Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log Please


  • This topic is locked This topic is locked
6 replies to this topic

#1 Todd James

Todd James

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 18 November 2009 - 12:27 AM

Hi,

I'm new to all this but know I have some problems. Any help would be great!

Thanks!

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:24 PM, on 11/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\dynamiclink\processcoordinationserver.exe
C:\Program Files (x86)\Adobe\Adobe After Effects CS4\Support Files\AfterFX.exe
C:\Program Files (x86)\AudioConverter Studio\converter.exe
C:\Program Files (x86)\Adobe\Adobe Premiere Pro 2.0\Adobe Premiere Pro.exe
C:\Users\Todd\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [RecoverFromReboot] C:\Windows\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files (x86)\DCPFLICS\dcpflics.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\PROGRA~2\cebas\ip-clamp\ipclamp.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 9228 bytes

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 26 November 2009 - 10:56 AM

Hi,

What problems do you have exactly? :(

Download RSIT
Save it to your desktop.

Double click on RSIT to start the program.
Click Continue when the disclaimer window appears.
When the scan has been completed, two logfiles will be opened. Post the contents from log.txt (<<will be maximized) and info.txt (<<will be minimized) in your next reply.

Edited by superbird, 26 November 2009 - 02:45 PM.


#3 Todd James

Todd James
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 11 December 2009 - 02:33 PM

My PC is running really slow and my mouse jumps around a lot. Something just doesn't feel right.

Here is my RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Todd at 2009-12-11 13:25:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 282 GB (61%) free of 463 GB
Total RAM: 6142 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:32 PM, on 12/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Autodesk\3ds Max 2009\ad32lw.exe
C:\Users\Todd\AppData\Local\Temp\AdskCleanup.0001
C:\Program Files (x86)\Common Files\Autodesk Shared\ISYS8\ISYSbridge.exe
C:\Program Files (x86)\BitTorrent\bittorrent.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Shell.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Shell.exe
C:\Users\Todd\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Todd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT HPW] "C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
O4 - HKLM\..\Run: [RecoverFromReboot] C:\Windows\Temp\RecoverFromReboot.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: DCPFLICS service (DCPFLICS) - Unknown owner - C:\Program Files (x86)\DCPFLICS\dcpflics.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IPCLAMP by cebas Computer GmbH (IPClampService) - Unknown owner - C:\PROGRA~2\cebas\ip-clamp\ipclamp.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8952 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-15 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-09-15 149280]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"PivotSoftware"=C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]
"DT HPW"=C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe [2007-06-29 278528]
"RecoverFromReboot"=C:\Windows\Temp\RecoverFromReboot.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Users\Todd\AppData\Roaming\Microsoft\Windows\SendTo\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe"="C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2f494c6-eb3d-11dd-9bf5-806e6f6e6963}]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 1 months======

2009-12-11 13:25:31 ----D---- C:\rsit
2009-11-26 15:00:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-18 15:30:06 ----D---- C:\Program Files (x86)\Panda Security
2009-11-17 14:45:11 ----D---- C:\BBC SFX_2
2009-11-17 13:28:18 ----D---- C:\BBC SFX
2009-11-17 13:26:40 ----D---- C:\My Music
2009-11-17 13:26:28 ----D---- C:\Program Files (x86)\AudioConverter Studio

======List of files/folders modified in the last 1 months======

2009-12-11 13:25:32 ----D---- C:\Windows\Prefetch
2009-12-11 13:25:30 ----D---- C:\Windows\Temp
2009-12-11 13:25:04 ----D---- C:\Users\Todd\AppData\Roaming\BitTorrent
2009-12-11 02:35:41 ----D---- C:\Windows\System32
2009-12-11 02:35:41 ----D---- C:\Windows\inf
2009-12-11 00:00:12 ----SHD---- C:\System Volume Information
2009-12-10 23:27:34 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-11-27 21:38:22 ----D---- C:\Pics and Vids
2009-11-26 15:56:52 ----A---- C:\vraylog.txt
2009-11-26 15:00:24 ----SD---- C:\Users\Todd\AppData\Roaming\Microsoft
2009-11-26 15:00:21 ----D---- C:\Windows\SysWOW64
2009-11-23 13:28:27 ----D---- C:\RARand Zips
2009-11-21 12:52:29 ----D---- C:\Windows
2009-11-21 12:51:12 ----SHD---- C:\Windows\Installer
2009-11-21 12:51:12 ----D---- C:\Windows\Tasks
2009-11-21 12:51:12 ----D---- C:\ProgramData\FLEXnet
2009-11-21 12:51:11 ----D---- C:\Windows\registration
2009-11-21 12:29:44 ----D---- C:\Windows\winsxs
2009-11-21 11:27:34 ----D---- C:\EXE
2009-11-20 11:21:45 ----A---- C:\Windows\system32\ssprs.dll
2009-11-20 11:21:45 ----A---- C:\Windows\system32\lsprst7.dll
2009-11-20 11:21:06 ----D---- C:\Premiere Scratch Disk
2009-11-18 17:47:15 ----RD---- C:\Program Files (x86)
2009-11-18 15:33:58 ----D---- C:\Windows\system32\drivers
2009-11-16 12:20:48 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2009-11-16 09:18:27 ----D---- C:\Users\Todd\AppData\Roaming\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files (x86)\HP\DVDPlay\000.fcl [2008-06-11 32240]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\CAX_DP.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys []
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [2004-07-16 14165]
S2 CdaC15BA;CdaC15BA; \??\C:\Windows\system32\drivers\CDAC15BA.SYS [2008-12-05 12464]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys []
S3 ASAPIW2k;ASAPIW2K; C:\Windows\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 GearAspiWDM;GEARAspiWDM; C:\Windows\system32\drivers\gearaspiwdm.sys [2006-11-14 15664]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2005-11-02 10368]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-22 79360]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [2008-12-05 54784]
R2 DCPFLICS;DCPFLICS service; C:\Program Files (x86)\DCPFLICS\dcpflics.exe [2006-12-01 139268]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [2007-06-29 73728]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-11-03 354840]
R2 IPClampService;IPCLAMP by cebas Computer GmbH; C:\PROGRA~2\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-06 72704]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-16 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-12-11 13:25:34

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Farm Frenzy\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Hidden Relics\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest II\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\JoJo's Fashion Show\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Super Granny 4\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~2\Yahoo!\Common\unyt.exe
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /I {2ECE7ECE-D15B-4999-8B8D-01C998F489D5}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
3ds max 6 Reference Files-->MsiExec.exe /I{BC14A1F6-0511-4360-8351-FB7964979317}
7-Zip 4.65-->"C:\Users\Todd\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge 1.0-->MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore DVD FC-->MsiExec.exe /X{F6F6C08A-ED6F-4968-8292-A08E9F02584F}
Adobe ExtendScript Toolkit 1.0-->MsiExec.exe /I{B74D4E10-0000-0000-0000-EDED00000102}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Premiere Pro FC-->MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
Adobe Production Studio-->C:\PROGRA~2\INSTAL~1\{AAB06~1\setup.exe /relaunched/rootloc=e:\adobe production studio/lang=0409
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Video Suite Extras-->MsiExec.exe /I{B3B7836C-A1AD-4A56-811C-C18ABDE5EAAD}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe"
AudioConverter Studio 6.0-->"C:\Program Files (x86)\AudioConverter Studio\unins000.exe"
Autodesk Backburner 2008.1-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
AVIcodec (remove only)-->"C:\Program Files (x86)\AVIcodec\uninst.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}
cebas IP-Clamp License Manager-->C:\PROGRA~2\cebas\UNWISE.EXE C:\PROGRA~2\cebas\IP-Clamp\ip-clamp.LOG
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
DivX Codec-->C:\Windows\SysWOW64\drivers\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\Windows\SysWOW64\drivers\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Windows\SysWOW64\drivers\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drastic Codecs-->C:\PROGRA~2\Drastic\DTCodecs\UNWISE.EXE C:\PROGRA~2\Drastic\DTCodecs\INSTALL.LOG
Drastic YCbCr Video Codec (Remove Only)-->C:\Windows\rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\DTYCbCrV.INF
DreamScape 2.5c for 3ds Max R9 (64 bit)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{882EC8E3-8294-4F3C-88F9-EBD4ED615E4D}\setup.exe"
DVD Play BD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ffdshow [rev 1763] [2007-01-08]-->"C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\unins000.exe"
finalRender Stage-1 R2.0 SP2-->MsiExec.exe /I{7BED8F12-695F-48DF-B705-15878BE1FDED}
finalToon R2.0 SP2-->MsiExec.exe /I{1A7EC1C1-CF8D-42DF-86B3-FC3A87FC8F85}
Free Easy Burner V 3.9-->"C:\Program Files (x86)\Free Easy Burner\unins000.exe"
FumeFX 1.1 (64-bit)-->C:\Program Files (x86)\InstallShield Installation Information\{54165F66-D42B-461E-B44A-1B155C4BCC38}\setup.exe -runfromtemp -l0x0009 -removeonly
FumeFX-->C:\PROGRA~1\Autodesk\3DSMAX~1\plugins\Plugins\ACAPTO~1\FumeFX\UNWISE.EXE C:\PROGRA~1\Autodesk\3DSMAX~1\plugins\Plugins\ACAPTO~1\FumeFX\FUMEFX10_ACAP8.LOG
Google Talk (remove only)-->"C:\Program Files (x86)\Google\Google Talk\uninstall.exe"
Haali Media Splitter-->"C:\Program Files (x86)\Matroska Pack\haali\uninstall.exe"
Hardware Diagnostic Tools-->C:\Program Files (x86)\PC-Doctor for Windows\uninst.exe
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files (x86)\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Demo-->MsiExec.exe /X{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}
HP My Display-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{15733AD1-1CEF-459A-9245-0924FC63BDD5}\setup.exe" -l0x9 -removeonly
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPTCSSetup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
InstantHD-->C:\Windows\unvise32.exe C:\PROGRAM FILES (X86)\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\TRAPCODE\InstantHD\InstantHD1.0.log
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Keylight (1.0v4) for Adobe After Effects-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\The Foundry\Keylight 1.0 for After Effects.isu"
K-Lite Codec Pack 4.5.3 (Standard)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LabelPrint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
Lagarith lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\LAGARITH.INF
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
LightScribeTemplateLabeler-->MsiExec.exe /X{305D4B08-5807-4475-B1C8-D54685534864}
LimeWire 5.0.11-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
Linksys Dual-Band Wireless-N USB Network Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}\setup.exe -runfromtemp -l0x0409
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->C:\PROGRA~2\MAGICD~1\UNWISE.EXE C:\PROGRA~2\MAGICD~1\INSTALL.LOG
Memorex exPressit Label Design Studio-->C:\Windows\mvuninst\App1\mvuninst.exe "Memorex exPressit Label Design Studio"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.15)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files (x86)\InstallShield Installation Information\{D814B1DF-E73D-46B5-B2D2-2C75F82B27FE}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
Panda ActiveScan 2.0-->C:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pinnacle Hollywood FX for Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A}
Pivot Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Power2Go-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Primatte Keyer Pro 4.0-->C:\Windows\unvise32.exe C:\PROGRAM FILES (X86)\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\primattekeyer4.0.log
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
SafeCast Shared Components-->C:\Program Files (x86)\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
SmartSound Quicktracks Plugin-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sorenson Squeeze 5.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}\setup.exe" -l0x9
SPORE Creature Creator Trial Edition-->"C:\Program Files (x86)\HP Games\SPORE Creature Creator Trial Edition\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Studio 9-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Trapcode Form-->C:\Windows\unvise32.exe C:\PROGRAM FILES (X86)\ADOBE\ADOBE AFTER EFFECTS CS4\SUPPORT FILES\PLUG-INS\trapcodeform.log
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\SysWOW64\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WalkerFX 2.2 Professional Edition-->MsiExec.exe /I{EC6EDCB1-2379-482F-9A93-293DFF7B1226}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\unyt.exe
YouSendIt Express-->C:\Program Files (x86)\InstallShield Installation Information\{8C8224B7-AA9B-4807-97CD-55899BAC83FE}\setup.exe -runfromtemp -l0x0409
YV12 QuickTime Codec-->MsiExec.exe /I{A339200B-21F9-4F47-BE9B-0C23CC77A68D}

=====HijackThis Backups=====

O1 - Hosts: 61.157.217.210 www.google.co.uk [2008-12-05]
O1 - Hosts: 61.157.217.210 www.google.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.facebook.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.1.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.yahoo.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.yahoo.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.antispyware.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.myspace.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com [2008-12-05]
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.msn.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.live.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.antispy.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2008-12-05]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com [2008-12-05]
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com [2008-12-05]
O13 - Gopher Prefix: [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 antispy.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.ghfhj.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com [2008-12-05]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-12-05]
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com [2008-12-05]
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) [2008-12-05]
O1 - Hosts: 123.251.143.110 www.3.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.youtube.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.gg.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com [2008-12-05]
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com [2008-12-05]
O1 - Hosts: 61.157.217.210 antispyware.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.yahoo.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.yahoo.com [2008-12-05]
O1 - Hosts: 61.157.217.210 www.yahoo.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 antispyware.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.ghfhj.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com [2009-02-04]
O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.msn.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.facebook.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.antispyware.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.yahoo.co.uk [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.youtube.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.google.co.uk [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.antispy.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.3.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 antispy.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfld.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.google.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.live.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.yahoo.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasndfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.1.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.gg.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfd.com [2009-02-04]
O1 - Hosts: 61.157.217.210 www.myspace.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com [2009-02-04]
O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com [2009-02-04]
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2009-11-18]
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2009-11-18]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 activate.adobe.com

======Security center information======

AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender

======System event log======

Computer Name: Todd-PC
Event Code: 19
Message: The print spooler failed to share printer Canon MP450 Series Printer with shared resource name Canon MP450 Series Printer. Error 2114. The printer cannot be used by others on the network.
Record Number: 27623
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090314085643.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Todd-PC
Event Code: 6008
Message: The previous system shutdown at 3:51:15 AM on 3/14/2009 was unexpected.
Record Number: 27618
Source Name: EventLog
Time Written: 20090314085641.000000-000
Event Type: Error
User:

Computer Name: Todd-PC
Event Code: 9
Message: The device, \Device\Sbp2\WD&External HDD Device&0&0090a991_e000ed44_Instance00, did not respond within the timeout period.
Record Number: 27617
Source Name: sbp2port
Time Written: 20090314085557.917171-000
Event Type: Error
User:

Computer Name: Todd-PC
Event Code: 9
Message: The device, \Device\Sbp2\WD&External HDD Device&0&0090a991_e000ed44_Instance00, did not respond within the timeout period.
Record Number: 27616
Source Name: sbp2port
Time Written: 20090314085520.851334-000
Event Type: Error
User:

Computer Name: Todd-PC
Event Code: 1060
Message: \SystemRoot\SysWow64\drivers\gearaspiwdm.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Record Number: 27611
Source Name: Application Popup
Time Written: 20090314085406.376456-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Todd-PC
Event Code: 1000
Message: Faulting application AfterFX.exe, version 7.0.128.244, time stamp 0x437bbc89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0xac0, application start time 0x01c95718d6c9bd6d.
Record Number: 776
Source Name: Application Error
Time Written: 20081205203418.000000-000
Event Type: Error
User:

Computer Name: Todd-PC
Event Code: 1000
Message: Faulting application AfterFX.exe, version 7.0.128.244, time stamp 0x437bbc89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x1130, application start time 0x01c9571870fe69ed.
Record Number: 773
Source Name: Application Error
Time Written: 20081205203135.000000-000
Event Type: Error
User:

Computer Name: Todd-PC
Event Code: 1000
Message: Faulting application Setup.exe_Adobe Suite Installer, version 2.0.0.0, time stamp 0x438cbb68, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0xc74, application start time 0x01c957145976d77d.
Record Number: 770
Source Name: Application Error
Time Written: 20081205203024.000000-000
Event Type: Error
User:

Computer Name: Todd-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 633
Source Name: Microsoft-Windows-Search
Time Written: 20081205173157.000000-000
Event Type: Warning
User:

Computer Name: WIN-KTXI5JJP34Q
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 608
Source Name: Microsoft-Windows-WMI
Time Written: 20081008001723.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: WIN-KTXI5JJP34Q
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-KTXI5JJP34Q$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 309
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008001753.618964-000
Event Type: Audit Success
User:

Computer Name: WIN-KTXI5JJP34Q
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 308
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008001753.431764-000
Event Type: Audit Success
User:

Computer Name: WIN-KTXI5JJP34Q
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-KTXI5JJP34Q$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 307
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008001753.431764-000
Event Type: Audit Success
User:

Computer Name: WIN-KTXI5JJP34Q
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-KTXI5JJP34Q$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x278
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 306
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008001753.431764-000
Event Type: Audit Success
User:

Computer Name: WIN-KTXI5JJP34Q
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1129115358-3073738191-3646053527-500
Account Name: Administrator
Domain Name: WIN-KTXI5JJP34Q
Logon ID: 0x342ce
Record Number: 305
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081008001723.386764-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files (x86)\Pinnacle\Shared Files\Filter\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Pavilion
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 11 December 2009 - 02:53 PM

Hi,

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

#5 Todd James

Todd James
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 11 December 2009 - 05:58 PM

Here,s the gmer Log:

GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-11 16:57:05
Windows 6.0.6002 Service Pack 2
Running: 115o2mpm.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0248DA64-27F0-F256-B059-2578E1B0FCB9}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0248DA64-27F0-F256-B059-2578E1B0FCB9}@hajkgcnhnjkfllji 0x6B 0x61 0x6B 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0248DA64-27F0-F256-B059-2578E1B0FCB9}@iadjicfkddaocpfmab 0x6B 0x61 0x6B 0x67 ...

---- EOF - GMER 1.0.15 ----

#6 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 13 December 2009 - 12:44 PM

Hi,

1. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case LimeWire 5.0.11). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

2. Download OTM (by OldTimer) to your Desktop.* Doubleclick on OTM.exe to start the tool.
* Copy (select and press Ctrl-C) all of this bold code:
:Processes
explorer.exe

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2f494c6-eb3d-11dd-9bf5-806e6f6e6963}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0248DA64-27F0-F256-B059-2578E1B0FCB9]

:Files
F:\setup.exe

:Commands
[emptytemp]
[Reboot]
* Paste the copied text (press Ctrl-V) into the "Paste Instructions for Items to be Moved" window.
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-screen in your next reply,
(or the log you can find back as C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTM
When a file or folder can't be moved directly,
you could be asked to restart the computer to complete the removal process.
If so, click Yes.

3. Download Flash Disinfector to your desktop.
Run the program from there.

4. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel. Under "Programs", click on Remove a program and remove all older versions of Java.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop rightclick on jre-6u16-windows-i586-p.exe and select Run as Administrator to install the newest version.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

5. Restart your computer.

6. Please post a fresh RSIT logfile, together with the logfile from OTM.
Also please answer this question: Did you install the Ask Toolbar yourself?

#7 Guest_Black_Bird_*

Guest_Black_Bird_*

  • Guests
  • OFFLINE
  •  

Posted 21 December 2009 - 05:56 AM

Because you didn't reply anymore, I am closing this topic.
If you want to have this topic reopened, please feel free to send me a private message.

All others, please start a new topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users