Travel Fans
Go Back   Computer Juice Computer Software Virus, Spyware & Security
Reload this Page

Logs from sticky

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register

 Default 

Logs from sticky




Reply
Page 1 of 2 1 2
 
Thread Tools
  #1  
Old 19th Dec 2008, 00:51
Donor VIP
Posts: 2,156
 
Like I stated in this thread, I have been going through the sticky, and I have got up to the step 6 (I have restarted) So I am posting now, to see if you think I should go any further.

SAS Log:
Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/18/2008 at 06:47 PM

Application Version : 4.23.1006

Core Rules Database Version : 3678
Trace Rules Database Version: 1657

Scan type       : Complete Scan
Total Scan Time : 01:15:32

Memory items scanned      : 617
Memory threats detected   : 0
Registry items scanned    : 5092
Registry threats detected : 0
File items scanned        : 21352
File threats detected     : 4

Adware.Tracking Cookie
	C:\Documents and Settings\Richard Anderson\Cookies\richard_anderson@adbrite[1].txt
	C:\Documents and Settings\Richard Anderson\Cookies\richard_anderson@questionmarket[1].txt
	C:\Documents and Settings\Richard Anderson\Cookies\richard_anderson@bs.serving-sys[1].txt
	C:\Documents and Settings\Richard Anderson\Cookies\richard_anderson@serving-sys[1].txt
MBAM log:
Code:
Malwarebytes' Anti-Malware 1.31
Database version: 1516
Windows 5.1.2600 Service Pack 3

18/12/2008 19:34:32
mbam-log-2008-12-18 (19-34-32).txt

Scan type: Quick Scan
Objects scanned: 50980
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Cheers.
__________________

My System: First OC

Processor(s):
Intel E2180 @ 2.85
Motherboard:
Gigabyte GA-P35-DS3L
RAM Memory:
2x1GB OCZ PC2-9200 reaper CL5
Graphics Card(s):
Gainward ATI 3850
Sound Card:
on board
Hard Drive(s):
Seagate Barracuda 7200.7 120GB
Optical Drive(s):
HITACHI DVD-ROM GD-2500
Case / PSU:
Corsair VX450
Cooling:
AC freezer7 Pro, 2x80mm, 1x90mm, 1x120mm
Network / Internet:
on board / supposedly 10Meg virgin cable
Monitor(s):
Viewsonic Vx922; Viewsonic VE702m
Operating System(s):
XP Home

  #2  
Old 19th Dec 2008, 12:07
Moderator
Posts: 7,557
 
Download random's system information tool (RSIT) by random/random from and save it to your Desktop.
  • Double click on RSIT.exe to run.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • log.txt <will be maximized and info.txt <will be minimized
  • Please post the contents of both logs in the next reply.
__________________
  #3  
Old 19th Dec 2008, 15:29
Donor VIP
Posts: 2,156
 
It's too long for one post, so I'll post in separate replies.

Log.txt:
Code:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Richard Anderson at 2008-12-19 22:22:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (9%) free of 114 GB
Total RAM: 2046 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:00, on 19/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\LCD MANAGER\LCDMon.exe
C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\G-SERIES SOFTWARE\LGDCore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\LOGITECH\GAMEPANEL SOFTWARE\LCD MANAGER\Applets\LCDClock.exe
C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\LCD MANAGER\Applets\LCDPop3.exe
C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\LCD MANAGER\Applets\LCDCountdown.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\LCD MANAGER\Applets\LCDMedia.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\DOCUMENTS AND SETTINGS\RICHARD ANDERSON\MY DOCUMENTS\CORETEMP\CORE TEMP.EXE
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Richard Anderson\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Richard Anderson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [EasyTuneVPro] C:\PROGRAM FILES\Gigabyte\ET5Pro\ETcall.exe
O4 - HKLM\..\Run: [Launch LCDMon] C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\LCD MANAGER\LCDMon.exe
O4 - HKLM\..\Run: [Launch LGDCore] C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\G-SERIES SOFTWARE\LGDCore.exe  /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\PROGRAM FILES\Adobe\Reader 9.0\Reader\READER_SL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark Measurement Services Client) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED67D88C-B1F7-49FE-ABC5-4624FAC2FA8E}: NameServer = 193.38.113.3,62.31.144.30
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 9046 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\F3B3EFF5-A0CD-42D3-B97C-F493BD5A91C3353784016288443.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2003-03-31 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GEST"= []
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-06-13 528384]
"EasyTuneVPro"=C:\PROGRAM FILES\Gigabyte\ET5Pro\ETcall.exe [2007-07-26 20480]
"Launch LCDMon"=C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\LCD MANAGER\LCDMon.exe [2007-12-13 2051096]
"Launch LGDCore"=C:\PROGRAM FILES\Logitech\GAMEPANEL SOFTWARE\G-SERIES SOFTWARE\LGDCore.exe [2007-12-13 2095640]
"Adobe Reader Speed Launcher"=C:\PROGRAM FILES\Adobe\Reader 9.0\Reader\READER_SL.EXE [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-09 1809648]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\Richard Anderson\Start Menu\Programs\Startup
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-09 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\Program Files\Gigabyte\@BIOS\gwflash.exe"="C:\Program Files\Gigabyte\@BIOS\gwflash.exe:*:Enabled:gwflash"
"C:\Program Files\Gigabyte\@BIOS\update.exe"="C:\Program Files\Gigabyte\@BIOS\update.exe:*:Enabled:update"
"C:\Program Files\gwflash.exe"="C:\Program Files\gwflash.exe:*:Enabled:gwflash"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe"="C:\Program Files\Activision\Call of Duty - World at War Beta\CoDWaWbeta.exe:*:Enabled:Call of Duty(R): World at War Multiplayer"
"C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Dyyno Receiver\DPPM.exe"="C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Dyyno Receiver\DPPM.exe:*:Enabled:dppmmain Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

======List of files/folders created in the last 1 months======

2008-12-19 22:22:50 ----D---- C:\Program Files\trend micro
2008-12-19 22:22:49 ----D---- C:\rsit
2008-12-18 19:15:47 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\Malwarebytes
2008-12-18 19:15:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-18 19:15:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-18 18:13:35 ----D---- C:\Program Files\CCleaner
2008-12-17 22:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-17 00:05:04 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-17 00:05:04 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-17 00:05:03 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-17 00:05:01 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-17 00:05:01 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-17 00:04:59 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-17 00:04:51 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-14 10:41:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-14 10:41:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-14 10:41:22 ----A---- C:\WINDOWS\system32\java.exe
2008-12-14 10:41:02 ----D---- C:\Program Files\Java
2008-12-12 09:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 09:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 09:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 09:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 20:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-12-05 09:41:55 ----D---- C:\Program Files\MSXML 4.0
2008-12-04 19:36:29 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\Teleca
2008-12-04 19:34:52 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\Sony Ericsson
2008-12-04 19:34:35 ----D---- C:\Program Files\Common Files\Sony Ericsson Shared
2008-12-04 19:34:33 ----D---- C:\Program Files\Common Files\Teleca Shared
2008-12-04 19:34:29 ----D---- C:\Program Files\Sony Ericsson
2008-12-04 19:34:02 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-04 19:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Teleca
2008-12-04 19:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-12-04 10:39:29 ----A---- C:\WINDOWS\system32\PalmDevC.dll
2008-12-04 10:36:42 ----A---- C:\WINDOWS\trace.txt
2008-12-04 10:29:51 ----D---- C:\Program Files\palmOne
2008-12-01 19:53:16 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2008-12-01 19:53:07 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2008-12-01 19:50:36 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2008-11-29 11:06:01 ----SHD---- C:\WINDOWS\ftpcache
2008-11-29 11:04:37 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-29 10:49:49 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\DAEMON Tools
2008-11-28 17:24:17 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-11-28 17:24:15 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\Azureus
2008-11-28 17:23:51 ----D---- C:\Program Files\Vuze
2008-11-27 10:18:25 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\Red Alert 3 Demo
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\setupempdrv03.exe
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\ResizeNTFS.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\Partition.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\NTFSLib.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\NTFSFormat.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\NTFSFileSystemAnalyser.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\NTFSCopy.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\Fixup.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\FileSystemCheck.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\FileSystemAnalyser.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\FatResizeMove.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\FatLib.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\FatFormat.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\FATFileSystemAnalyser.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\EuEpmGdi.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\DeviceManager.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\DeviceAdapter.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\Device.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\CallbackOperator.dll
2008-11-26 10:06:00 ----A---- C:\WINDOWS\system32\BootMan.exe
2008-11-26 10:05:55 ----D---- C:\Program Files\EASEUS
2008-11-26 09:56:30 ----D---- C:\Program Files\PTDD Group
2008-11-25 19:31:40 ----HD---- C:\WINDOWS\PIF
2008-11-23 23:02:40 ----D---- C:\Downloads
2008-11-22 16:24:10 ----D---- C:\Program Files\DAMN NFO Viewer
2008-11-20 23:07:19 ----D---- C:\Program Files\Daniusoft

======List of files/folders modified in the last 1 months======

2008-12-19 22:22:50 ----RD---- C:\Program Files
2008-12-19 22:22:45 ----D---- C:\WINDOWS\Prefetch
2008-12-19 22:08:10 ----D---- C:\Program Files\Mozilla Firefox
2008-12-19 21:57:31 ----D---- C:\WINDOWS\Temp
2008-12-19 21:55:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 21:52:36 ----D---- C:\WINDOWS\system32
2008-12-19 21:46:57 ----D---- C:\Documents and Settings\Richard Anderson\Application Data\Xfire
2008-12-19 20:34:15 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-12-19 09:43:23 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 19:15:42 ----D---- C:\WINDOWS\system32\drivers
2008-12-18 18:37:23 ----D---- C:\WINDOWS\Minidump
2008-12-18 17:25:10 ----D---- C:\WINDOWS
2008-12-18 09:53:38 ----HD---- C:\WINDOWS\inf
2008-12-18 09:53:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 09:53:32 ----D---- C:\WINDOWS\ie7updates
2008-12-18 09:53:12 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 22:41:34 ----SHD---- C:\WINDOWS\Installer
2008-12-17 22:41:31 ----RSD---- C:\WINDOWS\assembly
2008-12-17 22:41:12 ----D---- C:\WINDOWS\WinSxS
2008-12-17 22:40:55 ----D---- C:\Program Files\ATI Technologies
2008-12-17 02:22:18 ----D---- C:\Program Files\Xfire
2008-12-17 00:05:04 ----D---- C:\WINDOWS\system32\DirectX
2008-12-17 00:04:44 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-16 23:00:48 ----D---- C:\WINDOWS\system32\config
2008-12-14 10:41:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-14 08:12:11 ----D---- C:\Program Files\FlashGet
2008-12-13 19:29:16 ----D---- C:\Program Files\Electronic Arts
2008-12-13 06:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 10:13:12 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 10:13:07 ----D---- C:\Program Files\Internet Explorer
2008-12-09 23:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 17:31:35 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-08 15:35:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-08 14:43:32 ----D---- C:\Nexon
2008-12-08 14:43:02 ----D---- C:\Program Files\Activision
2008-12-08 14:17:12 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-12-08 14:17:11 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-12-04 19:46:43 ----SD---- C:\WINDOWS\Tasks
2008-12-04 19:35:52 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-04 19:34:35 ----D---- C:\Program Files\Common Files
2008-12-04 18:57:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-04 10:49:03 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-02 13:05:35 ----A---- C:\WINDOWS\brqikmon.ini
2008-12-01 20:52:52 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-01 20:51:31 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-01 20:46:17 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-12-01 20:41:02 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-12-01 20:40:49 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-12-01 20:40:41 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-12-01 20:40:32 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-12-01 20:40:14 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-12-01 20:38:42 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-12-01 20:37:21 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-12-01 20:27:53 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-12-01 20:19:53 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-01 20:11:54 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-01 19:57:33 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-12-01 19:53:36 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-12-01 19:52:12 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-12-01 19:52:02 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-12-01 19:50:52 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-12-01 19:45:32 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-01 14:35:00 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-11-29 11:34:32 ----A---- C:\WINDOWS\game.ini
2008-11-27 23:56:52 ----SD---- C:\Documents and Settings\Richard Anderson\Application Data\Microsoft
2008-11-26 17:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-21 07:23:46 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\ALSysIO.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-11-14 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-12-04 27632]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 ahj8d2x9;ahj8d2x9; C:\WINDOWS\system32\drivers\ahj8d2x9.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\System32\Drivers\ET5Drv.sys []
S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\System32\Drivers\GVTDrv.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-04-13 16509]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 s125bus;Sony Ericsson Device 125 driver (WDM); C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-08 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-19 201816]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S4 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2008-09-02 48640]

-----------------EOF-----------------
  #4  
Old 19th Dec 2008, 15:29
Donor VIP
Posts: 2,156
 
info.txt:
Code:
info.txt logfile of random's system information tool 1.05 2008-12-19 22:23:04

======Uninstall list======

@BIOS -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9  -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9  -removeonly
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AREA-51 (remove only)-->C:\Program Files\Midway Home Entertainment\AREA-51\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 
ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9  -removeonly
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ 3: Kane's Wrath-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command & Conquer™ Red Alert™ 3 Demo-->MsiExec.exe /X{DBD1FF41-F438-4D0A-A3F1-999930B5BC52}
Daniusoft Media Converter(Build 2.3.1.34)-->"C:\Program Files\Daniusoft\Media Converter\unins000.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DyynoPlayer 0.8.6f-->C:\Program Files\Dyyno\Dyyno Player\uninstall.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033 
EASEUS Partition Manager 2.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Manager 2.1 Home Edition\unins000.exe"
EasyTune5Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5Pro\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5Pro\uninstdrv.dll"
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Futuremark Measurement Services Client-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msc3.inf,DefaultUninstall,5
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HippoEdit 1.40-->C:\Program Files\HippoEdit\uninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kels' CPL Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech GamePanel Software 2.02-->MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Standard for Students and Teachers-->MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher for Windows 95-->C:\Program Files\Microsoft Publisher\Setup\Setup.exe /m
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 SP1-->MsiExec.exe /X{AD483998-2E9A-4405-83FF-6E503AF49CBB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NETGEAR Print Server Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FirstGear for Print Server\Uninst.isu"
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Palm Desktop-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall
PTDD Partition Table Doctor 3.5 Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28D2E6ED-923C-404A-A1EA-A1E4CC814646}\setup.exe" -l0x9  -removeonly
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9  -removeonly
Sandboxie 3.30-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Supreme Commander - Forged Alliance-->C:\Program Files\InstallShield Installation Information\{31D95937-B237-405D-920C-A3EF4E482395}\setup.exe -runfromtemp -l0x0009 -removeonly
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Uconomix Encryption Engine 1.0-->MsiExec.exe /I{FB01E78F-AC94-4ECA-AA65-386193433D10}
Undelete Plus 2.98-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081218-0]

System event log

Computer Name: RICHARDPCNEW
Event Code: 7035
Message: The PnkBstrB service was successfully sent a stop control.

Record Number: 11842
Source Name: Service Control Manager
Time Written: 20081201172547.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: RICHARDPCNEW
Event Code: 7036
Message: The PnkBstrB service entered the stopped state.

Record Number: 11841
Source Name: Service Control Manager
Time Written: 20081201172547.000000+000
Event Type: information
User: 

Computer Name: RICHARDPCNEW
Event Code: 7035
Message: The PnkBstrK service was successfully sent a start control.

Record Number: 11840
Source Name: Service Control Manager
Time Written: 20081201172459.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: RICHARDPCNEW
Event Code: 7036
Message: The PnkBstrB service entered the running state.

Record Number: 11839
Source Name: Service Control Manager
Time Written: 20081201172452.000000+000
Event Type: information
User: 

Computer Name: RICHARDPCNEW
Event Code: 7035
Message: The PnkBstrB service was successfully sent a start control.

Record Number: 11838
Source Name: Service Control Manager
Time Written: 20081201172452.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: RICHARDPCNEW
Event Code: 301
Message: msnmsgr (2664) \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\fsr00E86.log.

Record Number: 3460
Source Name: ESENT
Time Written: 20081127171529.000000+000
Event Type: information
User: 

Computer Name: RICHARDPCNEW
Event Code: 301
Message: msnmsgr (2664) \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\fsr00E85.log.

Record Number: 3459
Source Name: ESENT
Time Written: 20081127171528.000000+000
Event Type: information
User: 

Computer Name: RICHARDPCNEW
Event Code: 301
Message: msnmsgr (2664) \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\fsr00E84.log.

Record Number: 3458
Source Name: ESENT
Time Written: 20081127171528.000000+000
Event Type: information
User: 

Computer Name: RICHARDPCNEW
Event Code: 301
Message: msnmsgr (2664) \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\fsr00E83.log.

Record Number: 3457
Source Name: ESENT
Time Written: 20081127171528.000000+000
Event Type: information
User: 

Computer Name: RICHARDPCNEW
Event Code: 301
Message: msnmsgr (2664) \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Richard Anderson\Local Settings\Application Data\Microsoft\Messenger\richard@bridgemics.co.uk\SharingMetadata\Working\database_EAE8_23C5_E823_8EBF\fsr00E82.log.

Record Number: 3456
Source Name: ESENT
Time Written: 20081127171528.000000+000
Event Type: information
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Teleca Shared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
Cheers EF
  #5  
Old 19th Dec 2008, 15:48
Moderator
Posts: 7,557
 
Remove unnecessary startups.

Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
- O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\PROGRAM FILES\Adobe\Reader 9.0\Reader\READER_SL.EXE

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"Alcmtr"=-
"Adobe Reader Speed Launcher"=-
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Suspicious files to scan

Please go to VirSCAN.org FREE on-line scan service
(If more than one file needs scanned they must be done separately and logs posted for each one)

1. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.
Code:
C:\WINDOWS\system32\drivers\ahj8d2x9.sys
2. At the upload site, click once inside the window next to Browse.
3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
4. Click on the Upload button.
This will perform a scan across multiple different virus scanning engines.
Your file will possibly be entered into a queue which normally takes less than a minute to clear.
Important: Wait for all of the scanning engines to complete.
5. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
6. Paste the contents of the Clipboard in your next reply.
__________________
  #6  
Old 19th Dec 2008, 16:05
Donor VIP
Posts: 2,156
 
Results:

HJT: Seemed to work, or at least when I did a scan after, I couldn't see them there,

Registry edit: Said it was successful.

VirScan log:
Code:
VirSCAN.org Scanned Report :
Scanned time   : 2008/12/19 23:02:52 (GMT)
Scanner results: All Scanners reported not find malware!
File Name      : ahj8d2x9.sys
File Size      : 96512 byte
File Type      : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5            : 9f3a2f5aa6875c72bf062c712cfa2674
SHA1           : a719156e8ad67456556a02c34e762944234e7a44
Online report  : http://virscan.org/report/9da79023f2d950edfc5aef9ff4812e70.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      4.0.0.28        20081219013143    2008-12-19  3.13   -
AhnLab V3      2008.12.20.00   2008.12.20        2008-12-20  1.06   -
AntiVir        7.9.0.45        7.1.1.14          2008-12-19  1.66   -
Antiy          2.0.18          20081219.1866304  2008-12-19  0.12   -
Arcavir        1.0.5           200812131407      2008-12-13  1.33   -
Authentium     5.1.1           200812191254      2008-12-19  1.07   -
AVAST!         3.0.1           081218-0          2008-12-18  0.77   -
AVG            7.5.52.442      270.9.19/1857     2008-12-19  1.77   -
BitDefender    7.81008.2364670 7.22641           2008-12-20  2.17   -
CA (VET)       9.0.0.143       31.6.6269         2008-12-19  5.41   -
ClamAV         0.94.1          8786              2008-12-19  0.02   -
Comodo         3.0             781               2008-12-19  0.83   -
CP Secure      1.1.0.715       2008.12.20        2008-12-20  6.21   -
Dr.Web         4.44.0.9170     2008.12.19        2008-12-19  5.25   -
ewido          4.0.0.2         2008.12.19        2008-12-19  3.52   -
F-Prot         4.4.4.56        20081219          2008-12-19  1.07   -
F-Secure       5.51.6100       2008.12.19.09     2008-12-19  3.92   -
Fortinet       2.81-3.117      9.830             2008-12-19  0.17   -
GData          19.1989/19.151  20081219          2008-12-19  3.15   -
ViRobot        20081219        2008.12.19        2008-12-19  0.41   -
Ikarus         T3.1.01.45      2008.12.19.72033  2008-12-19  3.71   -
JiangMin       11.0.706        2008.12.19        2008-12-19  1.42   -
Kaspersky      5.5.10          2008.12.19        2008-12-19  0.04   -
KingSoft       2008.9.8.18     2008.12.19.17     2008-12-19  0.59   -
McAfee         5.3.00          5469              2008-12-19  2.64   -
Microsoft      1.4205          2008.12.19        2008-12-19  4.04   -
mks_vir        2.01            2008.12.19        2008-12-19  2.76   -
Norman         5.93.01         5.93.00           2008-12-18  5.79   -
Panda          9.05.01         2008.12.19        2008-12-19  2.66   -
Trend Micro    8.700-1004      5.724.01          2008-12-19  0.02   -
Quick Heal     10.00           2008.12.19        2008-12-19  0.87   -
Rising         20.0            21.08.42.00       2008-12-19  0.77   -
Sophos         2.82.1          4.37              2008-12-20  1.86   -
Sunbelt        4754            4754              2008-12-10  0.47   -
Symantec       1.3.0.24        20081219.005      2008-12-19  0.19   -
nProtect       20081215.03     2773539           2008-12-15  3.83   -
The Hacker     6.3.1.2         v00193            2008-12-19  0.53   -
VBA32          3.12.8.10       20081218.1321     2008-12-18  1.51   -
VirusBuster    4.5.11.10       10.98.3/730823    2008-12-19  1.00   -
Thanks again EF
  #7  
Old 19th Dec 2008, 16:06
Moderator
Posts: 7,557
 
Everything looks OK. Are there any specific problems or just a check up?
__________________
  #8  
Old 19th Dec 2008, 16:10
Donor VIP
Posts: 2,156
 
Just the problems I mentioned here so, just wanted to check it wasn't some malware, But it seems it is just some bugs in some drivers, or in the OS that is causing it then.
  #9  
Old 19th Dec 2008, 16:18
Moderator
Posts: 7,557
 
Sometimes re-registering everything will do wonders.

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
  • Open the folder and run Dial-a-fix.exe
  • 2 windows will open. Close the one in the background labeled Restrictive Policies
  • Check the box in section 1, Empty temp folders.
  • Check the box in section 2, Fix Windows Installer.
  • Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  • Check all boxes in Section 5, labeled Registration Center.
  • Click Go
  • OK any error messages if received, but write them down and post them here.
  • Restart the computer when done.

----------

If the problem is still present.

Open Dial-a-fix and click the hammer icon.
When complete, select Repair Permissions and click Go
When complete, select Repair/reinstall IE and click Go

If at any time you are prompted for the XP CD, insert it
Make note of any error messages and post them here
Reboot when complete and let me know if there's any change.
__________________
  #10  
Old 19th Dec 2008, 16:42
Donor VIP
Posts: 2,156
 
No, error messages appeared, so I'm restarting now, unfortunately, it will be hard to see if it has worked, because the problems occur at random intervals, so I'll just have to go on for a bit and post another reply if it happens again, otherwise I think it will have sorted it.

Also, do you know of any way to speed up boot up much? I think the main problem is I have quite a few programs opening at startup (ATI control center, Phone and PDA sync managers, AV etc) but was wondering if there is anything I can do, or if I have to stick with it. I have Winpatrol, so I can control what gets put in startup etc.

Lastly, nothing much to do with any of this, but your the one I need to ask about it, I've been wondering what it does by changing the name of HJT to sniper, as you ask in the instructions in the sticky?

Thanks for your time EvilFantasy, I'll give you a +rep for this lot

EDIT: Turns out I can't give you rep, asks me to "spread the rep" so it seems you were the last guy to be helpful to me as well.
Reply
Page 1 of 2 1 2

Register

Similar Threads
Thread Thread Starter Forum Replies Last Post
Network drive and 'sticky' autorun.inf problems. mbond Windows Operating Systems 0 18th Jun 2009 20:23
HJT and other logs antbann Virus, Spyware & Security 1 12th Nov 2008 14:32
My logs thingie2 Virus, Spyware & Security 3 14th Mar 2008 12:20
Thread Tools



Translations Powered by Powered by Google
Arabic Bulgarian Chinese Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Taiwanese Thai Turkish Ukrainian

Copyright ©2006 - 2010 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2010 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.