Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slowdown - cause unknown


  • This topic is locked This topic is locked
32 replies to this topic

#1 Lonranger

Lonranger

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:26 PM

Posted 14 October 2009 - 12:50 PM

I have a AMD Athlon XP 3000+ running fully patched xp pro sp3 with 2 gb of ram.

No new programs installed.

Defrag done
chkdsk done
NOD32 scan done / all definitions up to date
spybot scan done / all definitions up to date
superantispyware scan done / all definitions up to date
registry scan and repair done
registry compacting done

I cannot seem to figure out what is causing the problems.

Any and all help would be appreciated.


HJT log included.


DDS log included

Repeal tool info included

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:11 PM, on October 13, 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
P:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
P:\program files\D4\D4.exe
P:\Program Files\ESET\ESET Smart Security\ekrn.exe
P:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
P:\program files\D4\D4.exe
P:\Program Files\Microsoft IntelliPoint\ipoint.exe
P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
P:\Program Files\ESET\ESET Smart Security\egui.exe
P:\Program Files\Java\jre6\bin\jusched.exe
p:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
P:\Program Files\System\CPL Bonus\timezone.exe
P:\program files\Spybot - Search & Destroy\TeaTimer.exe
P:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\BHODemon 2\BHODemon.exe
P:\program files\Secunia\PSI\psi.exe
P:\program files\tray_it\TrayIt!.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
P:\program files\Mozilla Firefox\firefox.exe
P:\Program Files\Windows Live\Messenger\usnsvc.exe
P:\program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plentyoffish.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - P:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - P:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Dimension4] P:\program files\D4\D4.exe
O4 - HKLM\..\Run: [IntelliPoint] "p:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] P:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [egui] "P:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [googletalk] P:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "P:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "P:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "P:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "P:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Timezone] "P:\Program Files\System\CPL Bonus\timezone.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "P:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] P:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "P:\program files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: ERUNT AutoBackup.lnk = P:\program files\ERUNT\AUTOBACK.EXE
O4 - Startup: Secunia PSI.lnk = P:\program files\Secunia\PSI\psi.exe
O4 - Startup: TrayIt!.lnk = P:\program files\tray_it\TrayIt!.exe
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201252361062
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - (no file)
O20 - Winlogon Notify: !SASWinLogon - P:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - P:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Dimension4 - Thinking Man Software - P:\program files\D4\D4.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - P:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - P:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - P:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - P:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - P:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - P:\program files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - P:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12518 bytes

==================================================================================

DDS (Ver_09-10-13.01) - NTFSx86
Run by Sam at 11:45:31.29 on Oct 14, 2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2047.1078 [GMT -6:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
P:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
P:\program files\D4\D4.exe
P:\Program Files\ESET\ESET Smart Security\ekrn.exe
P:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
P:\program files\D4\D4.exe
P:\Program Files\Microsoft IntelliPoint\ipoint.exe
P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
P:\Program Files\ESET\ESET Smart Security\egui.exe
P:\Program Files\Java\jre6\bin\jusched.exe
p:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
P:\Program Files\System\CPL Bonus\timezone.exe
P:\program files\Spybot - Search & Destroy\TeaTimer.exe
P:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\BHODemon 2\BHODemon.exe
P:\program files\Secunia\PSI\psi.exe
P:\program files\tray_it\TrayIt!.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
P:\Program Files\Windows Live\Messenger\usnsvc.exe
P:\program files\uTorrent\utorrent.exe
C:\WINDOWS\explorer.exe
P:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.plentyoffish.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - p:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - p:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - p:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [msnmsgr] "p:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Timezone] "p:\program files\system\cpl bonus\timezone.exe"
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [NVIDIA nTune] "p:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [SansaDispatch] c:\documents and settings\sam\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [TomTomHOME.exe] "p:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SpybotSD TeaTimer] p:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] p:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [uTorrent] "p:\program files\utorrent\uTorrent.exe"
mRun: [nForce Tray Options] sstray.exe /r
mRun: [Dimension4] p:\program files\d4\D4.exe
mRun: [IntelliPoint] "p:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TrueImageMonitor.exe] p:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] p:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [egui] "p:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [googletalk] p:\program files\google\google talk\googletalk.exe /autostart
mRun: [CloneCDTray] "p:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "p:\program files\java\jre6\bin\jusched.exe"
mRun: [SetDefPrt] p:\program files\brother\brmfl04b\BrStDvPt.exe
mRun: [ControlCenter2.0] p:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "p:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "p:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "p:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\bhodem~1.lnk - p:\program files\bhodemon 2\BHODemon.exe
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\erunta~1.lnk - p:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\secuni~1.lnk - p:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\trayit!.lnk - p:\program files\tray_it\TrayIt!.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - p:\program files\brother\brmfcmon\BrMfcWnd.exe
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - p:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201252361062
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - p:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - p:\program files\superantispyware\SASWINLO.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - p:\program files\qualcomm\eudora\datafolder\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - p:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\3fylspwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=1&hl=en
FF - component: c:\documents and settings\sam\application data\mozilla\firefox\profiles\3fylspwx.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - plugin: p:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: p:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: p:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.switch.threshold - 650000

============= SERVICES / DRIVERS ===============

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-1-7 116264]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2008-1-7 19240]
R1 SASDIFSV;SASDIFSV;p:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;p:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 ekrn;Eset Service;p:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-11-6 598856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;p:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 TomTomHOMEService;TomTomHOMEService;p:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]

=============== Created Last 30 ================

2009-10-13 22:59 <DIR> --d----- p:\program files\Trend Micro
2009-09-29 20:52 51,355 a------- c:\windows\system32\muzika.xm
2009-09-16 01:51 <DIR> --d----- p:\program files\MP3Gain
2009-09-16 01:51 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-16 01:51 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-16 01:50 <DIR> --d----- p:\program files\iPod
2009-09-16 01:50 <DIR> --d----- p:\program files\iTunes
2009-09-16 01:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 01:49 <DIR> --d----- p:\program files\Bonjour
2009-09-16 01:46 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-09-16 01:46 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-09-16 01:46 <DIR> --d----- c:\program files\common files\Apple
2009-09-15 08:36 <DIR> --d----- c:\docume~1\sam\applic~1\ShutdownAddin
2009-09-15 08:35 <DIR> --d----- c:\program files\common files\OutlookShutdown
2009-09-15 03:49 <DIR> --d----- p:\program files\VideoLAN
2009-09-15 03:13 77,824 a------- c:\windows\system32\xvid.ax

==================== Find3M ====================

2009-09-13 23:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-09-13 23:15 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-13 09:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 03:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 10:05 3,069,440 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 10:05 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 13:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2008-10-26 00:01 151 ac------ c:\documents and settings\sam\check.bat
2008-09-16 04:12 25,160 ac------ c:\docume~1\sam\applic~1\GDIPFONTCACHEV1.DAT
2008-06-10 12:39 92,064 ac------ c:\documents and settings\sam\mqdmmdm.sys
2008-06-10 12:39 79,328 ac------ c:\documents and settings\sam\mqdmserd.sys
2008-06-10 12:39 66,656 ac------ c:\documents and settings\sam\mqdmbus.sys
2008-06-10 12:39 25,600 ac------ c:\documents and settings\sam\usbsermptxp.sys
2008-06-10 12:39 22,768 ac------ c:\documents and settings\sam\usbsermpt.sys
2008-06-10 12:39 9,232 ac------ c:\documents and settings\sam\mqdmmdfl.sys
2008-06-10 12:39 6,208 ac------ c:\documents and settings\sam\mqdmcmnt.sys
2008-06-10 12:39 5,936 ac------ c:\documents and settings\sam\mqdmwhnt.sys
2008-06-10 12:39 4,048 ac------ c:\documents and settings\sam\mqdmcr.sys
2008-01-29 02:53 47,360 ac------ c:\docume~1\sam\applic~1\pcouffin.sys
2008-01-29 02:53 87,608 a------- c:\docume~1\sam\applic~1\ezpinst.exe
2005-08-23 17:18 774,144 ac------ p:\program files\RngInterstitial.dll

============= FINISH: 11:46:38.24 ===============



NOTE:
In trying to run root repeal I get esception errors so cannot complete or start the scan.

Hope you can help.

Lon

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 27 October 2009 - 03:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:26 PM

Posted 29 October 2009 - 03:35 PM

I am experiencing slowdown in my pc. Both in computing as well as bandwidth. Cannot seem to find out why. I have done aqll the scans using:

NOD32
Housecall
Spybot
Superantispyare
BHODemon
Malwarebytes
Spyware blaster


Cannot seem to find out why.

Here is the DDS log file

===============================================================================
DDS (Ver_09-10-13.01) - NTFSx86
Run by Sam at 14:29:10.28 on Oct 29, 2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2047.1004 [GMT -6:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
P:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
P:\program files\D4\D4.exe
P:\Program Files\ESET\ESET Smart Security\ekrn.exe
P:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
P:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
P:\program files\D4\D4.exe
P:\Program Files\Microsoft IntelliPoint\ipoint.exe
P:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
P:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\Program Files\Java\jre6\bin\jusched.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
P:\Program Files\iTunes\iTunesHelper.exe
P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
P:\Program Files\System\CPL Bonus\timezone.exe
p:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
P:\program files\Spybot - Search & Destroy\TeaTimer.exe
P:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\BHODemon 2\BHODemon.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
P:\program files\Secunia\PSI\psi.exe
P:\Program Files\iPod\bin\iPodService.exe
P:\program files\tray_it\TrayIt!.exe
P:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
P:\Program Files\Microsoft Streets & Trips 2009\StreetsOlkShim.exe
P:\program files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sam\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.plentyoffish.com/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - p:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - p:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - p:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - p:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [msnmsgr] "p:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Timezone] "p:\program files\system\cpl bonus\timezone.exe"
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [NVIDIA nTune] "p:\program files\nvidia corporation\ntune\nTuneCmd.exe" resetprofile
uRun: [SansaDispatch] c:\documents and settings\sam\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [TomTomHOME.exe] "p:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SpybotSD TeaTimer] p:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] p:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [nForce Tray Options] sstray.exe /r
mRun: [Dimension4] p:\program files\d4\D4.exe
mRun: [IntelliPoint] "p:\program files\microsoft intellipoint\ipoint.exe"
mRun: [TrueImageMonitor.exe] p:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] p:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [egui] "p:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [googletalk] p:\program files\google\google talk\googletalk.exe /autostart
mRun: [CloneCDTray] "p:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "p:\program files\java\jre6\bin\jusched.exe"
mRun: [SetDefPrt] p:\program files\brother\brmfl04b\BrStDvPt.exe
mRun: [ControlCenter2.0] p:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "p:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "p:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "p:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\bhodem~1.lnk - p:\program files\bhodemon 2\BHODemon.exe
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\erunta~1.lnk - p:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\secuni~1.lnk - p:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\sam\startm~1\programs\startup\trayit!.lnk - p:\program files\tray_it\TrayIt!.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - p:\program files\brother\brmfcmon\BrMfcWnd.exe
uPolicies-system: RunStartupScriptSync = 1 (0x1)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: E&xport to Microsoft Excel - p:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - p:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201252361062
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - p:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - p:\program files\superantispyware\SASWINLO.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - p:\program files\qualcomm\eudora\datafolder\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - p:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\3fylspwx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=1&hl=en
FF - component: c:\documents and settings\sam\application data\mozilla\firefox\profiles\3fylspwx.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}\components\mintray-9178506d-2005072516-trunk.dll
FF - plugin: c:\documents and settings\sam\application data\mozilla\firefox\profiles\3fylspwx.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: p:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: p:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: p:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - p:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.switch.threshold - 650000

============= SERVICES / DRIVERS ===============

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2008-1-7 116264]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2008-1-7 19240]
R1 SASDIFSV;SASDIFSV;p:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;p:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 ekrn;Eset Service;p:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-24 935208]
R2 TomTomHOMEService;TomTomHOMEService;p:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2008-11-6 598856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;p:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2006-2-28 14336]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys --> c:\windows\system32\drivers\npf.sys [?]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

=============== Created Last 30 ================

2009-10-13 22:59 <DIR> --d----- p:\program files\Trend Micro
2009-09-29 20:52 51,355 a------- c:\windows\system32\muzika.xm

==================== Find3M ====================

2009-09-24 23:37 667,136 a------- c:\windows\system32\wininet.dll
2009-09-24 23:37 667,136 -------- c:\windows\system32\dllcache\wininet.dll
2009-09-24 23:37 627,712 -------- c:\windows\system32\dllcache\urlmon.dll
2009-09-24 23:37 3,070,976 -------- c:\windows\system32\dllcache\mshtml.dll
2009-09-24 23:37 1,509,888 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-09-24 23:37 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-24 23:37 81,920 -------- c:\windows\system32\dllcache\ieencode.dll
2009-09-13 23:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2009-09-13 23:15 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-11 08:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 08:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 15:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 15:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-26 02:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 02:00 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-13 09:16 512,000 -------- c:\windows\system32\dllcache\jscript.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 03:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 09:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 08:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 08:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 08:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-26 00:01 151 ac------ c:\documents and settings\sam\check.bat
2008-09-16 04:12 25,160 ac------ c:\docume~1\sam\applic~1\GDIPFONTCACHEV1.DAT
2008-06-10 12:39 92,064 ac------ c:\documents and settings\sam\mqdmmdm.sys
2008-06-10 12:39 79,328 ac------ c:\documents and settings\sam\mqdmserd.sys
2008-06-10 12:39 66,656 ac------ c:\documents and settings\sam\mqdmbus.sys
2008-06-10 12:39 25,600 ac------ c:\documents and settings\sam\usbsermptxp.sys
2008-06-10 12:39 22,768 ac------ c:\documents and settings\sam\usbsermpt.sys
2008-06-10 12:39 9,232 ac------ c:\documents and settings\sam\mqdmmdfl.sys
2008-06-10 12:39 6,208 ac------ c:\documents and settings\sam\mqdmcmnt.sys
2008-06-10 12:39 5,936 ac------ c:\documents and settings\sam\mqdmwhnt.sys
2008-06-10 12:39 4,048 ac------ c:\documents and settings\sam\mqdmcr.sys
2008-01-29 02:53 47,360 ac------ c:\docume~1\sam\applic~1\pcouffin.sys
2008-01-29 02:53 87,608 a------- c:\docume~1\sam\applic~1\ezpinst.exe
2005-08-23 17:18 774,144 ac------ p:\program files\RngInterstitial.dll

============= FINISH: 14:30:22.10 ===============

HTH

Lonranger

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 29 October 2009 - 05:17 PM

Hello, Lonranger and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:26 PM

Posted 30 October 2009 - 11:19 PM

Hello Thomas:

Thank you for your attention to this matter. I know you guys are very busy and I appreciate all that you do.

As requested, here is the log file:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-30 15:33:46
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Sam\LOCALS~1\Temp\uxdyypob.sys


---- System - GMER 1.0.15 ----

SSDT spsi.sys ZwCreateKey [0xB7EAB0E0]
SSDT spsi.sys ZwEnumerateKey [0xB7EC8CA2]
SSDT spsi.sys ZwEnumerateValueKey [0xB7EC9030]
SSDT spsi.sys ZwOpenKey [0xB7EAB0C0]
SSDT spsi.sys ZwQueryKey [0xB7EC9108]
SSDT spsi.sys ZwQueryValueKey [0xB7EC8F88]
SSDT spsi.sys ZwSetValueKey [0xB7EC919A]
SSDT \??\P:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAA6DB0B0]

INT 0x62 ? 8A853BF8
INT 0x63 ? 8A303F00
INT 0x73 ? 8A856BF8
INT 0x82 ? 8A853BF8
INT 0x83 ? 8A303F00
INT 0xB4 ? 8A303F00

---- Kernel code sections - GMER 1.0.15 ----

? spsi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B6FBC8AC 5 Bytes JMP 8A3034E0
.text awq7y73e.SYS ACB9C384 1 Byte [20]
.text awq7y73e.SYS ACB9C384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text awq7y73e.SYS ACB9C3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text awq7y73e.SYS ACB9C3C4 3 Bytes [00, 00, 00]
.text awq7y73e.SYS ACB9C3C9 1 Byte [00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text P:\Program Files\ESET\ESET Smart Security\ekrn.exe[908] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[2036] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0008ED99 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EAC040] spsi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EAC13C] spsi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EAC0BE] spsi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EAC7FC] spsi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EAC6D2] spsi.sys
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\awq7y73e.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EBBD92] spsi.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8511F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 8A19D500

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\usbohci \Device\USBPDO-0 8A302500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7E81F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7E81F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7E81F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7E81F8
Device \Driver\usbohci \Device\USBPDO-1 8A302500
Device \Driver\usbehci \Device\USBPDO-2 8A301500

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8541F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8541F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Cdrom \Device\CdRom0 8A3141F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8541F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7DFFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7DFFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7DFFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7DFFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8541F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\Ftdisk \Device\HarddiskVolume5 8A8541F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\sptd \Device\145346642 spsi.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 89ACB1F8
Device \Driver\NetBT \Device\NetbiosSmb 89ACB1F8
Device \Driver\PCI_PNP5392 \Device\0000005c spsi.sys

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\usbohci \Device\USBFDO-0 8A302500
Device \Driver\usbohci \Device\USBFDO-1 8A302500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AAE1F8
Device \Driver\usbehci \Device\USBFDO-2 8A301500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AAE1F8
Device \Driver\Ftdisk \Device\FtControl 8A8541F8
Device \Driver\si3112r \Device\Scsi\si3112r1Port2Path0Target0Lun0 8A7E71F8
Device \Driver\si3112r \Device\Scsi\si3112r1 8A7E71F8
Device \Driver\awq7y73e \Device\Scsi\awq7y73e1 8A156500
Device \FileSystem\Fastfat \Fat 8A19D500

AttachedDevice \FileSystem\Fastfat \Fat 8A8521F8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89AAA1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9A 0xBB 0xFC 0xBB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\program files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3F 0x56 0x02 0xBD ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC7 0xA2 0x4E 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0xAC 0xA9 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\program files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0xF8 0x6D 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4B 0x13 0x08 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCC 0x51 0xD0 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2C 0x06 0x5B 0x7B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\program files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3F 0x56 0x02 0xBD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB6 0xEC 0x93 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x20 0xAC 0xA9 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\program files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x27 0xF8 0x6D 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4B 0x13 0x08 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCC 0x51 0xD0 0x7B ...

---- EOF - GMER 1.0.15 ----


In addition, I would like to advise that I will probably not be available to reply this weekend at all, as I will be working. I will check on Monday, and then I am leaving Tuesday for 7 days, so wont be able to reply at that time either. I hope that this is ok. I read your note and saw that you close after 5 days, but as noted, I will be without access to my pc for thqt time so will not be able to action anything.

Thanks again and look forward to your reply.

Lon

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 31 October 2009 - 10:26 AM

Hi,

No problem, if I should close this topic in rush ( :D ) just send me a pm and I will reopen it.


Step 1

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy




Step 2

Download and Run StartupLite


This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.





Step 3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Edited by schrauber, 31 October 2009 - 10:26 AM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 05 November 2009 - 12:27 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 17 November 2009 - 12:42 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:26 PM

Posted 17 November 2009 - 03:15 PM

Here are the logs that you requested. Hope that this helps.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sam at 2009-11-17 13:11:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (34%) free of 30 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:54 PM, on November 17, 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
P:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
P:\program files\D4\D4.exe
P:\Program Files\ESET\ESET Smart Security\ekrn.exe
P:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
P:\program files\D4\D4.exe
P:\Program Files\Microsoft IntelliPoint\ipoint.exe
P:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
P:\Program Files\ESET\ESET Smart Security\egui.exe
P:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\program files\Brother\ControlCenter2\brctrcen.exe
P:\Program Files\iTunes\iTunesHelper.exe
P:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
p:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
P:\Program Files\System\CPL Bonus\timezone.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
P:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
P:\program files\BHODemon 2\BHODemon.exe
C:\WINDOWS\System32\svchost.exe
P:\program files\Secunia\PSI\psi.exe
P:\program files\tray_it\TrayIt!.exe
P:\Program Files\iPod\bin\iPodService.exe
P:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Sam\Desktop\RSIT.exe
P:\program files\Trend Micro\HijackThis\Sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plentyoffish.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - P:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - P:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Dimension4] P:\program files\D4\D4.exe
O4 - HKLM\..\Run: [IntelliPoint] "p:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] P:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [egui] "P:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [googletalk] P:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CloneCDTray] "P:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "P:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "P:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Timezone] "P:\Program Files\System\CPL Bonus\timezone.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "P:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] P:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: ERUNT AutoBackup.lnk = P:\program files\ERUNT\AUTOBACK.EXE
O4 - Startup: Secunia PSI.lnk = P:\program files\Secunia\PSI\psi.exe
O4 - Startup: TrayIt!.lnk = P:\program files\tray_it\TrayIt!.exe
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1201252361062
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk/downloads/msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - (no file)
O20 - Winlogon Notify: !SASWinLogon - P:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - P:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Dimension4 - Thinking Man Software - P:\program files\D4\D4.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - P:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - P:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - P:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - P:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - P:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - P:\program files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - P:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 12351 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\WINDOWS\tasks\µTorrent.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - P:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - P:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - P:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"=sstray.exe /r []
"Dimension4"=P:\program files\D4\D4.exe [2004-02-04 200704]
"IntelliPoint"=p:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"TrueImageMonitor.exe"=P:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-04-09 2595792]
"AcronisTimounterMonitor"=P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-09-14 905056]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-09 136472]
"egui"=P:\Program Files\ESET\ESET Smart Security\egui.exe [2007-12-21 1443072]
"googletalk"=P:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"CloneCDTray"=P:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]
"SetDefPrt"=P:\program files\Brother\Brmfl04b\BrStDvPt.exe [2004-05-25 49152]
"ControlCenter2.0"=P:\program files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
"Malwarebytes Anti-Malware (reboot)"=P:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"iTunesHelper"=P:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"Adobe Reader Speed Launcher"=P:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Timezone"=P:\Program Files\System\CPL Bonus\timezone.exe [2004-10-19 712704]
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]
"NVIDIA nTune"=P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-08-18 106496]
"SansaDispatch"=C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [2009-05-13 79872]
"TomTomHOME.exe"=P:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]
"SUPERAntiSpyware"=P:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-29 1998576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2007-09-14 905056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
P:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
P:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-29 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
P:\program files\DAEMON Tools\daemon.exe [2008-02-13 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
P:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
P:\Program Files\Nero\Nero 7\InCD\InCD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2008-08-18 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
P:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2009-07-10 323584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Status Monitor.lnk - P:\program files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Documents and Settings\Sam\Start Menu\Programs\Startup
BHODemon 2.0.lnk - P:\program files\BHODemon 2\BHODemon.exe
ERUNT AutoBackup.lnk - P:\program files\ERUNT\AUTOBACK.EXE
Secunia PSI.lnk - P:\program files\Secunia\PSI\psi.exe
TrayIt!.lnk - P:\program files\tray_it\TrayIt!.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
P:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=P:\program files\Qualcomm\Eudora\datafolder\EuShlExt.dll [2004-08-27 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=P:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B1000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"P:\program files\MSN BackUp\MSNBackup.exe"="P:\program files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"P:\program files\D4\D4.exe"="P:\program files\D4\D4.exe:*:Enabled:Dimension 4"
"P:\program files\uTorrent\utorrent.exe"="P:\program files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"P:\program files\internet explorer\IEXPLORE.EXE"="P:\program files\internet explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"P:\program files\Insane\Game.exe"="P:\program files\Insane\Game.exe:*:Disabled:INSANE"
"P:\program files\Nesticle\NESTCL95.EXE"="P:\program files\Nesticle\NESTCL95.EXE:*:Disabled:NESTCL95"
"P:\program files\FileZilla FTP Client\filezilla.exe"="P:\program files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"P:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="P:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"P:\program files\GrabIt\GrabIt.exe"="P:\program files\GrabIt\GrabIt.exe:*:Enabled:GrabIt"
"P:\program files\Microsoft Office\Office12\OUTLOOK.EXE"="P:\program files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"P:\program files\Google\Google Talk\googletalk.exe"="P:\program files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"P:\program files\Bonjour\mDNSResponder.exe"="P:\program files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"P:\program files\iTunes\iTunes.exe"="P:\program files\iTunes\iTunes.exe:*:Enabled:iTunes"
"P:\program files\Windows Live\Messenger\wlcsdk.exe"="P:\program files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"P:\program files\Windows Live\Messenger\msnmsgr.exe"="P:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"P:\program files\Windows Live\Messenger\wlcsdk.exe"="P:\program files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"P:\program files\Windows Live\Messenger\msnmsgr.exe"="P:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af58c3a4-6437-11de-8dea-000ea670792f}]
shell\AutoRun\command - H:\InstallTomTomHOME.exe


======List of files/folders created in the last 1 months======

2009-11-17 13:11:38 ----D---- C:\rsit
2009-11-17 11:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-16 23:09:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-16 23:09:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-16 23:09:53 ----A---- C:\WINDOWS\system32\java.exe
2009-11-03 12:46:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-11-03 12:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-02 14:09:23 ----D---- P:\Program Files\Microsoft
2009-11-02 14:09:11 ----D---- P:\Program Files\Windows Live SkyDrive
2009-11-02 13:57:59 ----D---- C:\Program Files\Common Files\Windows Live
2009-10-30 08:49:57 ----D---- P:\Program Files\gmer
2009-10-28 23:42:24 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #2.txt
2009-10-28 18:02:24 ----D---- C:\Documents and Settings\Sam\Application Data\dvdcss

======List of files/folders modified in the last 1 months======

2009-11-17 13:11:45 ----D---- C:\WINDOWS\Prefetch
2009-11-17 13:11:39 ----D---- C:\WINDOWS\Temp
2009-11-17 13:10:48 ----AD---- C:\WINDOWS
2009-11-17 13:10:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-17 13:09:01 ----D---- C:\WINDOWS\system32\ias
2009-11-17 13:08:24 ----SD---- C:\WINDOWS\Tasks
2009-11-17 13:06:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 13:01:13 ----D---- P:\Program Files\Mozilla Firefox
2009-11-17 12:05:05 ----SHD---- C:\WINDOWS\Installer
2009-11-17 12:05:05 ----D---- C:\Config.Msi
2009-11-17 12:04:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-17 11:47:48 ----D---- C:\WINDOWS\system32
2009-11-17 11:38:44 ----HD---- C:\WINDOWS\inf
2009-11-17 11:38:34 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-17 11:31:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-17 03:58:05 ----D---- C:\Documents and Settings\Sam\Application Data\uTorrent
2009-11-17 03:19:56 ----D---- C:\Documents and Settings\Sam\Application Data\vlc
2009-11-17 02:18:22 ----D---- C:\Documents and Settings\Sam\Application Data\ShutdownAddin
2009-11-17 00:53:16 ----D---- P:\Program Files\Spybot - Search & Destroy
2009-11-16 23:09:49 ----D---- P:\Program Files\Java
2009-11-16 23:03:38 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-11-05 10:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-03 12:46:37 ----A---- C:\WINDOWS\imsins.BAK
2009-11-02 14:29:11 ----D---- P:\Program Files\Messenger Plus! Live
2009-11-02 14:11:55 ----D---- C:\WINDOWS\WinSxS
2009-11-02 14:09:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-02 14:08:37 ----D---- P:\Program Files\Windows Live
2009-11-02 13:53:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 00:08:00 ----D---- C:\Documents and Settings\Sam\Application Data\Vso
2009-10-27 22:45:26 ----D---- P:\Program Files\CloneDVD
2009-10-27 01:17:59 ----D---- C:\WINDOWS\Help
2009-10-27 01:00:32 ----D---- C:\WINDOWS\system32\config
2009-10-26 22:01:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-21 23:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-10-21 23:47:09 ----D---- P:\Program Files\NOS
2009-10-20 22:09:03 ----A---- C:\WINDOWS\ARCMENU.INI
2009-10-20 11:00:10 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-10-19 16:53:44 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2007-12-21 53768]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\P:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\P:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2007-12-21 71176]
R2 NVR0FLASHDev;NVR0FLASHDev; \??\C:\WINDOWS\nvflash.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-09-12 44384]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-06-11 51712]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-09 11648]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2007-12-21 30728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-08-12 36864]
R3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-08-12 311552]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 Pcatip;Pcatip; C:\WINDOWS\System32\DRIVERS\PcAtip.sys [2003-07-23 64000]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-29 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 SASENUM;SASENUM; \??\P:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 acp4np0d;acp4np0d; C:\WINDOWS\system32\drivers\acp4np0d.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Sam\LOCALS~1\Temp\catchme.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-04-02 86097]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-11-29 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-11-29 28432]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys []
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys []
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2009-01-29 23680]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2007-11-02 6400]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2003-06-06 70656]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-06-10 22768]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2008-05-09 25600]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-04-09 431384]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; P:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-03-19 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 Dimension4;Dimension4; P:\program files\D4\D4.exe [2004-02-04 200704]
R2 ekrn;Eset Service; P:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R2 JavaQuickStarterService;Java Quick Starter; P:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nTuneService;Performance Service; P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2008-08-18 155648]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
R2 TomTomHOMEService;TomTomHOMEService; P:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 UpdateCenterService;Update Center Service; P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe [2008-08-01 114688]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 iPod Service;iPod Service; P:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 gusvc;Google Software Updater; P:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S2 RichVideo;Cyberlink RichVideo Service(CRVS); P:\program files\CyberLink\Shared files\RichVideo.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; P:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2007-12-21 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-07 306432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-11-17 13:12:04

======Uninstall list======

-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"P:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "P:\program files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
arniWORX awxDTools - Daemon-Tools ShellExtension - 1.0.6.0-->"P:\Program Files\DAEMON Tools\unins000.exe"
Avanquest update-->"P:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AVIcodec (remove only)-->"P:\Program Files\AVIcodec\uninst.exe"
Belarc Advisor 7.2-->P:\PROGRA~1\Belarc\Advisor\Uninstall.exe P:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Best Gift-->"P:\Program Files\Best Gift\ReflexiveArcade\unins000.exe"
BlindWrite suite-->"P:\Program Files\vso\BlindWrite\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "P:\program files\InstallShield Installation Information\{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CCleaner (remove only)-->"P:\Program Files\CCleaner\uninst.exe"
Chainz-->"P:\Program Files\Chainz\unins000.exe"
CloneCD-->"P:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="P:\Program Files\SlySoft\CloneCD"
Collectorz.com Movie Collector-->P:\PROGRA~1\MOVIEC~1\UNWISE.EXE P:\PROGRA~1\MOVIEC~1\install.log
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conflict Desert Storm II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{08F0DDCB-05C1-4A0E-B9E7-9EE077A2EDAD}\Setup.exe" -l0x9
ConvertXtoDVD 3.4.8.123-->"P:\program files\vso\ConvertXtoDVD\3\unins000.exe"
Cool Edit 2000-->P:\Program Files\Cool2000\ce2Kunin.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DVD Decrypter (Remove Only)-->"P:\program files\DVD Decrypter\uninstall.exe"
DVDFab 6.0.1.0 (May 15, 2009)-->"P:\Program Files\DVDFab 6\unins000.exe"
dvdSanta 4.50-->"P:\Program Files\dvdSanta\unins001.exe"
EPSON Scan-->P:\Program Files\epson\escndv\setup\setup.exe /r
ERUNT 1.1j-->"P:\Program Files\ERUNT\unins000.exe"
ESET Smart Security-->MsiExec.exe /I{A1350B64-1AF8-497B-AC07-307DF67FB8D4}
EVEREST Ultimate Edition v4.60-->"P:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Fast Explorer 2008-->"P:\Program Files\Fast Explorer\uninstall.exe"
FileMenu Tools-->"P:\Program Files\LopeSoft\FileMenu Tools\unins000.exe"
FileZilla Client 3.2.4.1-->P:\Program Files\FileZilla FTP Client\uninstall.exe
Ford Racing 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "P:\Program Files\InstallShield Installation Information\{797E03F8-C8A0-47ED-AA9F-D7076276E491}\setup.exe"
Gem Shop-->P:\PROGRA~1\GAMEHO~1\GEMSHO~1\UNWISE.EXE /U P:\PROGRA~1\GAMEHO~1\GEMSHO~1\INSTALL.LOG
GiPo@MoveOnBoot 1.9.5-->MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
Google Talk (remove only)-->"P:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"P:\program files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GrabIt 1.7.2 Beta 4 (build 997)-->"P:\Program Files\GrabIt\unins000.exe"
HijackThis 2.0.2-->"P:\program files\Hijack This\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\Sam\Application Data\HouseCall 6.6\uninstaller.exe"
ImgBurn-->"P:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only)-->P:\program files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest-->"P:\Program Files\Jewel Quest\unins000.exe"
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Karen's Calculator-->P:\program files\Karen's Power Tools\Calculator\uninst.exe
Kaspersky Online Scanner-->C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kels' Vista CPL Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
K-Lite Mega Codec Pack 5.0.5-->"P:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Magic ISO Maker v5.5 (build 0272)-->P:\PROGRA~1\MagicISO\UNWISE.EXE P:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"P:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"P:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets & Trips 2009-->MsiExec.exe /I{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Driver Installation 3.8.0-->MsiExec.exe /I{221E5BB1-E4B5-485A-A74B-5D4D5BF21E62}
Motorola Phone Tools-->P:\program files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola Software Update-->MsiExec.exe /I{4B66BA95-9C4E-4C1C-BD01-E3A66113F0D5}
Mozilla Firefox (3.5.5)-->P:\program files\Mozilla Firefox\uninstall\helper.exe
MS. PAC-MAN_Quest for the Golden Maze-->C:\WINDOWS\IsUninst.exe -f"P:\Program Files\MS. PAC-MAN_Quest for the Golden Maze\Uninst.isu"
MSN BackUp 1.3.3-->P:\Program Files\MSN BackUp\uninst.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Performance-->"P:\program files\InstallShield Installation Information\{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA Performance-->MsiExec.exe /I{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}
NVIDIA System Monitor-->"P:\program files\InstallShield Installation Information\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA System Monitor-->MsiExec.exe /I{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}
NVIDIA System Update-->"P:\program files\InstallShield Installation Information\{6F69C969-2942-4E7B-B594-75B37664B8BA}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA System Update-->MsiExec.exe /I{6F69C969-2942-4E7B-B594-75B37664B8BA}
OrganizeMY Electronic Filing Cabinet For Dummies-->MsiExec.exe /X{4CCBE5F7-A82D-4D7E-969F-163B30565C77}
PC Pitstop Exterminate2 2.0-->"P:\Program Files\PCPitstop\Exterminate2\unins000.exe"
PhotoDVD 2.6.4-->"P:\Program Files\vso\PhotoDVD\unins000.exe"
PowerISO-->"P:\Program Files\PowerISO\uninstall.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:P:\program files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rainbow Web-->"P:\Program Files\Rainbow Web\ReflexiveArcade\unins000.exe"
Real Alternative 1.7.5-->"P:\Program Files\Real Alternative\unins000.exe"
RegScanner-->C:\WINDOWS\zipinst.exe /uninst "P:\Program Files\RegScanner\uninst1~.nsu"
Samsung Master-->P:\program files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\setup.exe -runfromtemp -l0x0009 -removeonly
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Secunia PSI-->"P:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shutdown Addin v1.16.6-->"C:\Program Files\Common Files\OutlookShutdown\unins000.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"P:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.2-->"P:\Program Files\SpywareBlaster\unins000.exe"
StuffPlug 3-->P:\Program Files\StuffPlug3\Uninstall.exe
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SWiSH Video2-->C:\WINDOWS\unvise32.exe P:\Program Files\SWiSH Video2\uninstal.log
SWiSHzone.com FLV Filter-->C:\WINDOWS\unvise32.exe P:\Program Files\SWiSHzone.com FLV Filter\uninstal.log
Taito Legends 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "P:\program files\InstallShield Installation Information\{7B1B3C8D-E692-474B-90D8-DC7BD2A63F3F}\setup.exe" -l0x9
TomTom HOME 2.7.2.1825-->P:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Traffic Jam Extreme-->"P:\Program Files\Traffic Jam Extreme\unins000.exe"
TTS Wrapper-->MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UnderCoverXP 1.21-->"P:\Program Files\UnderCoverXP\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Virtua Tennis 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "P:\program files\InstallShield Installation Information\{9B63540D-D942-4C38-B42E-A48AE0145970}\setup.exe" -l0x9 -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.2-->P:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"P:\Program Files\Winamp\UninstWA.exe"
Window Washer-->C:\WINDOWS\Unwash6.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Essentials-->P:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "P:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"P:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"P:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows PowerShell™ 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.2.2 final uninstall-->"P:\Program Files\Xvid\unins001.exe"
Zuma Deluxe 1.0-->P:\Program Files\Zuma\Zuma Deluxe\ZumaDeluxeUninstaller.exe "P:\Program Files\Zuma\Zuma Deluxe\Install.log"

======Hosts File======

0.0.0.0 rad.msn.com
127.0.0.1 ads.yieldmanager.com
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 www.babe.k-lined.com
127.0.0.1 www.did.i-used.cc
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 www.coolwebsearch.com
127.0.0.1 www.hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall

======System event log======

Computer Name: LONRANGER
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 26030
Source Name: Cdrom
Time Written: 20091009173447.000000-360
Event Type: error
User:

Computer Name: LONRANGER
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 26029
Source Name: Cdrom
Time Written: 20091009173446.000000-360
Event Type: error
User:

Computer Name: LONRANGER
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 26028
Source Name: Cdrom
Time Written: 20091009173446.000000-360
Event Type: error
User:

Computer Name: LONRANGER
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 26027
Source Name: Cdrom
Time Written: 20091009173446.000000-360
Event Type: error
User:

Computer Name: LONRANGER
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 26026
Source Name: Cdrom
Time Written: 20091009173445.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: LONRANGER
Event Code: 12001
Message:
Record Number: 26847
Source Name: usnjsvc
Time Written: 20091010234329.000000-360
Event Type:
User:

Computer Name: LONRANGER
Event Code: 1517
Message: Windows saved user LONRANGER\Sam registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 26828
Source Name: Userenv
Time Written: 20091010224718.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LONRANGER
Event Code: 12001
Message:
Record Number: 26704
Source Name: usnjsvc
Time Written: 20091008020925.000000-360
Event Type:
User:

Computer Name: LONRANGER
Event Code: 1517
Message: Windows saved user LONRANGER\Sam registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 26697
Source Name: Userenv
Time Written: 20091008020149.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LONRANGER
Event Code: 1000
Message: Faulting application outlook.exe, version 12.0.6504.5000, stamp 49e7f47e, faulting module olmapi32.dll, version 12.0.6504.5000, stamp 49e7f423, debug? 0, fault address 0x00051a61.

Record Number: 26677
Source Name: Microsoft Office 12
Time Written: 20091007003742.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;P:\Program Files\QuickTime\QTSystem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;P:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;P:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=P:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 17 November 2009 - 03:23 PM

Hi,


Please update your version of Malwarebytes, run a quick scan and post back with the content of the logfile.

How is your system running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:26 PM

Posted 17 November 2009 - 04:36 PM

Here is the copy of the logfile:

Malwarebytes' Anti-Malware 1.41
Database version: 3189
Windows 5.1.2600 Service Pack 3

November 17, 2009 2:25:59 PM
mbam-log-2009-11-17 (14-25-59).txt

Scan type: Full Scan (C:\|D:\|G:\|P:\|S:\|)
Objects scanned: 324327
Time elapsed: 52 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
G:\_toburn\_Utils\ie uninstall\ie8uninstall.exe (Trojan.MultiDropper) -> Not selected for removal.
P:\RECYCLER\S-1-5-21-1220945662-606747145-725345543-1003\Dp1.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
S:\utorrent\complete\cracks\Spyware Doctor Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
S:\utorrent\complete\Utilities\Cisco.Network.Magic.v5.0.8282-RES-patch-by-trzype\Patch.exe (Patch.NetworkMagic) -> Not selected for removal.



As you will notice there were two items not deleted. I was not totally sure of the ie8uninstall, but the network magic I know was a false positive.

The system is running a little quicker, but still not up to its former self.


Any other ideas?

Lon

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 18 November 2009 - 12:28 AM

Hi,


The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/ When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS. If you still need assistance please remove all cracked software from your system.








Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:07:26 PM

Posted 19 November 2009 - 03:05 AM

Here is the bitdefender report. It ran quite quickly, which really impressed me.

BitDefender QuickScan Beta v0.9.7.8
-----------------------------------

Scan date: Thu Nov 19 00:58:45 2009
Machine ID: B8D05FDD



No infection found.
---------------------


Processes
---------
<unsigned> Sansa Dispatcher 1596 C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
<unsigned> LightScribe Service 1324 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> Brother Popup Suspend service ( for R/M ) 820 C:\WINDOWS\system32\Brmfrmps.exe
<unsigned> NVIDIA Driver Helper Service, Version 185.85 1368 C:\WINDOWS\system32\nvsvc32.exe
<unsigned> NVIDIA nForce™ Taskbar Application 3212 C:\WINDOWS\system32\sstray.exe
<unsigned> BHODemon - Freeware BHO Detection Utility 4060 P:\program files\BHODemon 2\BHODemon.exe
<unsigned> Status Monitor (Local) 2684 P:\program files\Brother\Brmfcmon\BrMfcmon.exe
<unsigned> Status Monitor (Main) 3660 P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
<unsigned> ControlCenter2.0 Main Program 3364 P:\program files\Brother\ControlCenter2\brctrcen.exe
<unsigned> Dimension 4 844 P:\program files\D4\D4.exe
<unsigned> Dimension 4 3220 P:\program files\D4\D4.exe
<unsigned> Google Talk 3276 P:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> NVIDIA Performance Service 1576 P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
<unsigned> NVIDIA Update Center Service 668 P:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
<unsigned> System settings protector 4892 P:\program files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> SUPERAntiSpyware Application 2332 P:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<unsigned> Microsoft® Time Zone 3888 P:\Program Files\System\CPL Bonus\timezone.exe
<unsigned> TrayIt! Helper 3612 P:\program files\tray_it\TrayIt!.exe

<verified> TrueImageTryStartService.exe 520 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
<verified> Acronis Scheduler Helper 3256 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
<verified> Acronis Scheduler 2 756 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
<verified> Apple Mobile Device Service 768 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> ArcSoft Connect Service 744 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
<verified> Machine Debug Manager 1396 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
<verified> Nero BackItUp 1436 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
<verified> Window Washer Engine 880 C:\Program Files\Webroot\Washer\WasherSvc.exe
<verified> Window Washer Client Executable 3928 C:\Program Files\Webroot\Washer\wwDisp.exe
<verified> Windows Explorer 3272 C:\WINDOWS\explorer.exe
<verified> Windows Explorer 2284 C:\WINDOWS\Explorer.EXE
<verified> Application Layer Gateway Service 2532 C:\WINDOWS\System32\alg.exe
<verified> brss01a.exe 2044 C:\WINDOWS\system32\brss01a.exe
<verified> brsvc01a 2020 C:\WINDOWS\system32\brsvc01a.exe
<verified> Client Server Runtime Process 1124 C:\WINDOWS\system32\csrss.exe
<verified> LSA Shell (Export Version) 1204 C:\WINDOWS\system32\lsass.exe
<verified> Run a DLL as an App 3292 C:\WINDOWS\system32\RUNDLL32.EXE
<verified> Services and Controller app 1192 C:\WINDOWS\system32\services.exe
<verified> Windows NT Session Manager 992 C:\WINDOWS\System32\smss.exe
<verified> Spooler SubSystem App 2032 C:\WINDOWS\system32\spoolsv.exe
<verified> Generic Host Process for Win32 Services 1996 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 2512 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1948 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1740 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1660 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1624 C:\WINDOWS\System32\svchost.exe
<verified> Generic Host Process for Win32 Services 1500 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 1400 C:\WINDOWS\system32\svchost.exe
<verified> Generic Host Process for Win32 Services 648 C:\WINDOWS\system32\svchost.exe
<verified> WMI 2940 C:\WINDOWS\system32\wbem\wmiprvse.exe
<verified> Windows NT Logon Application 1148 C:\WINDOWS\system32\winlogon.exe
<verified> Monitor for Acronis True Image Backup Archive Expl 3248 P:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
<verified> Acronis True Image Monitor 3236 P:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
<verified> Bonjour Service 796 P:\Program Files\Bonjour\mDNSResponder.exe
<verified> Eset GUI 3264 P:\Program Files\ESET\ESET Smart Security\egui.exe
<verified> Eset Service 948 P:\Program Files\ESET\ESET Smart Security\ekrn.exe
<verified> iPodService Module (32-bit) 4088 P:\Program Files\iPod\bin\iPodService.exe
<verified> iTunesHelper Module 3444 P:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Quick Starter Service 1264 P:\Program Files\Java\jre6\bin\jqs.exe
<verified> Windows Messenger 4420 P:\Program Files\Messenger\msmsgs.exe
<verified> dpupdchk.exe 3420 P:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
<verified> IPoint.exe 3228 P:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified> Firefox 5696 P:\program files\Mozilla Firefox\firefox.exe
<verified> Secunia PSI 3300 P:\program files\Secunia\PSI\psi.exe
<verified> Windows Service for TomTom HOME 452 P:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
<verified> µTorrent 5400 P:\program files\uTorrent\uTorrent.exe
<verified> Windows Live Communications Platform 2372 P:\Program Files\Windows Live\Contacts\wlcomm.exe
<verified> Windows Live Messenger 3684 P:\Program Files\Windows Live\Messenger\MsnMsgr.Exe


Network activity
----------------
Process ekrn.exe (948) connected on port 39435 - 207.210.24.224
Process ekrn.exe (948) connected on port 30281 - 98.195.103.63
Process ekrn.exe (948) connected on port 443 (HTTP over SSL) - 74.125.155.106
Process ekrn.exe (948) connected on port 14549 - 24.85.242.43
Process ekrn.exe (948) connected on port 80 (HTTP) - 24.244.3.17
Process ekrn.exe (948) connected on port 18302 - 207.98.158.179
Process ekrn.exe (948) connected on port 443 (HTTP over SSL) - 74.125.53.18
Process ekrn.exe (948) connected on port 31042 - 24.216.176.246
Process ekrn.exe (948) connected on port 55555 - 75.75.63.121
Process ekrn.exe (948) connected on port 20777 - 82.75.72.149
Process ekrn.exe (948) connected on port 80 (HTTP) - 69.63.176.166
Process ekrn.exe (948) connected on port 31042 - 24.216.176.246
Process ekrn.exe (948) connected on port 80 (HTTP) - 69.63.186.30
Process ekrn.exe (948) connected on port 5222 (XMPP/Jabber) - 74.125.155.125
Process ekrn.exe (948) connected on port 80 (HTTP) - 24.244.3.17
Process ekrn.exe (948) connected on port 80 (HTTP) - 24.244.3.42
Process ekrn.exe (948) connected on port 65535 - 24.222.213.7
Process ekrn.exe (948) connected on port 1863 (MSN) - 65.54.189.131
Process ekrn.exe (948) connected on port 39816 - 98.235.158.146
Process uTorrent.exe (5400) connected on port 57562 - 68.2.154.249
Process uTorrent.exe (5400) connected on port 1637 - 91.153.187.249
Process uTorrent.exe (5400) connected on port 1612 - 90.196.132.21
Process uTorrent.exe (5400) connected on port 59619 - 24.216.176.246
Process uTorrent.exe (5400) connected on port 62716 - 207.210.24.224
Process uTorrent.exe (5400) connected on port 53424 - 65.78.105.189
Process uTorrent.exe (5400) connected on port 1607 - 72.150.219.42
Process uTorrent.exe (5400) connected on port 2923 - 207.98.158.179
Process uTorrent.exe (5400) connected on port 60113 - 74.39.169.207
Process uTorrent.exe (5400) connected on port 60401 - 74.39.169.207
Process uTorrent.exe (5400) connected on port 2915 - 189.171.41.147
Process uTorrent.exe (5400) connected on port 55162 - 24.117.150.240
Process uTorrent.exe (5400) connected on port 1530 - 67.53.188.162
Process uTorrent.exe (5400) connected on port 1671 - 24.96.37.171
Process uTorrent.exe (5400) connected on port 50141 - 71.181.250.198
Process uTorrent.exe (5400) connected on port 29132 - 71.227.92.123
Process uTorrent.exe (5400) connected on port 59395 - 64.118.10.45
Process uTorrent.exe (5400) connected on port 15652 - 67.70.11.120
Process uTorrent.exe (5400) connected on port 51159 - 208.168.240.147
Process uTorrent.exe (5400) connected on port 52035 - 208.168.240.147
Process uTorrent.exe (5400) connected on port 2917 - 189.171.41.147
Process uTorrent.exe (5400) connected on port 50958 - 71.181.250.198
Process uTorrent.exe (5400) connected on port 64343 - 58.165.182.109
Process uTorrent.exe (5400) connected on port 3600 - 70.78.47.231
Process uTorrent.exe (5400) connected on port 60038 - 81.182.121.241

Process D4.exe (844) listens on ports: 13 (Daytime), 37
Process svchost.exe (1400) listens on ports: 1269
Process svchost.exe (1500) listens on ports: 135 (RPC)
Process uTorrent.exe (5400) listens on ports: 13562


Autoruns and critical files
---------------------------
<unsigned> Sansa Dispatcher C:\Documents and Settings\Sam\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
<unsigned> NVIDIA Display Properties Extension C:\WINDOWS\system32\NvCpl.dll
<unsigned> NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
<unsigned> NVIDIA nForce™ Taskbar Application C:\WINDOWS\system32\sstray.exe
<unsigned> BHODemon - Freeware BHO Detection Utility P:\program files\BHODemon 2\BHODemon.exe
<unsigned> Status Monitor (Main) P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
<unsigned> BrStDvPt P:\program files\Brother\Brmfl04b\BrStDvPt.exe
<unsigned> ControlCenter2.0 Main Program P:\program files\Brother\ControlCenter2\brctrcen.exe
<unsigned> Dimension 4 P:\program files\D4\D4.exe
<unsigned> AUTOBACK.EXE P:\program files\ERUNT\AUTOBACK.EXE
<unsigned> Google Talk P:\Program Files\Google\Google Talk\googletalk.exe
<unsigned> NVIDIA nTune Command P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
<unsigned> Eudora's Shell Extension P:\program files\Qualcomm\Eudora\datafolder\EuShlExt.dll
<unsigned> CloneCD Tray P:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
<unsigned> System settings protector P:\program files\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> ShellExecuteHook P:\program files\SUPERAntiSpyware\SASSEH.DLL
<unsigned> SUPERAntiSpyware WinLogon Processor P:\program files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> SUPERAntiSpyware Application P:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<unsigned> Microsoft® Time Zone P:\Program Files\System\CPL Bonus\timezone.exe
<unsigned> TrayIt! Helper P:\program files\tray_it\TrayIt!.exe

<verified> Acronis Scheduler Helper C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> Window Washer Client Executable C:\Program Files\Webroot\Washer\wwDisp.exe
<verified> Shell Browser UI Library C:\WINDOWS\system32\browseui.dll
<verified> Crypto API32 C:\WINDOWS\system32\crypt32.dll
<verified> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll
<verified> Offline Network Agent C:\WINDOWS\system32\cscdll.dll
<verified> DIMS Notification Handler C:\WINDOWS\system32\dimsntfy.dll
<verified> Windows Logon UI C:\WINDOWS\system32\logonui.exe
<verified> Secondary Logon Service Notification DLL C:\WINDOWS\system32\sclgntfy.dll
<verified> Windows Shell Common Dll C:\WINDOWS\system32\shell32.dll
<verified> Systray shell service object C:\WINDOWS\system32\stobject.dll
<verified> Userinit Logon Application c:\windows\system32\userinit.exe
<verified> Web Site Monitor C:\WINDOWS\system32\webcheck.dll
<verified> Windows Genuine Advantage Notifications C:\WINDOWS\system32\WgaLogon.dll
<verified> Common DLL to receive Winlogon notifications C:\WINDOWS\system32\wlnotify.dll
<verified> Monitor for Acronis True Image Backup Archive Expl P:\program files\acronis\trueimagehome\timountermonitor.exe
<verified> Acronis True Image Monitor P:\program files\acronis\trueimagehome\trueimagemonitor.exe
<verified> Adobe Acrobat SpeedLauncher P:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Eset GUI P:\Program Files\ESET\ESET Smart Security\egui.exe
<verified> gusvc P:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
<verified> iTunesHelper Module P:\Program Files\iTunes\iTunesHelper.exe
<verified> Malwarebytes' Anti-Malware P:\program files\Malwarebytes' Anti-Malware\mbam.exe
<verified> IPoint.exe P:\Program Files\Microsoft IntelliPoint\ipoint.exe
<verified> Secunia PSI P:\program files\Secunia\PSI\psi.exe
<verified> Updater for Spybot-S&D P:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
<verified> Spybot - Search & Destroy P:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
<verified> System Tray application for TomTom HOME P:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
<verified> µTorrent P:\program files\uTorrent\uTorrent.exe
<verified> Windows Live Messenger P:\program files\windows live\messenger\msnmsgr.exe


Browser plugins
---------------
<unsigned> InstallShield Update Service Setup Player Module C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service Setup Player C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> InstallShield Update Service Web Agent C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> NVIDIA Smart Scan C:\WINDOWS\Downloaded Program Files\NvidiaSmartScan.ocx
<unsigned> Adobe Shockwave for Director Netscape plug-in, ver C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
<unsigned> Bonjour Namespace Provider P:\program files\Bonjour\mdnsNSP.dll
<unsigned> Java™ Quick Starter binary p:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<unsigned> 6.0.12.69 P:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
<unsigned> The QuickTime Plugin allows you to view a wide var P:\program files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> The QuickTime Plugin allows you to view a wide var P:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> The QuickTime Plugin allows you to view a wide var P:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> The QuickTime Plugin allows you to view a wide var P:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> 6.0.12.69 P:\program files\Mozilla Firefox\plugins\nprpjplug.dll
<unsigned> Version 1.0.2, copyright 1996-2009 The VideoLAN Te P:\Program Files\VideoLAN\VLC\npvlc.dll

<verified> Adobe PDF Helper for Internet Explorer c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> WindowsLiveLogin.dll c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Atomaders C:\WINDOWS\Downloaded Program Files\Atomaders.dll
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
<verified> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> HPBasicDetection Library C:\WINDOWS\Downloaded Program Files\HPBasicDetection3.dll
<verified> HPProductDetails.dll C:\WINDOWS\Downloaded Program Files\HPProductDetails.dll
<verified> LogInfo Module C:\WINDOWS\Downloaded Program Files\LogInfo.dll
<verified> Zone.com Stats Client for MSN Messenger C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
<verified> PC Pitstop AntiVirus Control C:\WINDOWS\Downloaded Program Files\pcpitstopAntiVirus.dll
<verified> Staging User Interface by Zone.com C:\WINDOWS\Downloaded Program Files\StagingUI.ocx
<verified> Client ActiveX Proxy for Stadium C:\WINDOWS\Downloaded Program Files\StProxy.dll
<verified> SysInfo Module C:\WINDOWS\Downloaded Program Files\SysInfo.dll
<verified> ZoneBuddy C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx
<verified> ZoneIntro C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
<verified> Backgammon by Zone.com C:\WINDOWS\Downloaded Program Files\ZPA_Backgammon.ocx
<verified> Bankshot Billiards ZPA C:\WINDOWS\Downloaded Program Files\zpa_pool.dll
<verified> ZonePA Chat Control C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx
<verified> Windows Presentation Foundation (WPF) plug-in for C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Microsoft Windows Sockets 2.0 Service Provider C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll
<verified> Shell Doc Object and Control Library C:\WINDOWS\system32\shdocvw.dll
<verified> LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll
<verified> Google Updater plugin<br><a href="http://pack.goog P:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier p:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
<verified> npitunes.dll P:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> Java™ Platform SE binary p:\program files\java\jre6\bin\jp2ssv.dll
<verified> RealPlayer™ LiveConnect-Enabled Plug-In P:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
<verified> 3.0.40818.0 P:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
<verified> getplusplusadobe16248 P:\program files\Mozilla Firefox\plugins\np_gp.dll
<verified> NPRuntime Script Plug-in Library for Java™ Depl P:\program files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Default Plug-in P:\program files\Mozilla Firefox\plugins\npnul32.dll
<verified> Office Plugin for Netscape Navigator P:\program files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> Adobe PDF Plug-In For Firefox and Netscape P:\program files\Mozilla Firefox\plugins\nppdf32.dll
<verified> RealPlayer™ LiveConnect-Enabled Plug-In P:\program files\Mozilla Firefox\plugins\nppl3260.dll
<verified> SBSD IE Protection p:\program files\spybot - search & destroy\sdhelper.dll


Missing files
-------------
File not found: C:\WINDOWS\system32\drivers\KodakCCS.exe
referenced in: HKLM\System\CurrentControlSet\Services\KodakCCS\"ImagePath"

File not found: C:\WINDOWS\system32\drivers\rootrepeal.sys
referenced in: HKLM\System\CurrentControlSet\Services\rootrepeal\"ImagePath"

File not found: system32\DRIVERS\Lbd.sys
referenced in: HKLM\System\CurrentControlSet\Services\Lbd\"ImagePath"

File not found: system32\DRIVERS\motccgp.sys
referenced in: HKLM\System\CurrentControlSet\Services\motccgp\"ImagePath"

File not found: system32\DRIVERS\motccgpfl.sys
referenced in: HKLM\System\CurrentControlSet\Services\motccgpfl\"ImagePath"

File not found: system32\DRIVERS\motodrv.sys
referenced in: HKLM\System\CurrentControlSet\Services\MotDev\"ImagePath"

File not found: system32\drivers\npf.sys
referenced in: HKLM\System\CurrentControlSet\Services\NPF\"ImagePath"


Scan
----
The following file(s) must be uploaded for server-side scanning:
C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5eaa5a33\System.Drawing.dll
C:\WINDOWS\system32\SSTraENG.dll
P:\program files\Secunia\PSI\psires.dll

Upload started - 3 file(s)
Upload: C:\WINDOWS\system32\SSTraENG.dll - 61440 bytes, hash: ff27831768f50df8f1819eba7b96775e
Upload: P:\program files\Secunia\PSI\psires.dll - 631296 bytes, hash: 960296fcf4b11d86c688a8bce8f65964
Upload: C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_5eaa5a33\System.Drawing.dll - 835584 bytes, hash: 8354ceb398cd00ef482ddd2011f56237
Upload speed - 18 KB/s
Upload finished - 3 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 85 sec
Total traffic - 1.53 MB sent, 3.68 KB recvd
Scanned 1470 files and modules - 252 seconds

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 19 November 2009 - 12:56 PM

Hi,


Please post back with a fresh RSIT-Logfile and tell me if there are still any issues :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:26 AM

Posted 24 November 2009 - 01:47 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users