Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/PSW.OnLineGames.OYB trojan


  • This topic is locked This topic is locked
20 replies to this topic

#1 Lorrretta

Lorrretta

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 18 October 2009 - 07:04 AM

My computer was infected with Win32/PSW.OnLineGames.NNU trojan 2 days ago.
I was unable to:

view hidden files ( selection goes back to 'do not show hidden files' even after i clicked on show hidden files)
unhide protected operating system files ( the box remains checked)
view certain windows even when the toolbar has a tab indicating that the program is opened e.g. for winamp.exe

The speed of the computer in opening programs has slowed down, and the system opens drives ( C, D, G, L, P drives) in a new window instead of going to a new page from the 'my computer' window.

I'm currently running on Windows XP professional Version 2002 SP2.
The problem surfaced after I inserted a camera's memory card into the computer.
I have scanned the computer using NOD32 and it detected Win32/PSW.OnLineGames.NNU trojan affecting the files as follows:

C:\2sm66r.exe
C:\s3ek.exe
D:\2sm66r.exe
D:\s3ek.exe
G:\2sm66r.exe
G:\s3ek.exe
L:\2sm66r.exe
L:\s3ek.exe

and they have been removed from the computer.

Last night a new threat has been found by NOD32: Win32/PSW.OnLineGames.OYB trojan

in the following files:

C:\DOCUME~1\LORETTA\LOCALS~1\TEMP\CVASDS0.DLL
C:\DOCUME~1\Loretta\LOCALS~1\Temp\herss.exe
C:\DOCUME~1\Kenny\LOCALS~1\Temp\cvasds0.dll
C:\DOCUME~1\Kenny\LOCALS~1\Temp\herss.exe
C:\autorun.inf
D:\autorun.inf
G:\autorun.inf
L:\autorun.inf
P:\autorun.inf

I was unable to access all the drives as a window asking me to choose a program to view the file will pop up.
This morning, when I on the computer, I did not experience this problem.
However, I am still unable to view hidden files ( selection goes back to 'do not show hidden files' even after i clicked on show hidden files).
I have not encountered any problems other than this.

After scanning and cleaning my computer using NOD32, ( files mentioned below have been deleted)

it has shown that trojan is still affecting these files:

C:\DOCUME~1\LORETTA\LOCALS~1\TEMP\CVASDS0.DLL
C:\DOCUME~1\Loretta\LOCALS~1\Temp\herss.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\cvasds0.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\herss.exe

C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136594.inf
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136607.exe
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136608.inf
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136638.exe
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136639.inf
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136687.exe
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136688.inf
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136711.exe
C:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136712.inf

D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136595.exe
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136596.inf
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136609.exe
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136610.inf
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136640.exe
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136641.inf
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136689.exe
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136690.inf
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136713.exe
D:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136714.inf

G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136597.exe
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136598.inf
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136611.exe
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136612.inf
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136642.exe
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136643.inf
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136691.exe
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136692.inf
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136715.exe
G:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136716.inf

L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136599.exe
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136600.inf
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136613.exe
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136614.inf
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136644.exe
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136645.inf
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136693.exe
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136694.inf
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136717.exe
L:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136718.inf

P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136601.exe
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136602.inf
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136615.exe
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136616.inf
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136646.exe
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136647.inf
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136695.exe
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136696.inf
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136719.exe
P:\System Volume Information\_restore{BDD3B60E-2D0C-4A35-9560-CBF251C6D7A7}\RP506\A0136720.inf


Below are the content of the DDS.txt log


DDS (Ver_09-10-13.01) - NTFSx86
Run by Kenny at 16:59:16.00 on Sun 10/18/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1171 [GMT 8:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PPStream\ppsap.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Kenny\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sg.yahoo.com/
uSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://sg.search.yahoo.com/
mDefault_Page_URL = hxxp://sg.yahoo.com
mDefault_Search_URL = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
mSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://sg.search.yahoo.com/
mStart Page = hxxp://sg.yahoo.com
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EPSON Stylus CX5500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticap.exe /fu "c:\windows\temp\E_SAE9.tmp" /EF "HKCU"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [cdoosoft] c:\docume~1\kenny\locals~1\temp\herss.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\ringz studio\storm codec\qttask.exe" -atboottime
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &使用超级旋风下载 - c:\program files\tencent\qqdownload\geturl.htm
IE: &使用超级旋风下载全部链接 - c:\program files\tencent\qqdownload\getAllurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://webgames.d.tmsrv.com/c=2ae08eb66ab8bfd89d544a8e066d085d/aff=t_25oa_ukca_wg/p/release/yeu/wg_yahtzeeEN/yahtzeeEN/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kenny\applic~1\mozilla\firefox\profiles\0zjq1rw3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.buddhanet.net/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\kenny\application data\videoegg\loader\4665\npvideoegg-loader.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [2009-5-23 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [2009-5-23 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-2-3 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-23 54752]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\kenny\locals~1\temp\FUT10A6.tmp [2009-8-5 18704]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-2-3 47624]
S3 IFA_Moore Service;IFA_Moore Service;c:\program files\common files\primal pictures shared\service\IFA_Moore Service File.exe [2009-1-16 68096]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-9-6 32377]

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-10-17 02:50 <DIR> --d----- c:\program files\Trend Micro
2009-10-12 02:09 <DIR> --d----- c:\docume~1\kenny\applic~1\Moyea
2009-10-12 01:24 3,776,507,206 a------- c:\windows\system32\$$arcdatafile$$.tmp
2009-10-12 01:08 <DIR> --d----- c:\windows\system32\xlive
2009-10-12 01:08 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-10-12 01:08 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-10-12 01:08 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-10-12 01:08 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-10-12 01:08 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-10-12 01:08 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-10-12 01:08 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-10-12 01:08 <DIR> --d----- c:\windows\Logs
2009-10-12 00:28 <DIR> --d----- c:\program files\Street Fighter IV
2009-10-03 18:39 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-10-03 18:26 <DIR> --d----- c:\program files\common files\DivX Shared
2009-10-02 21:44 25 a------- c:\windows\cdplayer.ini
2009-10-02 17:51 <DIR> --d----- C:\My Music
2009-09-21 18:52 <DIR> --d----- c:\program files\common files\xing shared

==================== Find3M ====================

2009-10-03 16:09 98,304 a------- c:\windows\DUMP80c8.tmp
2009-09-15 11:10 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-15 11:10 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-09-14 12:36 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-09-11 22:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-08 02:16 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-07 02:29 0 a---h--- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-09-07 02:29 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-09-06 11:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-06 11:09 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-05 04:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-26 16:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 17:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 21:58 2,136,064 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 21:13 2,015,744 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2008-04-13 02:21 22,328 ac------ c:\docume~1\kenny\applic~1\PnkBstrK.sys
2008-03-13 22:20 0 ac------ c:\program files\temp01
2008-02-04 23:18 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 17:00:44.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 29 October 2009 - 05:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 04 November 2009 - 12:24 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 05 November 2009 - 12:14 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 06 November 2009 - 07:27 AM

Ever since the last time I have posted, ESET NOD32 has detected few other viruses such as
Win32/TrojanDwonloader.Bredolab.AA
Win32/Adware.SecurityTool application
Win32/Wigon.HT
Win32/Kryptik.ARV
Win32/Waledac
Win32.Pacex.Gen

I have tried my luck and downloaded Malwarebytes' Anti-Malware and SUPERAntiSpyware and scanned to remove the virus.
I had to scan using the 2 softwares for at least 2 times before there is no more signs of virus.

I cannot confirm if there are any more viruses lying around in the computer. Please help me check if this computer is completely clean, as I do not want to lose any of my documents.

Thank you for your help.

Below is the DDS log as requested.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Kenny at 20:11:14.96 on Fri 11/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1325 [GMT 8:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE
C:\Program Files\PPStream\ppsap.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Kenny\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://sg.yahoo.com/
uSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://sg.search.yahoo.com/
mDefault_Page_URL = hxxp://sg.yahoo.com
mDefault_Search_URL = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
mSearch Page = hxxp://sg.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://sg.search.yahoo.com/
mStart Page = hxxp://sg.yahoo.com
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus CX5500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticap.exe /fu "c:\windows\temp\E_SAE9.tmp" /EF "HKCU"
uRun: [restorer32_a] c:\documents and settings\kenny\restorer32_a.exe
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [restorer32_a] c:\windows\system32\restorer32_a.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: &使用超级旋风下载 - c:\program files\tencent\qqdownload\geturl.htm
IE: &使用超级旋风下载全部链接 - c:\program files\tencent\qqdownload\getAllurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://webgames.d.tmsrv.com/c=2ae08eb66ab8bfd89d544a8e066d085d/aff=t_25oa_ukca_wg/p/release/yeu/wg_yahtzeeEN/yahtzeeEN/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kenny\applic~1\mozilla\firefox\profiles\0zjq1rw3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [2009-5-23 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [2009-5-23 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-2-3 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-1-23 54752]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-16 34064]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\kenny\locals~1\temp\FUT10A6.tmp [2009-8-5 18704]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-2-3 47624]
S3 IFA_Moore Service;IFA_Moore Service;c:\program files\common files\primal pictures shared\service\IFA_Moore Service File.exe [2009-1-16 68096]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-9-6 32377]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-10-29 14:10:55 0 d-----w- c:\program files\WinPcap
2009-10-29 13:35:54 27136 ----a-w- c:\windows\system32\pqrs.tmo
2009-10-22 15:51:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 12:35:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-22 12:35:26 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 12:35:26 0 d-----w- c:\docume~1\kenny\applic~1\SUPERAntiSpyware.com
2009-10-22 12:31:10 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-22 10:57:08 0 d-----w- c:\docume~1\kenny\applic~1\Malwarebytes
2009-10-22 10:56:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 10:56:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 10:56:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 10:56:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-18 10:06:23 0 ----a-w- c:\documents and settings\kenny\settings.dat
2009-10-16 18:50:20 0 d-----w- c:\program files\Trend Micro
2009-10-11 18:09:40 0 d-----w- c:\docume~1\kenny\applic~1\Moyea
2009-10-11 17:24:05 3776507206 ----a-w- c:\windows\system32\$$arcdatafile$$.tmp
2009-10-11 17:08:59 0 d-----w- c:\windows\system32\xlive
2009-10-11 17:08:59 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-11 17:08:30 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-11 17:08:30 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-11 17:08:29 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-11 17:08:28 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-11 17:08:28 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-11 17:08:26 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-11 17:08:19 0 d-----w- c:\windows\Logs
2009-10-11 16:28:04 0 d-----w- c:\program files\Street Fighter IV

==================== Find3M ====================

2009-10-03 08:09:15 98304 ----a-w- c:\windows\DUMP80c8.tmp
2009-09-25 05:56:36 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56:32 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-15 03:10:23 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-15 03:10:16 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-14 04:36:05 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 18:16:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 15:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-03-13 14:20:48 0 -c--a-w- c:\program files\temp01

============= FINISH: 20:11:23.26 ===============

Attached Files



#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 06 November 2009 - 02:40 PM

Hello, Lorrretta and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.






Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 06 November 2009 - 10:28 PM

Below is gmer.log as requested.


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 11:27:25
Windows 5.1.2600 Service Pack 2
Running: e0fqexpl.exe; Driver: C:\DOCUME~1\Kenny\LOCALS~1\Temp\pwwyikow.sys


---- System - GMER 1.0.15 ----

SSDT spqi.sys ZwCreateKey [0xBA6AB0E0]
SSDT spqi.sys ZwEnumerateKey [0xBA6C8CA2]
SSDT spqi.sys ZwEnumerateValueKey [0xBA6C9030]
SSDT spqi.sys ZwOpenKey [0xBA6AB0C0]
SSDT spqi.sys ZwQueryKey [0xBA6C9108]
SSDT spqi.sys ZwQueryValueKey [0xBA6C8F88]
SSDT spqi.sys ZwSetValueKey [0xBA6C919A]

INT 0x62 ? 8A622BF8
INT 0x63 ? 8A33BBF8
INT 0x73 ? 8A622BF8
INT 0x73 ? 8A622BF8
INT 0x73 ? 8A695BF8
INT 0x73 ? 8A33BBF8
INT 0x73 ? 8A622BF8
INT 0x82 ? 8A622BF8
INT 0x83 ? 8A33BBF8
INT 0x94 ? 8A33BBF8
INT 0xB4 ? 8A33BBF8
INT 0xB4 ? 8A33BBF8
INT 0xB4 ? 8A33BBF8
INT 0xB4 ? 8A33BBF8

---- Kernel code sections - GMER 1.0.15 ----

? spqi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B951362C 5 Bytes JMP 8A33B1D8
.text alubl2n9.SYS B9421384 1 Byte [20]
.text alubl2n9.SYS B9421384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text alubl2n9.SYS B94213AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text alubl2n9.SYS B94213C4 3 Bytes [00, 00, 00]
.text alubl2n9.SYS B94213C9 1 Byte [00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2300] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spqi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spqi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spqi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spqi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spqi.sys
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\alubl2n9.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02702EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02702C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02702C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02702C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileMappingW] [00FA4018] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetFileSizeEx] [00FA3E2D] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileMappingW] [00FA4018] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [00FA3A1C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetOverlappedResult] [00FA3E74] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [00FA3A1C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetOverlappedResult] [00FA3E74] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSizeEx] [00FA3E2D] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingW] [00FA4018] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [00FA3C4C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingA] [00FA3FBD] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileMappingA] [00FA3FBD] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [00F81922] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [00FA3A1C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [00FA3A1C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00F81922] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileMappingA] [00FA3FBD] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileMappingW] [00FA4018] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] [00FA4018] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00F81922] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetOverlappedResult] [00FA3E74] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] [00FA3FBD] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [00FA3A1C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00F81922] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileMappingA] [00FA3FBD] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetOverlappedResult] [00FA3E74] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileMappingW] [00FA4018] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00F819FE] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00F81922] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [00FA3A1C] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetFileSize] [00FA3DE6] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00F81922] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [00F81855] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetFilePointer] [00FA3C9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [00F81788] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] [00F81ADA] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateFileW] [00FA3A82] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!WriteFile] [00FA3B9A] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CloseHandle] [00FA3DA5] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\Program Files\PPStream\ppsap.exe[572] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!ReadFile] [00FA3AE8] c:\Program Files\PPStream\1.1.0.2700\vodres.dll (PPS ?????/PPStream Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[640] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01DB2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01DB2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01DB2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01DB2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kenny\Desktop\e0fqexpl.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kenny\Desktop\e0fqexpl.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kenny\Desktop\e0fqexpl.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Kenny\Desktop\e0fqexpl.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wuauclt.exe[2652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6201F8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )

Device \FileSystem\Fastfat \FatCdrom 8A22E500
Device \FileSystem\Fastfat \FatCdrom 8A138144
Device \Driver\USBSTOR \Device\0000008e 8A1A1500
Device \Driver\USBSTOR \Device\0000008f 8A1A1500
Device \Driver\usbuhci \Device\USBPDO-0 8A33A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A6931F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A6931F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A6931F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A6931F8
Device \Driver\usbuhci \Device\USBPDO-1 8A33A1F8
Device \Driver\PCI_PNP1362 \Device\00000052 spqi.sys
Device \Driver\usbuhci \Device\USBPDO-2 8A33A1F8
Device \Driver\usbehci \Device\USBPDO-3 8A3181F8
Device \Driver\usbuhci \Device\USBPDO-4 8A33A1F8

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 8A33A1F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 8A6931F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume2 8A6931F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 8A6931F8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume2 8A6931F8
Device \Driver\usbuhci \Device\USBPDO-6 8A33A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6231F8
Device \Driver\usbehci \Device\USBPDO-7 8A3181F8
Device \Driver\sptd \Device\938701362 spqi.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6231F8
Device \Driver\Cdrom \Device\CdRom0 8A33D008
Device \FileSystem\Rdbss \Device\FsWrap 8A50CF5C
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6231F8
Device \Driver\Cdrom \Device\CdRom1 8A33D008
Device \Driver\atapi \Device\Ide\IdePort0 8A6221F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A6221F8
Device \Driver\atapi \Device\Ide\IdePort1 8A6221F8
Device \Driver\atapi \Device\Ide\IdePort2 8A6221F8
Device \Driver\atapi \Device\Ide\IdePort3 8A6221F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 8A6221F8
Device \Driver\Cdrom \Device\CdRom2 8A33D008
Device \Driver\USBSTOR \Device\00000090 8A1A1500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1A2500
Device \Driver\NetBT \Device\NetbiosSmb 8A1A2500
Device \Driver\USBSTOR \Device\00000086 8A1A1500
Device \FileSystem\Srv \Device\LanmanServer 8A21F41C
Device \Driver\NetBT \Device\NetBT_Tcpip_{EDFB686F-E909-4A72-BFC0-D5C6FC4156D7} 8A1A2500
Device \Driver\usbuhci \Device\USBFDO-0 8A33A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A33A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A18D500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A423D34
Device \Driver\usbuhci \Device\USBFDO-2 8A33A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A18D500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A423D34
Device \Driver\usbehci \Device\USBFDO-3 8A3181F8
Device \FileSystem\Npfs \Device\NamedPipe 8A1213CC
Device \Driver\usbuhci \Device\USBFDO-4 8A33A1F8
Device \Driver\Ftdisk \Device\FtControl 8A6231F8
Device \FileSystem\Msfs \Device\Mailslot 8A125D94
Device \Driver\usbuhci \Device\USBFDO-5 8A33A1F8
Device \Driver\USBSTOR \Device\0000008b 8A1A1500
Device \Driver\usbuhci \Device\USBFDO-6 8A33A1F8
Device \Driver\USBSTOR \Device\0000008c 8A1A1500
Device \Driver\usbehci \Device\USBFDO-7 8A3181F8
Device \Driver\d343port \Device\Scsi\d343port1Port6Path0Target0Lun0 8A0BDF00
Device \Driver\d343port \Device\Scsi\d343port1 8A0BDF00
Device \Driver\JRAID \Device\Scsi\JRAID1Port4Path0Target0Lun0 8A252B80
Device \Driver\alubl2n9 \Device\Scsi\alubl2n91Port5Path0Target0Lun0 8A197008
Device \Driver\JRAID \Device\Scsi\JRAID1 8A252B80
Device \Driver\alubl2n9 \Device\Scsi\alubl2n91 8A197008
Device \Driver\USBSTOR \Device\0000008d 8A1A1500
Device \FileSystem\Fastfat \Fat 8A22E500
Device \FileSystem\Fastfat \Fat 8A138144

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A57F10C
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A57F10C
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A57F10C
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A57F10C
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A57F10C
Device \FileSystem\Cdfs \Cdfs 8A3FF500
Device \FileSystem\Cdfs \Cdfs 8A131DA4

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0xF2 0x02 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0x59 0xD6 0x18 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB9 0x76 0x72 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0xF2 0x02 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8D 0x59 0xD6 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xB9 0x76 0x72 0xE4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{90BDF4AE-EE83-6196-457C-82E601AA2F2C}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{90BDF4AE-EE83-6196-457C-82E601AA2F2C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{90BDF4AE-EE83-6196-457C-82E601AA2F2C}\ProgID@ ADODB.Stream.2.8
Reg HKLM\SOFTWARE\Classes\CLSID\{90BDF4AE-EE83-6196-457C-82E601AA2F2C}\VersionIndependentProgID@ ADODB.Stream
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 07 November 2009 - 06:08 AM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 08 November 2009 - 02:19 PM

Can I check with you, my antivirus was not fully disabled the last time? I'm using an outdated version of ESET, so i didn't follow the instructions on that page as they were not applicable.

During the combofix, when my computer reboot, ESET started to run as i forgot to remove from the start up list. Will it affect the results?
Do I need to scan again?

#10 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 08 November 2009 - 02:26 PM

I hope the antivirus is disabled this time.

ComboFix 09-11-07.04 - Kenny 11/09/2009 2:59.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1479 [GMT 8:00]
Running from: c:\documents and settings\Kenny\Desktop\schrauber.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_NIM4711.TMP
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 18:49 . 2009-11-08 18:50 -------- d-----w- C:\schrauber
2009-10-29 14:42 . 2009-10-29 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-25 05:20 . 2009-10-25 05:20 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-10-23 09:11 . 2009-10-23 09:11 -------- d-----w- c:\documents and settings\Loretta\Application Data\Malwarebytes
2009-10-22 15:51 . 2009-10-22 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 13:22 . 2009-10-22 13:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-22 13:18 . 2009-10-22 13:18 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-22 13:18 . 2009-10-22 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-22 12:39 . 2009-10-22 12:39 117760 ----a-w- c:\documents and settings\Kenny\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-22 12:35 . 2009-10-22 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 12:35 . 2009-10-31 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 12:35 . 2009-10-22 12:35 -------- d-----w- c:\documents and settings\Kenny\Application Data\SUPERAntiSpyware.com
2009-10-22 12:31 . 2009-10-22 12:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-22 10:57 . 2009-10-22 10:57 -------- d-----w- c:\documents and settings\Kenny\Application Data\Malwarebytes
2009-10-22 10:56 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 10:56 . 2009-10-22 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 10:56 . 2009-10-22 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 10:56 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 10:06 . 2009-10-18 10:06 0 ----a-w- c:\documents and settings\Kenny\settings.dat
2009-10-16 18:50 . 2009-10-16 18:50 -------- d-----w- c:\program files\Trend Micro
2009-10-16 18:14 . 2009-10-16 18:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-11 18:09 . 2009-10-11 18:09 -------- d-----w- c:\documents and settings\Kenny\Application Data\Moyea
2009-10-11 17:20 . 2009-10-11 17:20 -------- d-----w- c:\documents and settings\Kenny\Local Settings\Application Data\CAPCOM
2009-10-11 17:08 . 2009-10-11 17:09 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-11 17:08 . 2009-10-11 17:08 -------- d-----w- c:\windows\system32\xlive
2009-10-11 17:08 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-11 17:08 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-11 17:08 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-11 17:08 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-11 17:08 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-11 17:08 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-11 17:08 . 2009-10-11 17:08 -------- d-----w- c:\windows\Logs
2009-10-11 16:28 . 2009-10-11 17:08 -------- d-----w- c:\program files\Street Fighter IV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 17:37 . 2009-06-29 14:02 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-03 14:45 . 2008-02-03 02:57 -------- d-----w- c:\documents and settings\Kenny\Application Data\uTorrent
2009-11-01 04:39 . 2009-07-01 12:46 -------- d-----w- c:\program files\PPStream
2009-11-01 04:39 . 2009-07-01 12:46 -------- d-----w- c:\documents and settings\Kenny\Application Data\PPStream
2009-10-29 13:18 . 2008-02-04 15:00 -------- d-----w- c:\program files\PeerGuardian2
2009-10-18 17:09 . 2008-03-13 14:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 13:16 . 2008-12-26 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 16:18 . 2008-02-04 15:16 -------- d-----w- c:\documents and settings\Kenny\Application Data\Skype
2009-10-15 13:09 . 2008-02-04 15:18 -------- d-----w- c:\documents and settings\Kenny\Application Data\skypePM
2009-10-11 18:23 . 2008-10-24 04:26 -------- d-----w- c:\program files\Yahoo!
2009-10-11 18:21 . 2008-02-03 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 17:32 . 2009-10-11 17:24 3776507206 ----a-w- c:\windows\system32\$$arcdatafile$$.tmp
2009-10-03 10:39 . 2009-10-03 10:39 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-03 10:37 . 2008-02-03 04:46 -------- d-----w- c:\program files\Windows Live
2009-10-03 10:27 . 2008-04-23 01:34 180664 -c--a-w- c:\documents and settings\Loretta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-03 10:27 . 2008-02-11 14:32 -------- d-----w- c:\program files\DivX
2009-10-03 10:26 . 2009-10-03 10:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-03 08:09 . 2008-02-03 10:00 98304 ----a-w- c:\windows\DUMP80c8.tmp
2009-09-30 13:52 . 2009-09-30 13:52 -------- d-----w- c:\documents and settings\Loretta\Application Data\PC Suite
2009-09-25 05:56 . 2004-08-03 16:56 662016 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-03 16:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-21 10:52 . 2008-02-03 02:43 -------- d-----w- c:\program files\Common Files\Real
2009-09-21 10:52 . 2009-09-21 10:52 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-15 03:10 . 2009-09-14 04:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-15 03:10 . 2009-09-14 04:36 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-14 04:36 . 2008-04-10 17:53 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-11 14:33 . 2004-08-03 16:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 06:09 . 2009-09-11 06:09 -------- d-----w- c:\documents and settings\John\Application Data\PC Suite
2009-09-07 03:02 . 2009-09-06 18:36 2440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-06 09:30 . 2009-09-05 16:44 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-09-05 16:44 . 2009-09-05 16:44 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-09-05 16:44 . 2009-09-05 16:44 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-09-05 16:44 . 2009-09-05 16:44 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-09-05 16:44 . 2009-09-05 16:44 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-09-05 15:58 . 2009-09-05 15:58 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-09-05 15:58 . 2009-09-05 15:58 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-09-05 15:58 . 2009-09-05 15:58 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-09-05 15:58 . 2009-09-05 15:59 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en.exe
2009-09-04 20:45 . 2004-08-03 16:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2004-08-03 16:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 09:30 . 2008-02-03 04:06 180664 ----a-w- c:\documents and settings\Kenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-03-13 14:20 . 2008-03-13 14:20 0 -c--a-w- c:\program files\temp01
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1AB9333EC47BC064050A2BF554AE5A95 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2004-08-09 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2009-06-29 210296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-03 950664]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]

c:\documents and settings\John\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
backup=c:\windows\pss\SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
backup=c:\windows\pss\Registration Assassin's Creed.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^启动iTudou.lnk]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\启动iTudou.lnk
backup=c:\windows\pss\启动iTudou.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Loretta^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Loretta\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Loretta^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Loretta\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Tudou\\iTudou\\iTudou.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\VertigoGames\\Game\\BlackShot\\Blackshot\\system\\BlackShot.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"p:\\Kernie\\Games\\PC games\\LFD\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [5/23/2009 2:05 PM 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [5/23/2009 2:05 PM 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2/3/2008 10:41 AM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/23/2009 12:20 AM 54752]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp --> c:\docume~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp [?]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2/3/2008 10:27 AM 47624]
S3 IFA_Moore Service;IFA_Moore Service;c:\program files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe [1/16/2009 10:52 PM 68096]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [9/6/2009 5:35 PM 32377]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 14:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sg.yahoo.com/
mStart Page = hxxp://sg.yahoo.com
uSearchURL,(Default) = hxxp://sg.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://sg.search.yahoo.com/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &使用超级旋风下载 - c:\program files\Tencent\QQDownload\geturl.htm
IE: &使用超级旋风下载全部链接 - c:\program files\Tencent\QQDownload\getAllurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: 添加到QQ表情 - c:\program files\Tencent\QQ\AddEmotion.htm
LSP: c:\windows\system32\imon.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://webgames.d.tmsrv.com/c=2ae08eb66ab8bfd89d544a8e066d085d/aff=t_25oa_ukca_wg/p/release/yeu/wg_yahtzeeEN/yahtzeeEN/zylomgamesplayer.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Kenny\Application Data\Mozilla\Firefox\Profiles\0zjq1rw3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{65F8A3D2-4C22-4A33-9633-73167EAEEC45} - (no file)
HKCU-Run-restorer32_a - c:\documents and settings\Kenny\restorer32_a.exe
HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe
Notify-WgaLogon - (no file)
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-Primal 3D Anatomy - Muscles, Testing and Function - c:\program files\Primal 3D Anatomy\Primal 3D Anatomy - Muscles
AddRemove-WildTangent wildgames Master Uninstall - c:\program files\WildGames\Uninstall.exe
AddRemove-WT036431 - c:\program files\WildGames\Otto's Magic Blocks\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 03:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A61E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a61e1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-2139871995-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e4,dc,8a,1c,8c,3a,9e,cd,53,20,80,9a,11,52,f8,c7,23,d6,8f,48,fc,89,2a,
c4,c8,dd,a3,ba,40,71,e9,c3,46,ca,9f,90,9a,ed,32,0d,38,47,21,2a,8c,f0,e8,4b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1757981266-2139871995-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:68,21,c9,a2,d2,5d,10,c0,93,94,56,b2,08,9e,91,59,1c,1f,0e,aa,a1,
21,7a,c7,fb,6a,ba,3d,a9,46,c4,9a,68,74,12,52,44,b3,73,38,73,6f,a1,9a,93,f1,\
"rkeysecu"=hex:0c,9b,6c,ee,38,d8,b1,64,40,c1,31,78,95,54,00,b2

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-08 3:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 19:14

Pre-Run: 49,552,928,768 bytes free
Post-Run: 51,906,256,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 416E69CF4CDA7EA88CEC08F62E5A1181

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 09 November 2009 - 12:58 PM

Hi,




Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\temp01


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.






Step 2

Please update your version of Malwarebytes, run a quick scan and post back with the content of the logfile.




Step 3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)







Please post back with:
  • Combofix-Logfile
  • Malwarebytes-Logfile
  • Both RSIT-Logfiles

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 10 November 2009 - 05:29 AM

I have tried my best to disable my antivirus, but it seems that it cannot be fully disabled.
nod32krn.exe doesn't go away even when I clicked on end process.
I hope it doesn't affect the running of the combofix


Combofix-Logfile

ComboFix 09-11-09.01 - Loretta 11/10/2009 17:07.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1534 [GMT 8:00]
Running from: c:\documents and settings\Loretta\Desktop\schrauber.exe
Command switches used :: c:\documents and settings\Loretta\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.

2009-11-08 18:49 . 2009-11-08 18:50 -------- d-----w- C:\schrauber
2009-10-29 14:42 . 2009-10-29 14:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-25 05:20 . 2009-10-25 05:20 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-10-23 09:11 . 2009-10-23 09:11 -------- d-----w- c:\documents and settings\Loretta\Application Data\Malwarebytes
2009-10-22 15:51 . 2009-10-22 16:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 13:22 . 2009-10-22 13:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-22 13:18 . 2009-10-22 13:18 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-22 13:18 . 2009-10-22 13:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-22 12:39 . 2009-10-22 12:39 117760 ----a-w- c:\documents and settings\Kenny\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-22 12:35 . 2009-10-22 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 12:35 . 2009-10-31 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-22 12:35 . 2009-10-22 12:35 -------- d-----w- c:\documents and settings\Kenny\Application Data\SUPERAntiSpyware.com
2009-10-22 12:31 . 2009-10-22 12:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-22 10:57 . 2009-10-22 10:57 -------- d-----w- c:\documents and settings\Kenny\Application Data\Malwarebytes
2009-10-22 10:56 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 10:56 . 2009-10-22 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 10:56 . 2009-10-22 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 10:56 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-18 10:06 . 2009-10-18 10:06 0 ----a-w- c:\documents and settings\Kenny\settings.dat
2009-10-16 18:50 . 2009-10-16 18:50 -------- d-----w- c:\program files\Trend Micro
2009-10-16 18:14 . 2009-10-16 18:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-11 18:09 . 2009-10-11 18:09 -------- d-----w- c:\documents and settings\Kenny\Application Data\Moyea
2009-10-11 17:20 . 2009-10-11 17:20 -------- d-----w- c:\documents and settings\Kenny\Local Settings\Application Data\CAPCOM
2009-10-11 17:08 . 2009-10-11 17:09 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-11 17:08 . 2009-10-11 17:08 -------- d-----w- c:\windows\system32\xlive
2009-10-11 17:08 . 2009-03-09 07:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-11 17:08 . 2009-03-09 07:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-11 17:08 . 2009-03-09 07:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-11 17:08 . 2009-03-16 06:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-11 17:08 . 2009-03-16 06:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-11 17:08 . 2009-03-16 06:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-11 17:08 . 2009-10-11 17:08 -------- d-----w- c:\windows\Logs
2009-10-11 16:28 . 2009-10-11 17:08 -------- d-----w- c:\program files\Street Fighter IV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 17:37 . 2009-06-29 14:02 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-03 14:45 . 2008-02-03 02:57 -------- d-----w- c:\documents and settings\Kenny\Application Data\uTorrent
2009-11-01 04:39 . 2009-07-01 12:46 -------- d-----w- c:\program files\PPStream
2009-11-01 04:39 . 2009-07-01 12:46 -------- d-----w- c:\documents and settings\Kenny\Application Data\PPStream
2009-10-29 13:18 . 2008-02-04 15:00 -------- d-----w- c:\program files\PeerGuardian2
2009-10-18 17:09 . 2008-03-13 14:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 13:16 . 2008-12-26 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-15 16:18 . 2008-02-04 15:16 -------- d-----w- c:\documents and settings\Kenny\Application Data\Skype
2009-10-15 13:09 . 2008-02-04 15:18 -------- d-----w- c:\documents and settings\Kenny\Application Data\skypePM
2009-10-11 18:23 . 2008-10-24 04:26 -------- d-----w- c:\program files\Yahoo!
2009-10-11 18:21 . 2008-02-03 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 17:32 . 2009-10-11 17:24 3776507206 ----a-w- c:\windows\system32\$$arcdatafile$$.tmp
2009-10-03 10:39 . 2009-10-03 10:39 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-03 10:37 . 2008-02-03 04:46 -------- d-----w- c:\program files\Windows Live
2009-10-03 10:27 . 2008-04-23 01:34 180664 -c--a-w- c:\documents and settings\Loretta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-03 10:27 . 2008-02-11 14:32 -------- d-----w- c:\program files\DivX
2009-10-03 10:26 . 2009-10-03 10:26 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-03 08:09 . 2008-02-03 10:00 98304 ----a-w- c:\windows\DUMP80c8.tmp
2009-09-30 13:52 . 2009-09-30 13:52 -------- d-----w- c:\documents and settings\Loretta\Application Data\PC Suite
2009-09-25 05:56 . 2004-08-03 16:56 662016 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:56 . 2004-08-03 16:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-21 10:52 . 2008-02-03 02:43 -------- d-----w- c:\program files\Common Files\Real
2009-09-21 10:52 . 2009-09-21 10:52 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-15 03:10 . 2009-09-14 04:36 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-15 03:10 . 2009-09-14 04:36 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-14 04:36 . 2008-04-10 17:53 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-11 14:33 . 2004-08-03 16:56 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 03:02 . 2009-09-06 18:36 2440 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-06 09:30 . 2009-09-05 16:44 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
2009-09-05 16:44 . 2009-09-05 16:44 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-09-05 16:44 . 2009-09-05 16:44 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-09-05 16:44 . 2009-09-05 16:44 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-09-05 16:44 . 2009-09-05 16:44 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-09-05 15:58 . 2009-09-05 15:58 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-09-05 15:58 . 2009-09-05 15:58 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-09-05 15:58 . 2009-09-05 15:58 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-09-05 15:58 . 2009-09-05 15:59 24501456 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en.exe
2009-09-04 20:45 . 2004-08-03 16:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2004-08-03 16:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 15:33 . 2009-08-17 15:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 09:30 . 2008-02-03 04:06 180664 ----a-w- c:\documents and settings\Kenny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-03-13 14:20 . 2008-03-13 14:20 0 -c--a-w- c:\program files\temp01
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 1AB9333EC47BC064050A2BF554AE5A95 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2004-08-09 . 7B11118B078B88F87183FE69EDA43137 . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-08_19.08.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-10 09:15 . 2009-11-10 09:15 16384 c:\windows\Temp\Perflib_Perfdata_7d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-21 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]

c:\documents and settings\John\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 07:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SketchBook Snapshot.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SketchBook Snapshot.lnk
backup=c:\windows\pss\SketchBook Snapshot.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
backup=c:\windows\pss\Registration Assassin's Creed.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^启动iTudou.lnk]
path=c:\documents and settings\Kenny\Start Menu\Programs\Startup\启动iTudou.lnk
backup=c:\windows\pss\启动iTudou.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Loretta^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Loretta\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Loretta^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Loretta\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Tudou\\iTudou\\iTudou.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\VertigoGames\\Game\\BlackShot\\Blackshot\\system\\BlackShot.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"p:\\Kernie\\Games\\PC games\\LFD\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 d343bus;d343bus;c:\windows\system32\drivers\d343bus.sys [5/23/2009 2:05 PM 136704]
R0 d343port;d343port;c:\windows\system32\drivers\d343port.sys [5/23/2009 2:05 PM 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2/3/2008 10:41 AM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/23/2009 12:20 AM 54752]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp --> c:\docume~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp [?]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2/3/2008 10:27 AM 47624]
S3 IFA_Moore Service;IFA_Moore Service;c:\program files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe [1/16/2009 10:52 PM 68096]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [9/6/2009 5:35 PM 32377]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 14:18]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://sg.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: 使用iTudou下载节目 - c:\program files\Tudou\iTudou\iTudou_Link.HTM
LSP: c:\windows\system32\imon.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://webgames.d.tmsrv.com/c=2ae08eb66ab8bfd89d544a8e066d085d/aff=t_25oa_ukca_wg/p/release/yeu/wg_yahtzeeEN/yahtzeeEN/zylomgamesplayer.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Loretta\Application Data\Mozilla\Firefox\Profiles\s8de6bfe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{65F8A3D2-4C22-4A33-9633-73167EAEEC45} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 17:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a6221f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(1128)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2009-11-10 17:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-10 09:28
ComboFix2.txt 2009-11-08 19:14

Pre-Run: 51,923,947,520 bytes free
Post-Run: 51,909,255,168 bytes free

- - End Of File - - 57CA2E1CC55AECEF981EBB5DA58C41C7


Malwarebytes-Logfile

Malwarebytes' Anti-Malware 1.41
Database version: 3138
Windows 5.1.2600 Service Pack 2

11/10/2009 5:38:11 PM
mbam-log-2009-11-10 (17-38-11).txt

Scan type: Quick Scan
Objects scanned: 128812
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pqrs.tmo (Backdoor.Bredavi) -> Quarantined and deleted successfully.

Both RSIT-Logfiles

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Loretta at 2009-11-10 18:06:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 50 GB (41%) free of 121 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:10 PM, on 11/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Loretta\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Loretta.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://join.msn.com/?page=sitewide/worldwide
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 使用iTudou下载节目 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://webgames.d.tmsrv.com/c=2ae08eb66ab8...gamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: IFA_Moore Service - Unknown owner - C:\Program Files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11105 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-09-21 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-07 8523776]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-11-07 81920]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-19 16844800]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-08-29 1966080]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-21 198160]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [2007-10-09 169328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-02-14 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2003-12-15 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Funshion]
C:\Program Files\Funshion Online\Funshion\Funshion.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
C:\Program Files\GIGABYTE\GEST\run.exe [2007-12-14 236040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTudouAutoStart]
C:\Program Files\Tudou\iTudou\iTudou.exe [2008-11-06 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-10-16 4347120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe [2008-02-03 950664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-07-22 2331936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-01-08 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
c:\Program Files\PPStream\ppsap.exe [2009-06-29 210296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QQDownload]
C:\Program Files\Tencent\QQDownload\QQDownload.exe autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\Ringz Studio\Storm Codec\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-09-30 96984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-18 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-12 2000112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-21 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-01-16 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SketchBook Snapshot.lnk]
C:\PROGRA~1\Autodesk\SKETCH~1\SKETCH~2.EXE [2008-03-06 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK]
C:\PROGRA~1\Ubisoft\ASSASS~1\Register\REGIST~1.EXE -d 803378 -l english -r 7 -g Assassin's Creed -c us -i 3536 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^启动iTudou.lnk]
C:\PROGRA~1\Tudou\iTudou\iTudou.exe [2008-11-06 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loretta^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Loretta^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:礣orrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Tudou\iTudou\iTudou.exe"="C:\Program Files\Tudou\iTudou\iTudou.exe:*:Enabled:iTudou"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit"
"C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\VertigoGames\Game\BlackShot\Blackshot\system\BlackShot.exe"="C:\VertigoGames\Game\BlackShot\Blackshot\system\BlackShot.exe:*:Enabled:BlackShot"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSI磑?A^c傅c窫^O"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS I磑?A^c讣O碋║`器"
"P:\Kernie\Games\PC games\LFD\left4dead.exe"="P:\Kernie\Games\PC games\LFD\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======File associations======

.ini - open - C:\WINDOWS\System32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\notepad.exe %1

======List of files/folders created in the last 1 months======

2009-11-10 18:06:05 ----D---- C:\rsit
2009-11-10 17:28:56 ----A---- C:\ComboFix.txt
2009-11-09 02:58:46 ----A---- C:\Boot.bak
2009-11-09 02:58:42 ----RASHD---- C:\cmdcons
2009-11-09 02:49:56 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-09 02:49:56 ----A---- C:\WINDOWS\MBR.exe
2009-11-09 02:49:53 ----A---- C:\WINDOWS\zip.exe
2009-11-09 02:49:53 ----A---- C:\WINDOWS\SWREG.exe
2009-11-09 02:49:53 ----A---- C:\WINDOWS\sed.exe
2009-11-09 02:49:53 ----A---- C:\WINDOWS\PEV.exe
2009-11-09 02:49:53 ----A---- C:\WINDOWS\grep.exe
2009-11-09 02:49:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-09 02:49:52 ----A---- C:\WINDOWS\SWSC.exe
2009-11-09 02:49:42 ----D---- C:\WINDOWS\ERDNT
2009-11-09 02:49:30 ----D---- C:\schrauber
2009-11-09 02:46:12 ----D---- C:\Qoobox
2009-11-05 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-10-23 17:11:21 ----D---- C:\Documents and Settings\Loretta\Application Data\Malwarebytes
2009-10-23 10:53:41 ----A---- C:\WINDOWS\imsins.BAK
2009-10-23 10:53:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-22 20:35:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-22 20:35:26 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-22 20:31:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-22 20:28:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-22 18:56:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-22 18:56:54 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-18 18:26:49 ----A---- C:\RootRepeal report 10-18-09 (18-26-49).txt
2009-10-17 02:50:20 ----D---- C:\Program Files\Trend Micro
2009-10-16 21:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-16 21:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-16 21:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 21:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 21:16:53 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 21:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 21:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-16 21:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-16 21:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-16 21:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 01:24:05 ----A---- C:\WINDOWS\system32\$$arcdatafile$$.tmp
2009-10-12 01:08:59 ----D---- C:\WINDOWS\system32\xlive
2009-10-12 01:08:59 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-10-12 01:08:30 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-10-12 01:08:30 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-10-12 01:08:29 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-10-12 01:08:28 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-10-12 01:08:28 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-10-12 01:08:26 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-10-12 01:08:19 ----D---- C:\WINDOWS\Logs
2009-10-12 00:28:04 ----D---- C:\Program Files\Street Fighter IV

======List of files/folders modified in the last 1 months======

2009-11-10 18:05:48 ----D---- C:\WINDOWS\Temp
2009-11-10 17:41:56 ----D---- C:\Program Files\Mozilla Firefox
2009-11-10 17:38:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-10 17:38:11 ----D---- C:\WINDOWS\system32
2009-11-10 17:28:59 ----D---- C:\WINDOWS\system32\drivers
2009-11-10 17:27:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-10 17:23:32 ----D---- C:\WINDOWS
2009-11-10 17:23:32 ----A---- C:\WINDOWS\system.ini
2009-11-10 17:13:25 ----D---- C:\WINDOWS\system32\config
2009-11-10 17:10:10 ----D---- C:\WINDOWS\AppPatch
2009-11-10 17:10:06 ----D---- C:\Program Files\Common Files
2009-11-10 16:49:06 ----ASH---- C:\boot.ini
2009-11-10 16:49:06 ----A---- C:\WINDOWS\win.ini
2009-11-10 07:49:36 ----A---- C:\WINDOWS\psnetwork.ini
2009-11-10 07:49:30 ----A---- C:\WINDOWS\PCDNSetting.ini
2009-11-09 03:03:36 ----D---- C:\Program Files
2009-11-09 03:03:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-09 02:45:58 ----D---- C:\WINDOWS\Prefetch
2009-11-08 01:37:25 ----HD---- C:\WINDOWS\inf
2009-11-08 01:37:25 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-05 03:00:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-04 20:34:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-01 14:18:49 ----A---- C:\WINDOWS\powerplayer.ini
2009-11-01 12:39:49 ----D---- C:\Program Files\PPStream
2009-11-01 12:39:24 ----A---- C:\WINDOWS\powerlist.ini
2009-10-31 14:14:36 ----D---- C:\RECYCLER
2009-10-29 21:47:02 ----SHD---- C:\WINDOWS\Installer
2009-10-29 21:18:28 ----D---- C:\Program Files\PeerGuardian2
2009-10-28 23:41:25 ----D---- C:\WINDOWS\Minidump
2009-10-23 12:56:23 ----A---- C:\WINDOWS\PPSMediaList.ini
2009-10-23 10:53:33 ----D---- C:\Program Files\Internet Explorer
2009-10-20 08:08:13 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-19 01:09:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-17 03:22:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-17 03:21:36 ----RSD---- C:\WINDOWS\assembly
2009-10-16 21:19:21 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-16 21:18:51 ----D---- C:\WINDOWS\WinSxS
2009-10-16 21:16:37 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-16 20:52:03 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-12 10:37:24 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-10-12 02:23:35 ----D---- C:\Program Files\Yahoo!
2009-10-12 02:21:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-12 01:09:06 ----D---- C:\WINDOWS\system32\DirectX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-02-03 15424]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-04-15 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-21 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-02-03 512096]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-09-21 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-19 4617728]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-04 41504]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2002-09-21 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-07 7429088]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-02-04 14240]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-02-04 938272]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-09-19 101504]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 aby1b22j;aby1b22j; C:\WINDOWS\system32\drivers\aby1b22j.sys []
S3 catchme;catchme; \??\C:\schrauber4978s\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Kenny\LOCALS~1\Temp\FUT10A6.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-03-18 79360]
R2 Basics Service;Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 124280]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-18 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-02-03 549256]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-07 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-14 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 IFA_Moore Service;IFA_Moore Service; C:\Program Files\Common Files\Primal Pictures Shared\Service\IFA_Moore Service File.exe [2009-01-16 68096]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt



info.txt logfile of random's system information tool 1.06 2009-11-10 18:06:13

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B095CD4-555F-4F70-9B90-B1DB84D810ED}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
礣orrent-->"C:\Program Files\uTorrent\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acoustica MP3 Audio Mixer-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Ahead Nero - Burning Rom-->C:\WINDOWS\UNNERO.exe /UNINSTALL
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Autodesk 3ds Max 2009 32-bit Movies-->MsiExec.exe /I{305D5417-E687-0409-AA09-53DE06E059F8}
Autodesk 3ds Max 2009 32-bit ProMaterials Library-->MsiExec.exe /I{2AB45FAF-2D92-0409-8D33-E2FE6172280E}
Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In-->MsiExec.exe /I{744A5C19-AA4C-0409-BC07-9F4C73C8B247}
Autodesk Backburner 2008.1-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Autodesk SketchBookPro 2009-->MsiExec.exe /X{085853EB-2F9A-4ED2-9F78-6E8DF546F99A}
Before You Know It 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5415451A-BB72-4779-A0B6-3BF5562FAF48}\Setup.exe" -l0x9
BlackShot 力芭-->"C:\VertigoGames\Game\BlackShot\uninstall.exe"
Bluerock Technologies Flight Studio 3ds Max 2009 32-bit-->MsiExec.exe /I{0B56244C-7B61-0409-A739-3E29DDE4DC3C}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen MicroPhoto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AEC8F41-4701-415D-9782-F69CFB535463}\SETUP.EXE" -l0x9 /remove
Creative ZEN Stone User's Guide-->"C:\Program Files\Creative\Creative ZEN Stone\UGRemove.exe" /Product_Name:ZENStoneUG
CX4300_5500_DX4400 manual-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\ENG\USE_G\DOCUNINS.EXE
DAEMON Tools-->MsiExec.exe /I{0EF160D7-B9C3-4778-93CC-B2379BA59FE5}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drive Manager-->"C:\Program Files\InstallShield Installation Information\{48B0F38D-1913-44F3-99AA-D4C55A2B038E}\setup.exe" -runfromtemp -l0x0409 -removeonly
Drive Manager-->MsiExec.exe /I{48B0F38D-1913-44F3-99AA-D4C55A2B038E}
Dynamic Energy Saver B7.1214.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}\setup.exe" -l0x9 -removeonly
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
eMule VeryCD版-->C:\Program Files\eMule\uninstall.exe
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
Garena-->C:\Program Files\Garena\uninst.exe
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Graphmatica-->C:\Program Files\Graphmatica\uninstall.exe
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IFA_Moore (Shared Components)-->C:\Program Files\Common Files\Primal Pictures Shared\Uninstall\IFAMoore\B2FF9000\UninstApplet.exe /uninstall
iTudou 2.2-->C:\Program Files\Tudou\iTudou\uninst.exe
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Korean Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
My Program 1.5-->"C:\WINDOWS\unins000.exe"
Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia Multimedia Common Components 2.4-->MsiExec.exe /I{6EB6C056-02BB-453E-8448-EC90B9794180}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PPStream V2.6.86.8800 Final-->C:\Program Files\PPStream\unpps.exe
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
SC Ver 2.68-->"C:\Program Files\SC\unins000.exe"
Scan2PDF 1.6-->"C:\Program Files\Scan2PDF\unins000.exe"
S-Class UI 3D Widget-->MsiExec.exe /I{16D0706A-829E-46B2-9101-2E450510F3AC}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sibelius Scorch Plugin 5.2.5.30-->"C:\Program Files\Musicnotes\unins000.exe"
Skype 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst6.10.00.exe
Street Fighter IV-->"C:\Program Files\Street Fighter IV\Uninstall\unins000.exe"
Turbo Squid Tentacles 3ds Max 2009 32-bit-->MsiExec.exe /X{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
???? 5.0.1-->"C:\Program Files\TTPlayer\uninst.exe"

======Security center information======

AV: ESET NOD32 antivirus system 2.70

======System event log======

Computer Name: KENNY-32C3A9A8F
Event Code: 51
Message: An error was detected on device \Device\Harddisk6\D during a paging operation.

Record Number: 2806
Source Name: Disk
Time Written: 20091105001227.000000+480
Event Type: warning
User:

Computer Name: KENNY-32C3A9A8F
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 2783
Source Name: DCOM
Time Written: 20091104005914.000000+480
Event Type: error
User: KENNY-32C3A9A8F\Kenny

Computer Name: KENNY-32C3A9A8F
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 2782
Source Name: Disk
Time Written: 20091103215211.000000+480
Event Type: warning
User:

Computer Name: KENNY-32C3A9A8F
Event Code: 15300
Message: MTP WPD Driver has failed to start. Error 0x8004201e.

Record Number: 2778
Source Name: WPDMTPDriver
Time Written: 20091103214644.000000+480
Event Type: error
User:

Computer Name: KENNY-32C3A9A8F
Event Code: 15208
Message: MTP Protocol Driver has detected that the device 'Creative Technology Ltd, Creative Zen MicroPhoto, 1.20.01_0.00.65' cannot accept read-only properties when creating new objects ((15)).

Record Number: 2775
Source Name: WPDMTPDriver
Time Written: 20091103205917.000000+480
Event Type: warning
User:

=====Application event log=====

Computer Name: KENNY-32C3A9A8F
Event Code: 1517
Message: Windows saved user KENNY-32C3A9A8F\Kenny registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 50391
Source Name: Userenv
Time Written: 20091004132521.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KENNY-32C3A9A8F
Event Code: 1517
Message: Windows saved user KENNY-32C3A9A8F\Kenny registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 50374
Source Name: Userenv
Time Written: 20091003230914.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KENNY-32C3A9A8F
Event Code: 10005
Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , ,

Record Number: 50331
Source Name: MsiInstaller
Time Written: 20091003183156.000000+480
Event Type: error
User: KENNY-32C3A9A8F\Loretta

Computer Name: KENNY-32C3A9A8F
Event Code: 10005
Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , ,

Record Number: 50330
Source Name: MsiInstaller
Time Written: 20091003183156.000000+480
Event Type: error
User: KENNY-32C3A9A8F\Loretta

Computer Name: KENNY-32C3A9A8F
Event Code: 10005
Message: Product: Windows Live Mail -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , ,

Record Number: 50327
Source Name: MsiInstaller
Time Written: 20091003183152.000000+480
Event Type: error
User: KENNY-32C3A9A8F\Loretta

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Ringz Studio\Storm Codec\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter;C:\Program Files\Autodesk\Backburner;C:\Program Files\Common Files\Autodesk Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 10 November 2009 - 02:46 PM

Hi,

How is your system running?

iTudou 2.2


Do you know this software?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 Lorrretta

Lorrretta
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 11 November 2009 - 05:15 AM

The computer works fine since a few days before I asked the moderator to reopen the thread.

It is still not showing any signs nor symptoms. I just want to ensure that my computer is malware free.

Yup I know the program itudou2.2. It's just a program that allows you to download the songs/ video when you watch on video sharing website: www.tudou.com which is similar to youtube.

I have not been using the software.
If you think that it will give me problems, I can delete it =)

Thanks for your help.

Is the computer all clear yet?

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:08:02 PM

Posted 11 November 2009 - 03:32 PM

Lets run an onlinecan, then we take out the leftovers :(.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users