe[3132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\svchost.exe[3132] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\svchost.exe[3132] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\svchost.exe[3132] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\svchost.exe[3132] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\svchost.exe[3132] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\WINDOWS\system32\svchost.exe[3160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\WINDOWS\system32\svchost.exe[3160] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\WINDOWS\system32\svchost.exe[3160] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\WINDOWS\system32\svchost.exe[3160] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\WINDOWS\system32\svchost.exe[3160] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\WINDOWS\system32\svchost.exe[3160] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[3196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 1000301C
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[3196] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10002F90
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[3196] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002ACC
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[3196] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100023FC
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[3196] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002380
.text C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe[3196] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002F44

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6D1ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6D1C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6D1B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6D272E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6D2604] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8AA4A1D8
Device \FileSystem\Udfs \UdfsCdRom 8A5871D8
Device \FileSystem\Udfs \UdfsDisk 8A5871D8
Device \Driver\usbuhci \Device\USBPDO-0 8A80C1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A9DD1D8
Device \Driver\dmio \Device\DmControl\DmConfig 8A9DD1D8
Device \Driver\dmio \Device\DmControl\DmPnP 8A9DD1D8
Device \Driver\dmio \Device\DmControl\DmInfo 8A9DD1D8
Device \Driver\usbuhci \Device\USBPDO-1 8A80C1D8
Device \Driver\usbuhci \Device\USBPDO-2 8A80C1D8
Device \Driver\usbuhci \Device\USBPDO-3 8A80C1D8
Device \Driver\usbehci \Device\USBPDO-4 8A7AD7A0

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8AA4C1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AA4C1D8
Device \Driver\Cdrom \Device\CdRom0 8A823980
Device \Driver\Cdrom \Device\CdRom1 8A823980
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9834037-28AA-404B-87B2-0671D98C78F8} 8973B1D8
Device \Driver\Cdrom \Device\CdRom2 8A823980
Device \Driver\NetBT \Device\NetBt_Wins_Export 8973B1D8
Device \Driver\usbstor \Device\00000085 8A20E5C0
Device \Driver\NetBT \Device\NetbiosSmb 8973B1D8
Device \Driver\00000044 \Device\0000004e sptd.sys
Device \Driver\usbstor \Device\00000089 8A20E5C0
Device \Driver\usbuhci \Device\USBFDO-0 8A80C1D8
Device \Driver\usbuhci \Device\USBFDO-1 8A80C1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88AB15C0
Device \Driver\usbuhci \Device\USBFDO-2 8A80C1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88AB15C0
Device \Driver\usbuhci \Device\USBFDO-3 8A80C1D8
Device \Driver\Ftdisk \Device\FtControl 8AA4C1D8
Device \Driver\usbehci \Device\USBFDO-4 8A7AD7A0
Device \Driver\usbstor \Device\0000008a 8A20E5C0
Device \Driver\usbstor \Device\0000008b 8A20E5C0
Device \Driver\usbstor \Device\0000008c 8A20E5C0
Device \Driver\atxx6fqf \Device\Scsi\atxx6fqf1Port4Path0Target0Lun0 8A7435F8
Device \Driver\atxx6fqf \Device\Scsi\atxx6fqf1 8A7435F8
Device \Driver\usbstor \Device\0000008d 8A20E5C0
Device \FileSystem\Cdfs \Cdfs 8A566648

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -374313779
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -11800649
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x94 0xD2 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0xB6 0xF1 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x02 0xA4 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAE 0x24 0x12 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x94 0xD2 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0xB6 0xF1 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5C 0x4D 0x4A 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAE 0x24 0x12 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x94 0xD2 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0xB6 0xF1 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9B 0xE8 0x2E 0x6D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAE 0x24 0x12 0x15 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFD 0x94 0xD2 0x20 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x26 0xB6 0xF1 0x34 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x94 0x02 0xA4 0xEE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAE 0x24 0x12 0x15 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x95 0x28 0x42 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x95 0x28 0x42 0xA3 ...

---- EOF - GMER 1.0.14 ----

Edited by Muffolono, 24 February 2009 - 02:54 PM.


#5 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:04:57 AM

Posted 25 February 2009 - 07:57 AM

hi.


Could you also post the C:\rsit\info.txt ?

Thanks.


Mark

#6 Muffolono

Muffolono
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 25 February 2009 - 12:58 PM

Of course, here is the RSIT info.txt from the previous scan. Do you want me to run a new scan and post logs?





info.txt logfile of random's system information tool 1.05 2009-02-21 21:15:01

======Uninstall list======

-->"C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{25E6EB3A-F696-41AB-96B6-D76ECE6446BF}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-041D-1E257A25E34D}
Adobe Reader 7.0.9 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BankID säkerhetsprogram 4.9.3-->"C:\Program Files\Personal\bin\persinst.exe" -u
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty® 4 - Modern Warfare™ 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe

-runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch-->C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe

-runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe

-runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-

8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe

-runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe

-runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -

runfromtemp -l0x0409
Call of Duty-->D:\Spel\CALLOF~1\Uninstall\Unwise.exe /u D:\Spel\CALLOF~1\Uninstall\Install.log
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative WebCam NX Ultra Driver (1.01.03.0112)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1120.uns -unsext NT -plugin P1120Pin.dll -pluginres

P1120Pin.crl
Dawn of War - Soulstorm-->"C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -

removeonly
DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hamachi 1.0.2.3-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic V Collector Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin-->D:\Spel\HITMAN~1\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hpHosts-->"C:\Program Files\hpHosts\unins000.exe"
ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe"
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Jade Empire-->C:\WINDOWS\Uninstall Jade Empire.exe
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Laser Squad Nemesis-->d:\spel\Laser Squad Nemesis\Uninstal.exe
Lexmark Software Uninstall-->C:\Program Files\Lexmark_HostCD\Install\x86\Uninstall.exe
Localization Pack for Microsoft Windows XP Media Center Edition-->MsiExec.exe /I{63763322-37B7-4C75-8460-4A9483B5B056}
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Magic: The Gathering-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{5feb62ab-79bd-4455-b094-67652f4149c0}.sdb"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe"

"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Swedish Language Pack-->MsiExec.exe /X{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Application Compatibility Toolkit 5.0-->MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112041D-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{8BA42EAE-19AD-4bf2-88C0-0232B1FBFDE2}
MINITAB Release 14-->MsiExec.exe /I{9BC2391F-FBCA-4F06-8E6C-FB1BB119A9EF}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Parkan II-->"D:\spel\Parkan II\unins000.exe"
Puzzle Quest Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{3559ACB0-5606-48C1-80C3-A837B4BB5F54}\Setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Warlords-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program

Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Soldat 1.3.1-->d:\spel\Soldat\unins000.exe
Soldat 1.3.1-->D:\Spel\Soldat\unins001.exe
Sound Blaster X-Fi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield

Installation Information\{0D994CC5-819F-4657-84DD-397B8FE1EA80}\Setup.exe" -l0x9
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SWAT 4 - The Stetchkov Syndicate-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{97E12F84-C033-4DA2-97D2-F540C3E292EA} uninstall
SWAT 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TD998-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x1d
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tom Clancy's Rainbow Six Vegas-->C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -

l0x0009 -removeonly
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
X10 Hardware™-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

=====HijackThis Backups=====

O21 - SSODL: system32 - {D1F7E5A1-96D8-489C-8B3C-CD266624FB7D} - sysprinters.dll (file missing)

======Hosts File======

127.0.0.1 localhost
127.0.0.1 0.start.bz
127.0.0.1 005.free-counter.co.uk
127.0.0.1 006.free-counter.co.uk
127.0.0.1 007.free-counter.co.uk
127.0.0.1 007guard.com
127.0.0.1 008.free-counter.co.uk
127.0.0.1 00fun.com
127.0.0.1 00hq.com
127.0.0.1 00inkjets.com

======Security center information======

AV: AVG Anti-Virus Free
AV: Avira AntiVir PersonalEdition

System event log

Computer Name: MUFFLON
Event Code: 7036
Message: Tjänsten Fax ändrade tillstånd till stoppad.

Record Number: 22156
Source Name: Service Control Manager
Time Written: 20090215204703.000000+060
Event Type: information
User:

Computer Name: MUFFLON
Event Code: 7035
Message: Tjänsten Fax tog emot en stoppa-kontroll.

Record Number: 22155
Source Name: Service Control Manager
Time Written: 20090215204703.000000+060
Event Type: information
User: NT INSTANS\SYSTEM

Computer Name: MUFFLON
Event Code: 7000
Message: Tjänsten Upload Manager kunde inte startas på grund av följande fel:
Kontot som angivits för den här tjänsten skiljer sig från kontot som angivits för andra tjänster som körs i samma process.


Record Number: 22154
Source Name: Service Control Manager
Time Written: 20090215204703.000000+060
Event Type: Fel
User:

Computer Name: MUFFLON
Event Code: 6005
Message: Tjänsten EventLog startades.

Record Number: 22153
Source Name: EventLog
Time Written: 20090215204617.000000+060
Event Type: information
User:

Computer Name: MUFFLON
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 22152
Source Name: EventLog
Time Written: 20090215204617.000000+060
Event Type: information
User:

Application event log

Computer Name: MUFFLON
Event Code: 701
Message: msnmsgr (3828) Den fullständiga onlinedefragmenteringen av databasen \\.\C:\Documents and Settings\Mufflon\Local Settings\Application

Data\Microsoft\Messenger\charta82@hotmail.com\SharingMetadata\Working\database_A4EC_58D1_EC58_9EFC\dfsr.db har slutförts.

Record Number: 13868
Source Name: ESENT
Time Written: 20090111120016.000000+060
Event Type: information
User:

Computer Name: MUFFLON
Event Code: 700
Message: msnmsgr (3828) En fullständig onlinedefragmentering av databasen \\.\C:\Documents and Settings\Mufflon\Local Settings\Application

Data\Microsoft\Messenger\charta82@hotmail.com\SharingMetadata\Working\database_A4EC_58D1_EC58_9EFC\dfsr.db har påbörjats.

Record Number: 13867
Source Name: ESENT
Time Written: 20090111120016.000000+060
Event Type: information
User:

Computer Name: MUFFLON
Event Code: 701
Message: msnmsgr (3828) Den fullständiga onlinedefragmenteringen av databasen \\.\C:\Documents and Settings\Mufflon\Local Settings\Application

Data\Microsoft\Messenger\charta82@hotmail.com\SharingMetadata\Working\database_A4EC_58D1_EC58_9EFC\dfsr.db har slutförts.

Record Number: 13866
Source Name: ESENT
Time Written: 20090111110016.000000+060
Event Type: information
User:

Computer Name: MUFFLON
Event Code: 700
Message: msnmsgr (3828) En fullständig onlinedefragmentering av databasen \\.\C:\Documents and Settings\Mufflon\Local Settings\Application

Data\Microsoft\Messenger\charta82@hotmail.com\SharingMetadata\Working\database_A4EC_58D1_EC58_9EFC\dfsr.db har påbörjats.

Record Number: 13865
Source Name: ESENT
Time Written: 20090111110016.000000+060
Event Type: information
User:

Computer Name: MUFFLON
Event Code: 701
Message: msnmsgr (3828) Den fullständiga onlinedefragmenteringen av databasen \\.\C:\Documents and Settings\Mufflon\Local Settings\Application

Data\Microsoft\Messenger\charta82@hotmail.com\SharingMetadata\Working\database_A4EC_58D1_EC58_9EFC\dfsr.db har slutförts.

Record Number: 13864
Source Name: ESENT
Time Written: 20090111100016.000000+060
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:04:57 AM

Posted 02 March 2009 - 04:34 PM

hi.

Sorry for the big delay :thumbup2: Forum is just so busy.

I need to bring this to your attention before we proceed.
Your system has a little space left
System drive C: has 8 GB (4%) free of 238 GB

You need to free up some. You can transfer them to DVD or to portable harddrive. You system might crash because it need some
of the space for pagefile, etc.

Try this one one, it might free some of your space

Go to Start, My Computer
Right-click on the hard-drive letter for the system, (usually C: )
Click Properties
Look at what it reports for Free Space.
The partition with the system needs at least 15% Free Space, or it will bog down and run very slowly, even crash

Go to Start, My Computer
Right-click on the hard-drive letter for the system, (usually C: )
Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
If it asks whether to apply to all files and folders, answer Yes.
You may have to wait while it resets the file attributes.
----------------------------------------------------------
Reboot the machine.
----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Uncheck Only delete files in Windows Temp folders older than 48 hours.
* Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
* Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------
Reset Options in CCleaner for Regular Use.
Open CCleaner if it's not already running.

* Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. Then under Internet Explorer, Uncheck "History". In the Advanced section, have a check only on Old PreFetch Data.
* Click on the Options block on the left. Select Advanced.
Check Only delete files in Windows Temp folders older than 48 hours.
* Set CCleaner to Run When Computer Starts. Click on the Options block on the left, then choose Settings. Check Run Ccleaner when computer starts.




We will fix some registry entries and ran Online Antivirus scan to check your computer.
Please follow the instructions promptly;
  • Did you set the following in your host file?

    O1 - Hosts: //127.0.0.1 ssl.google-analytics.com
    O1 - Hosts: //127.0.0.1 www.googleadservices.com
    O1 - Hosts: //127.0.0.1 www.google-analytics.com
    O1 - Hosts: //127.0.0.1 www.googlecaches.com
    O1 - Hosts: //127.0.0.1 www.google-counter.com
    O1 - Hosts: //127.0.0.1 www.myspace.com
    O1 - Hosts: //127.0.0.1 www.sendspace.com
    ..............................................


  • Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe

  • Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes
      explorer.exe
      
      :Services
      a4n366sf
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
      "notification packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
      [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
      [-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
      [HKEY_CLASSES_ROOT\.scr]
      @="scrfile"
      [HKEY_CLASSES_ROOT\.scr\OpenWithList]
      [HKEY_CLASSES_ROOT\.scr\OpenWithList\devenv.exe]
      @=""
      [HKEY_CLASSES_ROOT\scrfile]
      @="Screen Saver"
      [HKEY_CLASSES_ROOT\scrfile\shell]
      [HKEY_CLASSES_ROOT\scrfile\shell\config]
      @="C&onfigure"
      [HKEY_CLASSES_ROOT\scrfile\shell\config\command]
      @="\"%1\""
      [HKEY_CLASSES_ROOT\scrfile\shell\install]
      @="&Install"
      [HKEY_CLASSES_ROOT\scrfile\shell\install\command]
      @="rundll32.exe desk.cpl,InstallScreenSaver %l"
      [HKEY_CLASSES_ROOT\scrfile\shell\open]
      @="T&est"
      [HKEY_CLASSES_ROOT\scrfile\shell\open\command]
      @="\"%1\" /S"
      [HKEY_CLASSES_ROOT\scrfile\shellex]
      [HKEY_CLASSES_ROOT\scrfile\shellex\DropHandler]
      @="{86C86720-42A0-1069-A2E8-08002B30309D}"
      
      :Commands
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
    • Run random's system information tool (RSIT) again from your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your reply, please post

Answer to my question
OTmoveit3 log
Kaspersky scan result
RSIT's log.txt and info.txt


Mark

#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:04:57 AM

Posted 05 March 2009 - 05:43 AM

hi.

Do you still need help?


Mark

#9 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:03:57 AM

Posted 07 March 2009 - 10:00 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users