Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Slugish system and program freezing

Started by Vigor , Oct 18 2009 11:37 AM

  • This topic is locked This topic is locked
58 replies to this topic

#1 Vigor

Vigor

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 18 October 2009 - 11:37 AM

Hello!

My computer:
Processor
AMD Athlon™ 64 Processor 3200+
Version:
x86 Family 15 Model 47 Stepping 0
Speed:
2009 MHz
Operating System
Microsoft Windows XP Professional
Version:
5.1.2600
Service Pack:
3.0
Location:
C:\WINDOWS
PID:
55274-640-8365391-23306
Hot Fix:
KB956391
Memory RAM: 1GB
Local Disk:
Total Capacity: 186.31 GB
Sum of Hard Disks: (C: D: E: )

About a month ago my computer started acting funny. I suspect it is a malware of some kind because my computer started having problems in matter of minutes after I noticed something was ‘’happening’’.
I was playing a video game and it’s graphics started ‘’freezing’’ (internet was turned on) and it took forever to load it again. I tried few more games and all of them stared loading slowly and freezing, all I could do was turn them off in the Task Manager. I uninstalled all of my games and reinstalled them back, they load just fine but as soon as I start playing them they completely freeze (task manager shows around 200.000 K mem. usage.
I also noticed that fssm32.exe (F-secure file) was using allot of memory (from 50.000 to 200.000 K) depending on what other program was running. I use no other Firewall or anti malware programs.
Firefox (when on the net) uses around 200.000 K of mem. , and almost any other program uses almost as much memory, including all my games that freeze).
I also uninstalled F-secure but after reinstalling it and doing all necessary updates nothing changed, and the problem was still there!
I scanned my system thoroughly a few times but never found any malware or viruses.
Often when I am shutting down the computer it takes a very long time and I ‘’get’’ a window from Task Manager informing me that ‘’F-secure manger is non responsive’’ and that it needs to shut down!
I do download allot but I always take measures and scan all the files, firewall is never off.
I didn't install any ‘suspicious’ programs before my computer started experiencing problems.
I followed instructions from Preparation Guide For Use Before Posting A Hijackthis Log. and downloaded from DDS Tool Download Link.
A DSS log:
DDS (Ver_09-10-13.01) - NTFSx86
Run by Ema at 14:33:51,89 on ned 18.10.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.425 [GMT 2:00]
AV: Amis Internet Security 8.01 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Amis Internet Security 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe
D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\FSGK32.EXE
D:\Program Files\Varovalni sistem 2006\Common\FSMB32.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Varovalni sistem 2006\Common\FCH32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsqh.exe
D:\Program Files\Varovalni sistem 2006\Common\FAMEH32.EXE
D:\Program Files\Varovalni sistem 2006\FSPC\fspc.exe
D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fssm32.exe
D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe
D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsus.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE
D:\Program Files\Varovalni sistem 2006\FSGUI\fsguidll.exe
D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Ema\Desktop\dds.scr

============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - d:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - d:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [AdobeBridge]
mRun: [pdfSaver3]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [F-Secure Manager] "d:\program files\varovalni sistem 2006\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "d:\program files\varovalni sistem 2006\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [News Service] "d:\program files\varovalni sistem 2006\fsgui\ispnews.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - d:\program files\varovalni sistem 2006\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - d:\program files\varovalni sistem 2006\fspc\fspcmsie.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: d:\program files\varovalni sistem 2006\fsps\program\FSLSP.DLL
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~3\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ema\applic~1\mozilla\firefox\profiles\lvmlk2jp.default\
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: d:\program files\adobe\acrobat 5.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: d:\program files\realplayer\netscape6\nprpjplug.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\divx\divx web player\npdivx32.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-10-7 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-10-7 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;d:\program files\varovalni sistem 2006\hips\drivers\fshs.sys [2009-10-7 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\program files\varovalni sistem 2006\anti-virus\minifilter\fsgk.sys [2009-10-7 101496]
R3 FSORSPClient;F-Secure ORSP Client;d:\program files\varovalni sistem 2006\orsp client\fsorsp.exe [2009-10-7 55904]
S2 gupdate1c9bc394163852e;Google Update Service (gupdate1c9bc394163852e);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;d:\program files\varovalni sistem 2006\anti-virus\win2k\fsfilter.sys [2009-10-7 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;d:\program files\varovalni sistem 2006\anti-virus\win2k\fsrec.sys [2009-10-7 25184]
=============== Created Last 30 ================
2009-10-14 21:43 <DIR> --d----- c:\program files\common files\Control Panels
2009-10-14 21:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ALM
2009-10-14 21:01 <DIR> --d----- c:\program files\Bonjour
2009-10-14 20:54 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-10-13 14:24 <DIR> --d----- c:\program files\trend micro
2009-10-13 14:01 <DIR> --d----- c:\windows\system32\NtmsData
2009-10-13 11:34 <DIR> --d----- c:\docume~1\ema\applic~1\Malwarebytes
2009-10-09 11:38 <DIR> --d----- c:\docume~1\ema\applic~1\Personal
2009-10-09 11:38 <DIR> --d----- c:\program files\Personal
2009-10-09 11:38 248 a------- c:\windows\ODBC.INI
2009-10-09 11:38 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-10-08 16:25 116 a------- c:\windows\NeroDigital.ini
2009-10-08 15:50 49,870 -------- c:\windows\UNNMP.cfg
2009-10-08 15:50 2,920,448 -------- c:\windows\UNNMP.exe
2009-10-08 15:48 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-10-08 15:46 214,565 -------- c:\windows\UNNeroVision.cfg
2009-10-08 15:46 2,916,352 -------- c:\windows\UNNeroVision.exe
2009-10-08 15:45 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-10-08 15:45 38,912 -------- c:\windows\system32\picn20.dll
2009-10-08 15:44 56,072 -------- c:\windows\UNMRW.cfg
2009-10-08 15:44 2,916,352 -------- c:\windows\UNMRW.exe
2009-10-08 15:43 59,070 -------- c:\windows\NuNinst.cfg
2009-10-08 15:43 2,916,352 -------- c:\windows\NuNinst.exe
2009-10-08 15:43 99,584 -------- c:\windows\system32\drivers\InCDfs.sys
2009-10-08 15:43 29,696 -------- c:\windows\system32\drivers\InCDpass.sys
2009-10-08 15:43 8,704 -------- c:\windows\system32\drivers\InCDrec.sys
2009-10-08 15:43 <DIR> --d----- c:\windows\InCD
2009-10-08 15:43 28,160 -------- c:\windows\system32\drivers\InCDrm.sys
2009-10-08 11:58 <DIR> --d----- c:\windows\pss
2009-10-07 11:38 33,920 a------- c:\windows\system32\drivers\fsbts.sys
2009-10-07 10:52 79,872 a------- c:\windows\system32\drivers\fsdfw.sys
2009-10-07 10:52 33,584 a------- c:\windows\system32\drivers\fsndis5.sys
2009-10-07 10:52 1,716,224 a------- c:\windows\system32\winsflte.dll
2009-10-07 10:52 1,236,992 a------- c:\windows\system32\cfgmig32.dll
2009-10-07 10:52 1,187,840 a------- c:\windows\system32\winsflt.dll
2009-10-06 20:01 765,952 -------- c:\windows\system32\dllcache\vgx.dll
2009-10-06 20:01 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll
2009-10-06 20:01 221,184 a------- c:\windows\system32\wmpns.dll
2009-10-06 20:01 <DIR> --d----- c:\windows\system32\dllcache
2009-10-06 20:00 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-10-06 20:00 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-10-06 20:00 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-06 20:00 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-10-06 20:00 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-10-06 20:00 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-10-06 19:47 212,711 a------- c:\windows\system32\nvapps.nvb
2009-10-06 19:44 13,312 a------- c:\windows\system32\irclass.dll
2009-10-06 19:44 24,661 a------- c:\windows\system32\spxcoins.dll
2009-10-06 19:44 16,535 a----r-- c:\windows\SETB1.tmp
2009-10-06 19:44 1,088,840 a----r-- c:\windows\SETA5.tmp
2009-10-06 19:44 1,296,669 a----r-- c:\windows\SETA2.tmp
2009-09-30 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-30 12:41 5,600 a------- c:\windows\system32\drivers\WmVirHid.sys
2009-09-30 12:41 44,064 a------- c:\windows\system32\drivers\WmXlCore.sys
2009-09-30 12:41 21,280 a------- c:\windows\system32\drivers\WmFilter.sys
2009-09-30 12:41 10,144 a------- c:\windows\system32\drivers\WmBEnum.sys
2009-09-30 12:41 <DIR> --d----- c:\program files\common files\Logitech
2009-09-26 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-24 23:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-24 11:54 33,489 a------- c:\windows\system32\CNBJHLP2.HLP
2009-09-24 11:54 1,075 a------- c:\windows\system32\CNBJHLP2.CNT
2009-09-24 11:42 79,360 a------- c:\windows\system32\CNBJMON2.DLL
2009-09-22 21:43 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-09-22 21:42 802,816 -------- c:\windows\system32\imagXRA7.dll
2009-09-22 21:42 1,757,184 -------- c:\windows\system32\imagX7.dll
2009-09-22 21:42 497,296 -------- c:\windows\system32\imagXpr7.dll
2009-09-22 21:42 258,048 -------- c:\windows\system32\imagXR7.dll
==================== Find3M ====================
2009-10-06 19:57 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-09-26 01:16 233,472 a------- c:\windows\system32\wrap_oal.dll
2009-09-26 01:16 81,920 a------- c:\windows\system32\OpenAL32.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2005-01-01 19:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012005010120050102\index.dat
============= FINISH: 14:34:34,17 ===============

Attach.txt log:
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-10-13.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6.10.2009 20:02:18
System Uptime: 18.10.2009 13:59:14 (1 hours ago)
Motherboard: | | NF-CK804
Processor: AMD Athlon™ 64 Processor 3200+ | Socket 939 | 2009/201mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 18,669 GiB free.
D: is FIXED (NTFS) - 60 GiB total, 46,991 GiB free.
E: is FIXED (NTFS) - 96 GiB total, 15,648 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 6.10.2009 20:09:53 - Unsigned printer driver Canon Bubble-Jet BJC-1000 installed.
RP2: 6.10.2009 20:30:59 - Removed Nero 7 Essentials
RP3: 7.10.2009 10:52:24 - F-Secure PersonalExpress 6.15 build 50 Installation
RP4: 7.10.2009 11:37:28 - psc 8.01 build 129 Installation
RP5: 7.10.2009 19:46:25 - Installed DirectX
RP6: 7.10.2009 19:51:08 - Installed EA downloader
RP7: 7.10.2009 19:52:48 - Configured EA downloader
RP8: 8.10.2009 18:40:38 - Removed Acronis Disk Director Suite
RP9: 9.10.2009 11:36:49 - Namešceno Personal E-bank
RP10: 10.10.2009 14:22:56 - System Checkpoint
RP11: 11.10.2009 20:34:04 - System Checkpoint
RP12: 13.10.2009 18:59:48 - System Checkpoint
RP13: 14.10.2009 21:19:44 - Printer Driver Adobe PDF Converter Installed
RP14: 16.10.2009 11:17:14 - System Checkpoint
RP15: 17.10.2009 11:16:10 - 17.10.09
==== Installed Programs ======================
µTorrent
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.2
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Amis Internet Security
Apple Application Support
ArcSoft Camera Suite 1.3
BSPlayer
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
CorelDRAW Graphics Suite 12
Corporate E-bank SLO
Google Update Helper
Google Zemlja
Internet Library
Java™ 6 Update 15
Logitech Gaming Software
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office IME (Chinese (Simplified)) 2007
Microsoft Office IME (Chinese (Traditional)) 2007
Microsoft Office IME (Japanese) 2007
Microsoft Office IME (Korean) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Bulgarian) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (Chinese (Simplified)) 2007
Microsoft Office Proof (Chinese (Traditional)) 2007
Microsoft Office Proof (Croatian) 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (Danish) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Estonian) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proof (Gujarati) 2007
Microsoft Office Proof (Hebrew) 2007
Microsoft Office Proof (Hindi) 2007
Microsoft Office Proof (Hungarian) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Japanese) 2007
Microsoft Office Proof (Kannada) 2007
Microsoft Office Proof (Korean) 2007
Microsoft Office Proof (Latvian) 2007
Microsoft Office Proof (Lithuanian) 2007
Microsoft Office Proof (Marathi) 2007
Microsoft Office Proof (Norwegian (Bokmål)) 2007
Microsoft Office Proof (Norwegian (Nynorsk)) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Punjabi) 2007
Microsoft Office Proof (Romanian) 2007
Microsoft Office Proof (Russian) 2007
Microsoft Office Proof (Serbian (Latin)) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proof (Slovenian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proof (Tamil) 2007
Microsoft Office Proof (Telugu) 2007
Microsoft Office Proof (Thai) 2007
Microsoft Office Proof (Turkish) 2007
Microsoft Office Proof (Ukrainian) 2007
Microsoft Office Proof (Urdu) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Kit 2007
Microsoft Office Proofing Tools Kit 2007
Microsoft Office ProofMUI (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MindManager X5 Pro
MovieEdit Task
Mozilla Firefox (3.5.3)
Nero Suite
neroxml
NVIDIA Drivers
Orodje za poslovni nacrt
PDF-XChange 3.0
PDF Settings
Personal 4.7.1
Personal E-bank
PhotoStitch
PowerISO
QuickTime
RAW Image Task 1.1
RealPlayer
Realtek AC'97 Audio
RemoteCapture Task 1.0.3
Samsung ML-2010 Series
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB956391)
Shockwave
Skypeâ„¢ 4.1
Slovarji
Spelling Dictionaries Support For Adobe Reader 9
WebFldrs XP
WinRAR archiver
XviD 1.1 final uninstall
XviD MPEG-4 Codec
==== Event Viewer Messages From Past Week ========
14.10.2009 20:14:18, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
14.10.2009 20:13:21, error: F-Secure Gatekeeper [1] -
14.10.2009 14:57:15, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%3" Happened while starting this command: "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
14.10.2009 14:42:42, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00016CDF20A5 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
13.10.2009 20:07:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
13.10.2009 20:07:12, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
RootRepeal Log:
I downloaded RootRepeal as instructed.
When I run RootRepeal (I followed all instructions) it starts to initialize and then nothing happens, I waited for quite some time but it just ‘hangs’ there without displaying any progress and my computer ‘freezes’ and I can’t even turn it off!
I posted a new topic asking about this program; I got an answer from a Moderator with instructions to download Win32kDiag.exe and produce a Win32kDiag.txt file.
I tried it but this is what I got:
Running from: C:\Documents and Settings\Ema\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Ema\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished!

I also did this ( as advised):
‘’Let's see if we can produce some logs
Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
• This tool will create a diagnostic report
• Double-click on Win32kDiag.exe to run and let it finish.
• When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
• A file called Win32kDiag.txt should be created on your Desktop.
• Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


Go to > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:

CODE
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.’’

This is what I got:
Volume in drive C has no label.
Volume Serial Number is 58A1-6D8F
Directory of C:\WINDOWS\system32
14.04.2008 06:42 181.248 scecli.dll
Directory of C:\WINDOWS\system32
08.01.2009 21:09 407.040 netlogon.dll
Directory of C:\WINDOWS\system32
14.04.2008 06:41 56.320 eventlog.dll
3 File(s) 644.608 bytes
Total Files Listed:
3 File(s) 644.608 bytes
0 Dir(s) 20.057.804.800 bytes free

These are all the logs I managed to create!!!

I was told that with the DSS log you should have enough info
Quote:
''Group: Moderator
Posts: 21,876
Joined: 27-January 07
From: Cleveland, Ohio
Member No.: 108,618
As long as you could produce a DDS log you should be fine
Include the results from here and tell them that it is all you could produce
The HJT team is very busy so please be patient and good luck.''


Hope this gives you enough information for now!
Hope to hear from you and thank you for all your assistance!!!

Attached Files


Edited by Vigor, 19 October 2009 - 04:35 AM.

BC AdBot (Login to Remove)

 

#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 29 October 2009 - 05:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 30 October 2009 - 04:49 AM

Hello!
First I would like to thank you for your response.
I haven’t resolved my problem because I haven’t been trying to do anything (as instructed by BleepingComputer).
Applications still use allot of memory.
I haven’t tried running any of my games that were freezing because I didn’t reinstall them again; as instructed by BleepingComputer: 'Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/265254/slugish-system-and-program-freezing/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc)'.

Firefox made few automatic updates but other then that there were no changes to my computer.

I did the DSS scan again as you instructed me and here it is:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Ema at 8:52:35,84 on pet 30.10.2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.526 [GMT 1:00]

AV: Amis Internet Security 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Amis Internet Security 8.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe
D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\FSGK32.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Varovalni sistem 2006\Common\FSLAUNCHER0.EXE
C:\Documents and Settings\Ema\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - d:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - d:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [AdobeBridge]
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [pdfSaver3]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [F-Secure Manager] "d:\program files\varovalni sistem 2006\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "d:\program files\varovalni sistem 2006\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [News Service] "d:\program files\varovalni sistem 2006\fsgui\ispnews.exe"
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~2\server\bin\VERSIO~2.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\personal.lnk - c:\program files\personal\bin\Personal.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - d:\program files\varovalni sistem 2006\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - d:\program files\varovalni sistem 2006\fspc\fspcmsie.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: d:\program files\varovalni sistem 2006\fsps\program\FSLSP.DLL
DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - hxxp://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~3\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ema\applic~1\mozilla\firefox\profiles\lvmlk2jp.default\
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: d:\program files\adobe\acrobat 5.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: d:\program files\realplayer\netscape6\nprpjplug.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\divx\divx web player\npdivx32.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-10-7 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-10-7 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;d:\program files\varovalni sistem 2006\hips\drivers\fshs.sys [2009-10-7 67808]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\program files\varovalni sistem 2006\anti-virus\minifilter\fsgk.sys [2009-10-7 101496]
S2 gupdate1c9bc394163852e;Google Update Service (gupdate1c9bc394163852e);c:\program files\google\update\GoogleUpdate.exe [2009-4-13 133104]
S3 FSORSPClient;F-Secure ORSP Client;d:\program files\varovalni sistem 2006\orsp client\fsorsp.exe [2009-10-7 55904]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;d:\program files\varovalni sistem 2006\anti-virus\win2k\fsfilter.sys [2009-10-7 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;d:\program files\varovalni sistem 2006\anti-virus\win2k\fsrec.sys [2009-10-7 25184]

=============== Created Last 30 ================

2009-10-14 19:43:41 0 d-----w- c:\program files\common files\Control Panels
2009-10-14 19:41:03 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2009-10-14 19:01:41 0 d-----w- c:\program files\Bonjour
2009-10-14 18:54:54 0 d-----w- c:\program files\common files\Macrovision Shared
2009-10-13 12:24:52 0 d-----w- c:\program files\trend micro
2009-10-13 12:01:18 0 d-----w- c:\windows\system32\NtmsData
2009-10-13 09:34:40 0 d-----w- c:\docume~1\ema\applic~1\Malwarebytes
2009-10-09 09:38:37 0 d-----w- c:\docume~1\ema\applic~1\Personal
2009-10-09 09:38:32 0 d-----w- c:\program files\Personal
2009-10-09 09:38:23 248 ----a-w- c:\windows\ODBC.INI
2009-10-09 09:38:04 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2009-10-08 14:25:23 116 ----a-w- c:\windows\NeroDigital.ini
2009-10-08 13:50:21 49870 ------w- c:\windows\UNNMP.cfg
2009-10-08 13:50:20 2920448 ------w- c:\windows\UNNMP.exe
2009-10-08 13:48:51 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-10-08 13:46:15 214565 ------w- c:\windows\UNNeroVision.cfg
2009-10-08 13:46:14 2916352 ------w- c:\windows\UNNeroVision.exe
2009-10-08 13:45:26 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-10-08 13:45:25 38912 ------w- c:\windows\system32\picn20.dll
2009-10-08 13:44:07 56072 ------w- c:\windows\UNMRW.cfg
2009-10-08 13:44:06 2916352 ------w- c:\windows\UNMRW.exe
2009-10-08 13:43:38 59070 ------w- c:\windows\NuNinst.cfg
2009-10-08 13:43:37 2916352 ------w- c:\windows\NuNinst.exe
2009-10-08 13:43:34 99584 ------w- c:\windows\system32\drivers\InCDfs.sys
2009-10-08 13:43:34 8704 ------w- c:\windows\system32\drivers\InCDrec.sys
2009-10-08 13:43:34 29696 ------w- c:\windows\system32\drivers\InCDpass.sys
2009-10-08 13:43:33 28160 ------w- c:\windows\system32\drivers\InCDrm.sys
2009-10-08 13:43:33 0 d-----w- c:\windows\InCD
2009-10-08 09:58:49 0 d-----w- c:\windows\pss
2009-10-07 09:38:42 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-10-07 08:52:40 79872 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-10-07 08:52:40 33584 ----a-w- c:\windows\system32\drivers\fsndis5.sys
2009-10-07 08:52:39 1716224 ----a-w- c:\windows\system32\winsflte.dll
2009-10-07 08:52:39 1236992 ----a-w- c:\windows\system32\cfgmig32.dll
2009-10-07 08:52:39 1187840 ----a-w- c:\windows\system32\winsflt.dll
2009-10-06 19:32:31 1073324032 ----a-w- c:\windows\MEMORY.DMP
2009-10-06 18:01:56 765952 ------w- c:\windows\system32\dllcache\vgx.dll
2009-10-06 18:01:48 3593216 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-06 18:01:32 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-06 18:01:17 0 d-----w- c:\windows\system32\dllcache
2009-10-06 18:00:11 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2009-10-06 18:00:07 749 ---ha-r- c:\windows\WindowsShell.Manifest
2009-10-06 18:00:07 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2009-10-06 18:00:07 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2009-10-06 18:00:07 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2009-10-06 18:00:07 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2009-10-06 17:47:54 212711 ----a-w- c:\windows\system32\nvapps.nvb
2009-10-06 17:44:56 13312 ----a-w- c:\windows\system32\irclass.dll
2009-10-06 17:44:55 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-10-06 17:44:38 16535 ----a-r- c:\windows\SETB1.tmp
2009-10-06 17:44:36 1088840 ----a-r- c:\windows\SETA5.tmp
2009-10-06 17:44:34 1296669 ----a-r- c:\windows\SETA2.tmp
2009-09-30 13:39:58 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2009-09-30 10:41:39 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-09-30 10:41:38 44064 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-09-30 10:41:38 21280 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-09-30 10:41:38 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-09-30 10:41:36 0 d-----w- c:\program files\common files\Logitech

==================== Find3M ====================

2009-10-06 17:57:53 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-25 23:16:01 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-25 23:16:01 233472 ----a-w- c:\windows\system32\wrap_oal.dll
2005-01-01 17:16:25 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012005010120050102\index.dat

============= FINISH: 8:52:48,51 ===============

-Attach.exe (is zipped and attached)!

This is a description of my problem:

about a month ago my computer started acting funny. I suspect it is a malware of some kind or a virus because my computer started having problems in matter of minutes after I noticed something was wrong.
I was playing a video game and it’s graphics started ‘freezing’ (internet was turned on) and it took forever to load it again.
I tried few more games and all of them stared loading slowly and freezing, all I could do was turn them off in the Task Manager. I uninstalled all of my games and reinstalled them back, they load just fine but as soon as I start playing them they completely freeze (task manager shows around 200.000 K mem. usage).
I also noticed that fssm32.exe (F-secure file) uses allot of memory (from 50.000 to 200.000 K).
I use no other Firewall or anti malware programs just F-secure!
Firefox uses around 200.000 K of mem. , and almost any other program uses as much memory, including all my games that freeze).

I also uninstalled F-secure but after reinstalling it and doing all necessary updates nothing changed, and the problem was still there!

I scanned my system thoroughly, few times but never found any malware or viruses.
Sometimes when I am shutting down the computer it takes a very long time and I get a window from the Task Manager informing me that ‘F-secure manger is non responsive’ and that it needs to shut down!
Recently I’ve been getting a message that the ‘n’ program is not responsive and that it needs to shut down.
I do download allot but I always take measures and scan all files, firewall is never off.
I didn't install any ‘suspicious’ programs before my computer started experiencing problems.
Hope this gives you enough info!!!!

Thank you for your assistance and looking forward to your solution!
Vigor :(

Attached Files


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 30 October 2009 - 04:00 PM

Hello, Vigor and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 30 October 2009 - 06:06 PM

Hello Tom,
Thank you for a quick response.

I did as you instructed me and here is my gmer.log:

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-30 23:37:36
Windows 5.1.2600 Service Pack 3
Running: jr0pq7o3.exe; Driver: C:\DOCUME~1\Ema\LOCALS~1\Temp\kfgirkog.sys


---- System - GMER 1.0.15 ----

SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xF5588C44]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xF5588C5E]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xF5587E02]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xF558812A]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xF5587B4E]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xF558855C]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xF55897FA]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xF55883AC]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xF55879D4]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xF5587E36]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xF5587FB0]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xF5587934]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xF5587A8A]
SSDT \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xF5587EFA]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2758
80501F90 12 Bytes [D4, 79, 58, F5, 36, 7E, 58, ...]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat
fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

I only scanned C: (where I have all my system files), my programs are mainly installed on D: (wasn’t sure if you need me to scan all my partitions).

Hope this helps you!

Thanks again and hope to read from you soon :(

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 31 October 2009 - 09:26 AM

Hi :(



Step 1

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).





Step 2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)







Please post back with:
  • GooredFix-Logfile
  • Both RSIT-Logfiles
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 31 October 2009 - 10:22 AM

Hello :(

Here is the GooredFix-Logfile:

GooredFix by jpshortstuff (24.09.09.1)
Log created at 16:08 on 31/10/2009 (Ema)
Firefox version 3.5.4 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="D:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:29 02/04/2009]

-=E.O.F=-

RSIT - Logfiles:

-log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ema at 2009-10-31 16:10:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (55%) free of 31 GB
Total RAM: 1023 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:56, on 31.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe
D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\FSGK32.EXE
D:\Program Files\Varovalni sistem 2006\Common\FSMB32.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Varovalni sistem 2006\Common\FCH32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fssm32.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsqh.exe
D:\Program Files\Varovalni sistem 2006\Common\FAMEH32.EXE
D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe
D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe
D:\Program Files\Varovalni sistem 2006\FSPC\fspc.exe
D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsus.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE
D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe
C:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Varovalni sistem 2006\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ema\Desktop\RSIT.exe
C:\Program Files\trend micro\Ema.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Varovalni sistem 2006\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Varovalni sistem 2006\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Varovalni sistem 2006\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Varovalni sistem 2006\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9bc394163852e) (gupdate1c9bc394163852e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11504 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"= []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"F-Secure Manager"=D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE [2008-12-04 182936]
"F-Secure TNB"=D:\Program Files\Varovalni sistem 2006\FSGUI\TNBUtil.exe [2008-12-04 957024]
"News Service"=D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe [2005-05-31 356352]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-05-13 1397760]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-28 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-10-21 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [2003-11-25 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE [2008-12-04 182936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
D:\Program Files\Varovalni sistem 2006\FSGUI\TNBUtil.exe [2008-12-04 957024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IME JPN 2007 Migration]
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE [2006-10-26 59184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Korean IME Migration]
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [2006-10-26 26400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Pinyin IME Migration]
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE [2006-10-26 32560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe [2005-05-31 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [2004-09-05 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-07-03 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-02-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-28 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 4.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-01-08 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-08 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "D:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-10-31 16:10:12 ----D---- C:\rsit
2009-10-29 15:21:52 ----D---- C:\Documents and Settings\Ema\Application Data\Ahead
2009-10-14 20:43:41 ----D---- C:\Program Files\Common Files\Control Panels
2009-10-14 20:41:03 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2009-10-14 20:01:41 ----D---- C:\Program Files\Bonjour
2009-10-14 19:54:54 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-10-13 13:24:52 ----D---- C:\Program Files\trend micro
2009-10-13 13:01:18 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-13 10:34:40 ----D---- C:\Documents and Settings\Ema\Application Data\Malwarebytes
2009-10-09 10:38:37 ----D---- C:\Documents and Settings\Ema\Application Data\Personal
2009-10-09 10:38:33 ----D---- C:\Documents and Settings\Ema\Application Data\Netscape
2009-10-09 10:38:32 ----D---- C:\Program Files\Personal
2009-10-09 10:38:23 ----A---- C:\WINDOWS\ODBC.INI
2009-10-09 10:38:04 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-10-08 15:25:23 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-08 14:50:20 ----N---- C:\WINDOWS\UNNMP.exe
2009-10-08 14:48:51 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-10-08 14:46:14 ----N---- C:\WINDOWS\UNNeroVision.exe
2009-10-08 14:45:26 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-10-08 14:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-10-08 14:45:25 ----N---- C:\WINDOWS\system32\picn20.dll
2009-10-08 14:44:06 ----N---- C:\WINDOWS\UNMRW.exe
2009-10-08 14:43:37 ----N---- C:\WINDOWS\NuNinst.exe
2009-10-08 14:43:34 ----D---- C:\Program Files\Common Files\Ahead
2009-10-08 14:43:33 ----D---- C:\WINDOWS\InCD
2009-10-08 14:43:33 ----D---- C:\Program Files\Ahead
2009-10-08 10:58:49 ----D---- C:\WINDOWS\pss
2009-10-07 09:52:39 ----A---- C:\WINDOWS\system32\winsflte.dll
2009-10-07 09:52:39 ----A---- C:\WINDOWS\system32\winsflt.dll
2009-10-07 09:52:39 ----A---- C:\WINDOWS\system32\cfgmig32.dll
2009-10-06 19:05:42 ----D---- C:\WINDOWS\Prefetch
2009-10-06 19:01:32 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-06 19:01:17 ----D---- C:\WINDOWS\system32\dllcache
2009-10-06 19:00:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-06 18:44:56 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-06 18:44:55 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-06 18:44:38 ----RA---- C:\WINDOWS\SETB1.tmp
2009-10-06 18:44:36 ----RA---- C:\WINDOWS\SETA5.tmp
2009-10-06 18:44:34 ----RA---- C:\WINDOWS\SETA2.tmp

======List of files/folders modified in the last 1 months======

2009-10-31 16:10:54 ----D---- C:\WINDOWS\Temp
2009-10-31 15:35:25 ----D---- C:\Documents and Settings\Ema\Application Data\uTorrent
2009-10-31 11:44:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-31 11:43:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-30 19:42:30 ----D---- C:\Documents and Settings\Ema\Application Data\Adobe
2009-10-30 18:41:04 ----A---- C:\WINDOWS\amebis.ini
2009-10-26 16:13:49 ----HD---- C:\WINDOWS\inf
2009-10-25 09:29:27 ----D---- C:\WINDOWS\system32
2009-10-25 09:29:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-21 19:21:23 ----SHD---- C:\WINDOWS\Installer
2009-10-19 23:24:51 ----D---- C:\WINDOWS\Minidump
2009-10-19 23:24:48 ----D---- C:\WINDOWS
2009-10-18 19:30:55 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-10-16 14:15:13 ----D---- C:\WINDOWS\system32\drivers
2009-10-16 08:54:58 ----RD---- C:\Program Files
2009-10-15 11:43:15 ----D---- C:\Documents and Settings\Ema\Application Data\Skype
2009-10-15 10:44:05 ----D---- C:\Documents and Settings\Ema\Application Data\skypePM
2009-10-14 20:46:17 ----D---- C:\Program Files\Common Files\Adobe
2009-10-14 20:43:41 ----D---- C:\Program Files\Common Files
2009-10-14 20:38:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-14 20:33:56 ----D---- C:\Program Files\Adobe
2009-10-14 20:13:36 ----RSD---- C:\WINDOWS\Fonts
2009-10-14 20:09:10 ----D---- C:\WINDOWS\WinSxS
2009-10-13 19:18:07 ----SD---- C:\WINDOWS\Tasks
2009-10-13 14:19:37 ----A---- C:\ctapi_out_gr.txt
2009-10-13 11:46:34 ----SH---- C:\boot.ini
2009-10-13 11:46:34 ----A---- C:\WINDOWS\win.ini
2009-10-13 11:46:34 ----A---- C:\WINDOWS\system.ini
2009-10-09 10:38:33 ----D---- C:\Documents and Settings\Ema\Application Data\Mozilla
2009-10-09 10:36:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-08 19:38:22 ----D---- C:\WINDOWS\Help
2009-10-07 18:46:51 ----D---- C:\WINDOWS\system32\DirectX
2009-10-07 18:46:49 ----RSD---- C:\WINDOWS\assembly
2009-10-07 10:40:25 ----D---- C:\WINDOWS\rnapxs
2009-10-07 10:37:07 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2009-10-07 09:52:39 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-10-06 20:35:30 ----D---- C:\WINDOWS\L2Schemas
2009-10-06 20:35:29 ----D---- C:\WINDOWS\system32\usmt
2009-10-06 20:35:28 ----D---- C:\WINDOWS\AppPatch
2009-10-06 20:35:26 ----D---- C:\WINDOWS\system32\Setup
2009-10-06 20:35:18 ----D---- C:\WINDOWS\Media
2009-10-06 20:35:17 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-06 20:35:15 ----D---- C:\WINDOWS\system32\scripting
2009-10-06 20:35:02 ----D---- C:\WINDOWS\PeerNet
2009-10-06 20:35:02 ----D---- C:\WINDOWS\ime
2009-10-06 20:34:38 ----D---- C:\WINDOWS\system32\npp
2009-10-06 20:34:35 ----D---- C:\WINDOWS\mui
2009-10-06 20:34:31 ----D---- C:\WINDOWS\msagent
2009-10-06 20:34:25 ----D---- C:\WINDOWS\system32\en
2009-10-06 20:34:06 ----D---- C:\WINDOWS\ehome
2009-10-06 20:33:55 ----D---- C:\WINDOWS\Offline Web Pages
2009-10-06 20:33:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-06 20:33:43 ----D---- C:\WINDOWS\WBEM
2009-10-06 20:33:34 ----D---- C:\WINDOWS\twain_32
2009-10-06 20:33:23 ----D---- C:\WINDOWS\system32\icsxml
2009-10-06 20:33:03 ----D---- C:\WINDOWS\system32\1033
2009-10-06 20:32:31 ----D---- C:\WINDOWS\Driver Cache
2009-10-06 19:09:44 ----D---- C:\WINDOWS\Registration
2009-10-06 19:08:59 ----A---- C:\WINDOWS\setuplog.txt
2009-10-06 19:08:52 ----D---- C:\WINDOWS\system32\Restore
2009-10-06 19:08:51 ----SHD---- C:\System Volume Information
2009-10-06 19:05:14 ----D---- C:\WINDOWS\system32\config
2009-10-06 19:05:14 ----D---- C:\WINDOWS\nview
2009-10-06 19:02:17 ----D---- C:\WINDOWS\security
2009-10-06 19:02:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-06 19:01:23 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-06 19:01:17 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-06 19:00:38 ----D---- C:\WINDOWS\system32\ias
2009-10-06 19:00:13 ----RD---- C:\WINDOWS\Web
2009-10-06 19:00:07 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-06 18:59:50 ----D---- C:\WINDOWS\srchasst
2009-10-06 18:59:28 ----D---- C:\Program Files\Windows Media Player
2009-10-06 18:59:27 ----D---- C:\Program Files\NetMeeting
2009-10-06 18:59:26 ----D---- C:\Program Files\Common Files\Services
2009-10-06 18:59:23 ----D---- C:\Program Files\Outlook Express
2009-10-06 18:59:20 ----D---- C:\Program Files\Internet Explorer
2009-10-06 18:59:12 ----D---- C:\Program Files\Movie Maker
2009-10-06 18:58:57 ----D---- C:\WINDOWS\system32\oobe
2009-10-06 18:58:44 ----D---- C:\Program Files\Common Files\System
2009-10-06 18:57:55 ----D---- C:\WINDOWS\system32\Com
2009-10-06 18:57:25 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-06 18:57:13 ----D---- C:\WINDOWS\Cursors
2009-10-06 18:57:07 ----D---- C:\Program Files\Windows NT
2009-10-06 18:56:55 ----D---- C:\WINDOWS\system32\wbem
2009-10-06 18:56:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-06 18:44:55 ----D---- C:\WINDOWS\system
2009-10-06 18:44:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-02 22:23:23 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-05-13 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-05-13 28160]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-14 41984]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-01-08 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-25 2311680]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\D:\Program Files\Varovalni sistem 2006\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-01-14 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-01-14 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-01-08 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2009-01-08 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-05-13 99584]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-01-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-01-08 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\D:\Program Files\Varovalni sistem 2006\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\D:\Program Files\Varovalni sistem 2006\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe [2008-12-04 215648]
R2 FSMA;FSMA; D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE [2008-12-04 117400]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-05-13 869888]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-14 654848]
R3 FSAUA;F-Secure Automatic Update Agent; D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe [2008-12-04 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe [2008-12-04 510560]
R3 FSORSPClient;F-Secure ORSP Client; D:\Program Files\Varovalni sistem 2006\ORSP Client\fsorsp.exe [2008-12-04 55904]
S2 gupdate1c9bc394163852e;Google Update Service (gupdate1c9bc394163852e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-05-13 869888]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

-info.txt:

info.txt logfile of random's system information tool 1.06 2009-10-31 16:10:59

======Uninstall list======

-->"D:\Program Files\Varovalni sistem 2006\fsuninst.exe" /UninstRegKey:"News Service"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"D:\Program Files\Varovalni sistem 2006\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\unmrw.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F6DFDC8-7EAA-4B9B-AC3A-AE04F77D81CF}\Setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\5ac697db6c6103f6f8b5198d25f73f7\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{0CEC06EF-5052-4CE8-8256-74AE363A4238}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"D:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Amis Internet Security-->"D:\Program Files\Varovalni sistem 2006\FSGUI\PostInstall.exe" /tUnInstall
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
ArcSoft Camera Suite 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}\setup.exe" -l0x9
BSPlayer-->"D:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{26BDE7D8-93F0-4A07-AD47-1707DB417941} /l1033
Canon Camera Window for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}
Canon Internet Library for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2F81FBFC-9A37-431F-9050-14B55485DF5A}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DE286975-ACF1-45B8-9EF7-34E162B2C817}
Canon PhotoRecord-->MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CorelDRAW Graphics Suite 12-->MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Zemlja-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Simplified)) 2007-->MsiExec.exe /X{90120000-0028-0804-0000-0000000FF1CE}
Microsoft Office IME (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0028-0404-0000-0000000FF1CE}
Microsoft Office IME (Japanese) 2007-->MsiExec.exe /X{90120000-0028-0411-0000-0000000FF1CE}
Microsoft Office IME (Korean) 2007-->MsiExec.exe /X{90120000-0028-0412-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007-->MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Bulgarian) 2007-->MsiExec.exe /X{90120000-001F-0402-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007-->MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Simplified)) 2007-->MsiExec.exe /X{90120000-001F-0804-0000-0000000FF1CE}
Microsoft Office Proof (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-001F-0404-0000-0000000FF1CE}
Microsoft Office Proof (Croatian) 2007-->MsiExec.exe /X{90120000-001F-041A-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (Danish) 2007-->MsiExec.exe /X{90120000-001F-0406-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Estonian) 2007-->MsiExec.exe /X{90120000-001F-0425-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007-->MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Greek) 2007-->MsiExec.exe /X{90120000-001F-0408-0000-0000000FF1CE}
Microsoft Office Proof (Gujarati) 2007-->MsiExec.exe /X{90120000-001F-0447-0000-0000000FF1CE}
Microsoft Office Proof (Hebrew) 2007-->MsiExec.exe /X{90120000-001F-040D-0000-0000000FF1CE}
Microsoft Office Proof (Hindi) 2007-->MsiExec.exe /X{90120000-001F-0439-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Japanese) 2007-->MsiExec.exe /X{90120000-001F-0411-0000-0000000FF1CE}
Microsoft Office Proof (Kannada) 2007-->MsiExec.exe /X{90120000-001F-044B-0000-0000000FF1CE}
Microsoft Office Proof (Korean) 2007-->MsiExec.exe /X{90120000-001F-0412-0000-0000000FF1CE}
Microsoft Office Proof (Latvian) 2007-->MsiExec.exe /X{90120000-001F-0426-0000-0000000FF1CE}
Microsoft Office Proof (Lithuanian) 2007-->MsiExec.exe /X{90120000-001F-0427-0000-0000000FF1CE}
Microsoft Office Proof (Marathi) 2007-->MsiExec.exe /X{90120000-001F-044E-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Bokmål)) 2007-->MsiExec.exe /X{90120000-001F-0414-0000-0000000FF1CE}
Microsoft Office Proof (Norwegian (Nynorsk)) 2007-->MsiExec.exe /X{90120000-001F-0814-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Portugal)) 2007-->MsiExec.exe /X{90120000-001F-0816-0000-0000000FF1CE}
Microsoft Office Proof (Punjabi) 2007-->MsiExec.exe /X{90120000-001F-0446-0000-0000000FF1CE}
Microsoft Office Proof (Romanian) 2007-->MsiExec.exe /X{90120000-001F-0418-0000-0000000FF1CE}
Microsoft Office Proof (Russian) 2007-->MsiExec.exe /X{90120000-001F-0419-0000-0000000FF1CE}
Microsoft Office Proof (Serbian (Latin)) 2007-->MsiExec.exe /X{90120000-001F-081A-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proof (Slovenian) 2007-->MsiExec.exe /X{90120000-001F-0424-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proof (Tamil) 2007-->MsiExec.exe /X{90120000-001F-0449-0000-0000000FF1CE}
Microsoft Office Proof (Telugu) 2007-->MsiExec.exe /X{90120000-001F-044A-0000-0000000FF1CE}
Microsoft Office Proof (Thai) 2007-->MsiExec.exe /X{90120000-001F-041E-0000-0000000FF1CE}
Microsoft Office Proof (Turkish) 2007-->MsiExec.exe /X{90120000-001F-041F-0000-0000000FF1CE}
Microsoft Office Proof (Ukrainian) 2007-->MsiExec.exe /X{90120000-001F-0422-0000-0000000FF1CE}
Microsoft Office Proof (Urdu) 2007-->MsiExec.exe /X{90120000-001F-0420-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Kit 2007-->MsiExec.exe /X{91120000-0103-0000-0000-0000000FF1CE}
Microsoft Office Proofing Tools Kit 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROOFKIT /dll PSETUP.DLL
Microsoft Office ProofMUI (English) 2007-->MsiExec.exe /X{90120000-0048-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MindManager X5 Pro-->MsiExec.exe /I{5EED4340-4500-4EC9-BD32-B85299ABAC9A}
Mozilla Firefox (3.5.4)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Orodje za poslovni nacrt-->MsiExec.exe /I{BDD6A596-44C6-4A93-81EF-DA285788B88B}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDF-XChange 3.0-->"C:\Program Files\Tracker Software\PDF-XChange 3\unins000.exe"
Personal 4.7.1-->"C:\Program Files\Personal\bin\persinst.exe" -u
Personal E-bank-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F45A2F3-33BE-4C78-BAE6-E90A46A2ABA2}\setup.exe" -l0x24 UNINSTALL -removeonly
PowerISO-->"D:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Samsung ML-2010 Series-->C:\WINDOWS\Samsung\ML-2010\SETUP.EXE
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Slovarji-->C:\WINDOWS\unvise32.exe C:\Slovarji\uninstal.log
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
XviD 1.1 final uninstall-->"D:\Program Files\XviD\unins000.exe"
XviD MPEG-4 Codec-->"D:\Program Files\XviD\UninstXviD.exe"

======Security center information======

AV: Amis Internet Security 8.01
FW: Amis Internet Security 8.01

======System event log======

Computer Name: UPORABNI-3C8552
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00016CDF20A5. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2128
Source Name: Dhcp
Time Written: 20091014144239.000000+120
Event Type: warning
User:

Computer Name: UPORABNI-3C8552
Event Code: 10000
Message: Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The error:
"%3"
Happened while starting this command:
"D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Record Number: 2119
Source Name: DCOM
Time Written: 20091014110204.000000+120
Event Type: error
User: UPORABNI-3C8552\Ema

Computer Name: UPORABNI-3C8552
Event Code: 10000
Message: Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The error:
"%3"
Happened while starting this command:
"D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Record Number: 2118
Source Name: DCOM
Time Written: 20091014110204.000000+120
Event Type: error
User: UPORABNI-3C8552\Ema

Computer Name: UPORABNI-3C8552
Event Code: 10000
Message: Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The error:
"%3"
Happened while starting this command:
"D:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

Record Number: 2117
Source Name: DCOM
Time Written: 20091014110204.000000+120
Event Type: error
User: UPORABNI-3C8552\Ema

Computer Name: UPORABNI-3C8552
Event Code: 7000
Message: The adfs service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 2092
Source Name: Service Control Manager
Time Written: 20091014095723.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: UPORABNI-3C8552
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 18
Source Name: WinMgmt
Time Written: 20091006195816.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: UPORABNI-3C8552
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 17
Source Name: WinMgmt
Time Written: 20091006195816.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: UPORABNI-3C8552
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 16
Source Name: WinMgmt
Time Written: 20091006195816.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: UPORABNI-3C8552
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 15
Source Name: WinMgmt
Time Written: 20091006195814.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: UPORABNI-3C8552
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 14
Source Name: WinMgmt
Time Written: 20091006195814.000000+120
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

This is all of them logs!
THANKS :(

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 31 October 2009 - 10:54 AM

Hi,


Step 1

Download and Run StartupLite

This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.





Step 2

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.






Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 31 October 2009 - 02:38 PM

Hi,
I did everything as you instructed me and all went smoothly :(

Here is that log from MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 3070
Windows 5.1.2600 Service Pack 3

31.10.2009 20:18:45
mbam-log-2009-10-31 (20-18-44).txt

Scan type: Quick Scan
Objects scanned: 103020
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

:(

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 31 October 2009 - 02:55 PM

Hi,

How is your system running?

Please post back with a fresh RSIT-Logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 31 October 2009 - 07:39 PM

Hello, :(
well I must say that I haven’t noticed any improvement in my system. Malwarebytes’ antimalware found couple of malware and erased them but all of those applications (fssm32.exe, firefox.exe) are still using tons of memory and just a few moments ago my computer crashed when I was on the net while using Google earth! It already happened just a few days ago but the computer just froze and I managed to shut down googleearth.exe, it was using over 200.000K.
This time my screen froze while scrolling in GoogleEarth, then I got a black screen for a second and that happened 3 times and then I got a blue screen saying that my system had a serious problem and that a file nv4_disp got stuck in an infinite loop, this was also written on the blue screen 0x000000EA (0x8586F9E8, 0x865DCEC8, 0xF7A13CB4, 0x00000001). After my computer restarted I was warned that the system recovered from a serious error and it showed me this error signature:
BCCode : 100000ea BCP1 : 8586F9E8 BCP2 : 865DEEC8 BCP3 : F7A13CB4
BCP4 : 00000001 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

This was similar to what happened to all of my games when they started freezing (only there was no blue screen)! As soon as tried playing a game after it loaded it would just freeze and all I could do was to turn them off in the Task Manager (every game was using over 200.00K).

This is a fresh RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ema at 2009-11-01 01:01:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (59%) free of 31 GB
Total RAM: 1023 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:53, on 1.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe
D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\FSGK32.EXE
D:\Program Files\Varovalni sistem 2006\Common\FSMB32.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\Varovalni sistem 2006\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Personal\bin\Personal.exe
D:\Program Files\Varovalni sistem 2006\Common\FAMEH32.EXE
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsqh.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fssm32.exe
D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe
D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe
D:\Program Files\Varovalni sistem 2006\FSPC\fspc.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Varovalni sistem 2006\FSGUI\fsguidll.exe
D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsus.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsav32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ema\Desktop\RSIT.exe
C:\Program Files\trend micro\Ema.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\Varovalni sistem 2006\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - D:\Program Files\Varovalni sistem 2006\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Varovalni sistem 2006\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - D:\Program Files\Varovalni sistem 2006\FSPC\fspcmsie.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - D:\Program Files\Varovalni sistem 2006\ORSP Client\fsorsp.exe
O23 - Service: Google Update Service (gupdate1c9bc394163852e) (gupdate1c9bc394163852e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11461 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"= []
"F-Secure Manager"=D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE [2008-12-04 182936]
"F-Secure TNB"=D:\Program Files\Varovalni sistem 2006\FSGUI\TNBUtil.exe [2008-12-04 957024]
"News Service"=D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe [2005-05-31 356352]
"WinampAgent"=D:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Acrobat Assistant 8.0"=D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"= []
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-10-21 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
D:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe [2003-11-25 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
D:\Program Files\Varovalni sistem 2006\Common\FSM32.EXE [2008-12-04 182936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
D:\Program Files\Varovalni sistem 2006\FSGUI\TNBUtil.exe [2008-12-04 957024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IME JPN 2007 Migration]
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEJP\IMJPKLMG.EXE [2006-10-26 59184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Korean IME Migration]
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMEKR\IMKRMIG.EXE [2006-10-26 26400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Pinyin IME Migration]
C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE [2006-10-26 32560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
D:\Program Files\Varovalni sistem 2006\FSGUI\ispnews.exe [2005-05-31 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfSaver3]
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe [2004-09-05 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2005-07-03 372736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-02-24 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-28 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Register Mask Pro 4.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Personal.lnk - C:\Program Files\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-01-08 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-08 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - open - "D:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-10-31 20:07:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-31 20:07:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-31 16:10:12 ----D---- C:\rsit
2009-10-29 15:21:52 ----D---- C:\Documents and Settings\Ema\Application Data\Ahead
2009-10-14 20:43:41 ----D---- C:\Program Files\Common Files\Control Panels
2009-10-14 20:41:03 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2009-10-14 20:01:41 ----D---- C:\Program Files\Bonjour
2009-10-14 19:54:54 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-10-13 13:24:52 ----D---- C:\Program Files\trend micro
2009-10-13 13:01:18 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-13 10:34:40 ----D---- C:\Documents and Settings\Ema\Application Data\Malwarebytes
2009-10-09 10:38:37 ----D---- C:\Documents and Settings\Ema\Application Data\Personal
2009-10-09 10:38:33 ----D---- C:\Documents and Settings\Ema\Application Data\Netscape
2009-10-09 10:38:32 ----D---- C:\Program Files\Personal
2009-10-09 10:38:23 ----A---- C:\WINDOWS\ODBC.INI
2009-10-09 10:38:04 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2009-10-08 15:25:23 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-08 14:50:20 ----N---- C:\WINDOWS\UNNMP.exe
2009-10-08 14:48:51 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-10-08 14:46:14 ----N---- C:\WINDOWS\UNNeroVision.exe
2009-10-08 14:45:26 ----N---- C:\WINDOWS\system32\TwnLib4.dll
2009-10-08 14:45:26 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-10-08 14:45:25 ----N---- C:\WINDOWS\system32\picn20.dll
2009-10-08 14:44:06 ----N---- C:\WINDOWS\UNMRW.exe
2009-10-08 14:43:37 ----N---- C:\WINDOWS\NuNinst.exe
2009-10-08 14:43:34 ----D---- C:\Program Files\Common Files\Ahead
2009-10-08 14:43:33 ----D---- C:\WINDOWS\InCD
2009-10-08 14:43:33 ----D---- C:\Program Files\Ahead
2009-10-08 10:58:49 ----D---- C:\WINDOWS\pss
2009-10-07 09:52:39 ----A---- C:\WINDOWS\system32\winsflte.dll
2009-10-07 09:52:39 ----A---- C:\WINDOWS\system32\winsflt.dll
2009-10-07 09:52:39 ----A---- C:\WINDOWS\system32\cfgmig32.dll
2009-10-06 19:05:42 ----D---- C:\WINDOWS\Prefetch
2009-10-06 19:01:32 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-06 19:01:17 ----D---- C:\WINDOWS\system32\dllcache
2009-10-06 19:00:11 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-06 18:44:56 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-06 18:44:55 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-06 18:44:38 ----RA---- C:\WINDOWS\SETB1.tmp
2009-10-06 18:44:36 ----RA---- C:\WINDOWS\SETA5.tmp
2009-10-06 18:44:34 ----RA---- C:\WINDOWS\SETA2.tmp

======List of files/folders modified in the last 1 months======

2009-11-01 00:58:56 ----D---- C:\WINDOWS\Temp
2009-11-01 00:51:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-01 00:49:16 ----D---- C:\WINDOWS\Minidump
2009-11-01 00:49:13 ----D---- C:\WINDOWS
2009-11-01 00:32:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-31 22:44:55 ----D---- C:\Documents and Settings\Ema\Application Data\uTorrent
2009-10-31 20:56:41 ----A---- C:\WINDOWS\amebis.ini
2009-10-31 20:07:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-31 20:07:28 ----RD---- C:\Program Files
2009-10-30 19:42:30 ----D---- C:\Documents and Settings\Ema\Application Data\Adobe
2009-10-26 16:13:49 ----HD---- C:\WINDOWS\inf
2009-10-25 09:29:27 ----D---- C:\WINDOWS\system32
2009-10-25 09:29:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-21 19:21:23 ----SHD---- C:\WINDOWS\Installer
2009-10-18 19:30:55 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-10-15 11:43:15 ----D---- C:\Documents and Settings\Ema\Application Data\Skype
2009-10-15 10:44:05 ----D---- C:\Documents and Settings\Ema\Application Data\skypePM
2009-10-14 20:46:17 ----D---- C:\Program Files\Common Files\Adobe
2009-10-14 20:43:41 ----D---- C:\Program Files\Common Files
2009-10-14 20:38:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-14 20:33:56 ----D---- C:\Program Files\Adobe
2009-10-14 20:13:36 ----RSD---- C:\WINDOWS\Fonts
2009-10-14 20:09:10 ----D---- C:\WINDOWS\WinSxS
2009-10-13 19:18:07 ----SD---- C:\WINDOWS\Tasks
2009-10-13 14:19:37 ----A---- C:\ctapi_out_gr.txt
2009-10-13 11:46:34 ----SH---- C:\boot.ini
2009-10-13 11:46:34 ----A---- C:\WINDOWS\win.ini
2009-10-13 11:46:34 ----A---- C:\WINDOWS\system.ini
2009-10-09 10:38:33 ----D---- C:\Documents and Settings\Ema\Application Data\Mozilla
2009-10-09 10:36:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-08 19:38:22 ----D---- C:\WINDOWS\Help
2009-10-07 18:46:51 ----D---- C:\WINDOWS\system32\DirectX
2009-10-07 18:46:49 ----RSD---- C:\WINDOWS\assembly
2009-10-07 10:40:25 ----D---- C:\WINDOWS\rnapxs
2009-10-07 10:37:07 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2009-10-07 09:52:39 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-10-06 20:35:30 ----D---- C:\WINDOWS\L2Schemas
2009-10-06 20:35:29 ----D---- C:\WINDOWS\system32\usmt
2009-10-06 20:35:28 ----D---- C:\WINDOWS\AppPatch
2009-10-06 20:35:26 ----D---- C:\WINDOWS\system32\Setup
2009-10-06 20:35:18 ----D---- C:\WINDOWS\Media
2009-10-06 20:35:17 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-06 20:35:15 ----D---- C:\WINDOWS\system32\scripting
2009-10-06 20:35:02 ----D---- C:\WINDOWS\PeerNet
2009-10-06 20:35:02 ----D---- C:\WINDOWS\ime
2009-10-06 20:34:38 ----D---- C:\WINDOWS\system32\npp
2009-10-06 20:34:35 ----D---- C:\WINDOWS\mui
2009-10-06 20:34:31 ----D---- C:\WINDOWS\msagent
2009-10-06 20:34:25 ----D---- C:\WINDOWS\system32\en
2009-10-06 20:34:06 ----D---- C:\WINDOWS\ehome
2009-10-06 20:33:55 ----D---- C:\WINDOWS\Offline Web Pages
2009-10-06 20:33:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-06 20:33:43 ----D---- C:\WINDOWS\WBEM
2009-10-06 20:33:34 ----D---- C:\WINDOWS\twain_32
2009-10-06 20:33:23 ----D---- C:\WINDOWS\system32\icsxml
2009-10-06 20:33:03 ----D---- C:\WINDOWS\system32\1033
2009-10-06 20:32:31 ----D---- C:\WINDOWS\Driver Cache
2009-10-06 19:09:44 ----D---- C:\WINDOWS\Registration
2009-10-06 19:08:59 ----A---- C:\WINDOWS\setuplog.txt
2009-10-06 19:08:52 ----D---- C:\WINDOWS\system32\Restore
2009-10-06 19:08:51 ----SHD---- C:\System Volume Information
2009-10-06 19:05:14 ----D---- C:\WINDOWS\system32\config
2009-10-06 19:05:14 ----D---- C:\WINDOWS\nview
2009-10-06 19:02:17 ----D---- C:\WINDOWS\security
2009-10-06 19:02:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-06 19:01:23 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-06 19:01:17 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-06 19:00:38 ----D---- C:\WINDOWS\system32\ias
2009-10-06 19:00:13 ----RD---- C:\WINDOWS\Web
2009-10-06 19:00:07 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-06 18:59:50 ----D---- C:\WINDOWS\srchasst
2009-10-06 18:59:28 ----D---- C:\Program Files\Windows Media Player
2009-10-06 18:59:27 ----D---- C:\Program Files\NetMeeting
2009-10-06 18:59:26 ----D---- C:\Program Files\Common Files\Services
2009-10-06 18:59:23 ----D---- C:\Program Files\Outlook Express
2009-10-06 18:59:20 ----D---- C:\Program Files\Internet Explorer
2009-10-06 18:59:12 ----D---- C:\Program Files\Movie Maker
2009-10-06 18:58:57 ----D---- C:\WINDOWS\system32\oobe
2009-10-06 18:58:44 ----D---- C:\Program Files\Common Files\System
2009-10-06 18:57:55 ----D---- C:\WINDOWS\system32\Com
2009-10-06 18:57:25 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-06 18:57:13 ----D---- C:\WINDOWS\Cursors
2009-10-06 18:57:07 ----D---- C:\Program Files\Windows NT
2009-10-06 18:56:55 ----D---- C:\WINDOWS\system32\wbem
2009-10-06 18:56:47 ----D---- C:\WINDOWS\system32\en-US
2009-10-06 18:44:55 ----D---- C:\WINDOWS\system
2009-10-06 18:44:45 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-02 22:23:23 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\D:\Program Files\Varovalni sistem 2006\HIPS\drivers\fshs.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-05-13 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-05-13 28160]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-01-20 31644]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-03-14 41984]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2009-01-08 62848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-25 2311680]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\D:\Program Files\Varovalni sistem 2006\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-01-08 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-01-14 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-01-14 12928]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-01-08 30336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2009-01-08 17152]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-05-13 99584]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-01-08 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-01-08 82944]
S4 F-Secure Filter;F-Secure File System Filter; \??\D:\Program Files\Varovalni sistem 2006\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\D:\Program Files\Varovalni sistem 2006\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; D:\Program Files\Varovalni sistem 2006\Anti-Virus\fsgk32st.exe [2008-12-04 215648]
R2 FSMA;FSMA; D:\Program Files\Varovalni sistem 2006\Common\FSMA32.EXE [2008-12-04 117400]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-05-13 869888]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-14 654848]
R3 FSAUA;F-Secure Automatic Update Agent; D:\Program Files\Varovalni sistem 2006\FSAUA\program\fsaua.exe [2008-12-04 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; D:\Program Files\Varovalni sistem 2006\FWES\Program\fsdfwd.exe [2008-12-04 510560]
R3 FSORSPClient;F-Secure ORSP Client; D:\Program Files\Varovalni sistem 2006\ORSP Client\fsorsp.exe [2008-12-04 55904]
S2 gupdate1c9bc394163852e;Google Update Service (gupdate1c9bc394163852e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-13 133104]
S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-05-13 869888]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Hoping for the best :(

Edited by Vigor, 31 October 2009 - 07:42 PM.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 01 November 2009 - 03:38 AM

Hi,

Did you have a driver-CD from your graphic card?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 01 November 2009 - 05:20 AM

Hello!
Yes I do have the original CD with drivers for my graphic card :(
Hope it helps :(

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:07 AM

Posted 01 November 2009 - 06:19 AM

Seems to be an error from the graphic driver.

Please insert the disk and install the drivers again. Tell me if anything goes better :(.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 Vigor

Vigor
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
    •  
  • Local time:07:07 AM

Posted 01 November 2009 - 07:32 AM

Hi,
I installed all Invidia graphic drivers but there is still no change (could there be a problem with my graphic card?) I get allot of noise from a fan (not processor fan) when I turn on the computer and after a few minutes it stops making noise but all of my fans are still working, checked it!

Launched Google Earth and CPU usage goes to 200.00K (performance bar is at 100%) and it stay there until I turn of Google Earth. Haven’t tried any of my games yet but I ‘am sure they would just freeze since I can’t even use Goggle E.

This perhaps isn’t connected to this problem but I noticed that both of my partitions C: (system) and D: (programs) have the same Windows directory with identical content in both of them. Partition E: (data) has no such directory. I don’t know if this is normal, since I have no other computer to compare it to.
Confused :(
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·