Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

spigot, very slow shutdown ... malware help needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » February 21st, 2010, 4:29 pm

I have an IBM laptop T60 that I recently found something from spigot,inc (malware?), my machine takes a long time ot shutdown, sometimes mouse clicks are ignored, some programs won't start until the machine is restarted ... please help

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:59:46 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2675067656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8929374187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13351 bytes

3ivx D4 4.5.1 Decoder (remove only)
Access Help
ADiS16350_Eval_Rev_9
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
AusLogics Disk Defrag
AutoCAD LT 98
BCWipe 3.0
Bonjour
CAMtastic 2000 Designers Edition
Catalyst Control Center - Branding
CCS C Compiler Plug-In for MPLAB 6
Corel Uninstaller
CorelDRAW Graphics Suite 11
Critical Update for Windows Media Player 11 (KB959772)
dsPICfdLite
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0
DXP
Echelon ShortStack 2.1 ARM7 Example Port
Echelon ShortStack 2.1 Developer's Kit
EMP Device Programming Software
eZ430-RF2500 Sensor Monitor
FlukeView ScopeMeter 4
FTDI USB Serial Converter Drivers
GIMP 2.6.3
Giveio
Help Center
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Install Network Printer Wizard
HxD Hex Editor version 1.7.7.0
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM USB-to-Serial
Intel PROSet Wireless
Intel(R) Network Connections Drivers
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Keil µVision3
Keil µVision4
Keyspan USB Serial Adapter
Logitech Harmony Remote Software 7
LonMark Resource Files 13.00
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mint Machine Center and Mint WorkBench (5600A)
MobileMe Control Panel
Mozilla Firefox (3.5.8)
Mozilla Thunderbird (2.0.0.23)
MPLAB C for PIC24 MCUs
MPLAB C for PIC24 MCUs - Evaluation
MPLAB Tools v8.20a
MPLAB Tools v8.20a
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
Natco PC LRC Program vsn. 3.0.0
OGA Notifier 2.0.0048.0
On Screen Display
OneTouch Software
OneTouch USB Driver
Palm Desktop and Synchronization Software
Paradigm C++
PC-Doctor 5 for Windows
PCWH
PDFCreator
pdfforge Toolbar v1.1.2
Pico Technology Software
Productivity Center Supplement for ThinkPad
Protel 99 SE
Protel 99 SE Service Pack 6
Python 2.4.3
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remote Control USB Driver
Remove Multimedia Center
Rescue and Recovery - Client Security Solution
Safari
ScanExpress Boundary-Scan Tools
Scroll Lock Indicator Utility
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sense and Control Dashboard version 1.0.3.34412
shadeBlue Indigo Terminal Emulator
Silicon Laboratories C8051Fxxx Tools Release 1.9
Silicon Laboratories C8051Fxxx uVision2 Driver Installation
Silicon Laboratories C8051Fxxx uVision2 Driver v2.1
Silicon Laboratories Development IDE & Examples v2.71
Silicon Laboratories FLASH Programming Utilities
Sonic DLA
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Suunto Monitor
Suunto Training Manager
Suunto USB Drive
Suunto USB Serial Port
System Migration Assistant
System Update
TextPad 4.7
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad UltraNav Wizard
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TrackPoint Accessibility Features
TUSB3410 Single Driver Wrapper
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
uVision2
VC 9.0 Runtime
VC 9.0 Runtime
VCP installer
ViewMate 10.0
VSO CopyToDVD 4
VSO Inspector 1.2.7d
Wallpapers
WinCvs 2.0
Windows Driver Package - Needhams Electronics Inc (empusb) USB (6/27/2005 2.01.0000.0)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live installer
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinMerge 2.12.4
WinZip
XP Themes
ZoneAlarm Anti-virus
ZoneAlarm Toolbar
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm
Advertisement
Register to Remove

Re: spigot, very slow shutdown ... malware help needed

Unread postby MWR 3 day Mod » February 25th, 2010, 2:20 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: spigot, very slow shutdown ... malware help needed

Unread postby melboy » February 27th, 2010, 1:05 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.


IMPORTANT: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backing up: What, how, where



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


====================================================================================


Hijackthis (HJT) Beta 2.03

You are using the BETA version of HJT. Please download the latest stable version (v2.02) version from here

  • Save HJTInstall.exe to your desktop.
  • Do Not install yet.

    Uninstall your BETA version
  • Uninstall HJT via start > control panel > add/remove programs.
  • Using Windows Explorer, locate the HJT folder and ensure it is deleted.
  • Ensure Desktop Shortcut for HJT is deleted.

    Install your New version by following the instructions below.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
    By default it will install to C:\Program Files\Trend Micro\HijackThis
  • Click on Install.
  • Once installed, it will launch Hijackthis.
  • Close Hijackthis



random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)



Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.



In your next reply:
  1. RSIT log.txt
  2. RSIT info.txt
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » February 28th, 2010, 11:02 pm

I could not attach a file because the board attachment limit had been reached ... so I pasted the files into this and another reply

the gmer file was difficult to get .. it took about 15 hours and I had to remove the internet conection and most of the running programs


info.txt logfile of random's system information tool 1.06 2010-02-27 17:40:58

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ivx D4 4.5.1 Decoder (remove only)-->"C:\Program Files\3ivx\3ivx D4 4.5.1 Decoder\uninstall.exe"
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
ADiS16350_Eval_Rev_9-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Analog Devices iSensors\ADiS16350_Eval_Rev_9\ST6UNST.LOG"
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x3a43
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AutoCAD LT 98-->C:\WINDOWS\acremen.exe ACLT-2453828:21216125
BCWipe 3.0-->"C:\WINDOWS\BCUnInstall.exe" C:\Program Files\Jetico\BCWipe\UnInstall.log
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CAMtastic 2000 Designers Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{179B0A60-381C-11D4-9B4E-00A0C971727F}\setup.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}
CCS C Compiler Plug-In for MPLAB 6-->C:\PROGRA~1\PICC\UNWISE.EXE C:\PROGRA~1\PICC\INSTALL.LOG
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
CorelDRAW Graphics Suite 11-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
dsPICfdLite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAF9A8FA-671E-4F58-B613-C24054445CC6}\setup.exe" -l0x9
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.0-->"C:\Program Files\DVDFab 5\unins000.exe"
Echelon ShortStack 2.1 ARM7 Example Port-->MsiExec.exe /X{096A0081-8D94-4C14-BFA9-CF03FE1D0A74}
Echelon ShortStack 2.1 Developer's Kit-->MsiExec.exe /X{737EAB6D-CB7A-4C45-A448-68E2998D382E}
EMP Device Programming Software-->MsiExec.exe /X{1C92BA92-5132-4FA1-B4F5-93AD59375924}
eZ430-RF2500 Sensor Monitor-->C:\Program Files\eZ430-RF2500 Sensor Monitor\uninstall Sensor Monitor.exe
FlukeView ScopeMeter 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CAB6A1C-3423-4EA0-8871-9CCA3672602B}\setup.exe"
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
GIMP 2.6.3-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Giveio-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\GIVEIO.INF, DefaultUninstall.ntx86
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\SETUP.EXE" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Install Network Printer Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DF12C94-8D3D-43D4-AF3C-754F51CB89CD}\Setup.exe" -l0x9 UNINSTALL
HxD Hex Editor version 1.7.7.0-->"C:\Program Files\HxD\unins000.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362ADCE1-0118-4DBC-82CB-12B972735049}\Setup.exe" -l0x9 Installed
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Keil µVision3-->C:\Keil\Uninstall.exe
Keil µVision4-->C:\Keil\Uninstall.exe
Keyspan USB Serial Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}\setup.exe" -l0x9
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {27A9D316-D332-433B-8EB1-1D93EE49F26D}
Microsoft Office Project 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {9E73617F-2F38-4864-BD61-BB2DDFE43323}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPROR /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{91120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0017-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {E1C33B03-3FE9-45BF-91E4-0266F38618C6}
Microsoft Office SharePoint Designer 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SHAREPOINTDESIGNERR /dll OSETUP.DLL
Microsoft Office SharePoint Designer 2007-->MsiExec.exe /X{91120000-0017-0000-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (English) 2007-->MsiExec.exe /X{90120000-0017-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mint Machine Center and Mint WorkBench (5600A)-->MsiExec.exe /I{32466AC5-29ED-4048-B91F-3F8C34A4DE58}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
MPLAB C for PIC24 MCUs - Evaluation-->"C:\Program Files\InstallShield Installation Information\{0C545517-172B-41A6-A466-07AAFBB560C9}\setup.exe" -runfromtemp -l0x0009 -removeonly
MPLAB C for PIC24 MCUs-->"C:\Program Files\InstallShield Installation Information\{0B345ECD-039D-48D3-B46B-156C2C788FF7}\setup.exe" -runfromtemp -l0x0009 -removeonly
MPLAB Tools v8.20a-->"C:\Program Files\InstallShield Installation Information\{8CF5C176-FE64-416D-B116-7660CCDC6812}\Install_MPLAB_8_20a.exe" -runfromtemp -l0x0409 -removeonly
MPLAB Tools v8.20a-->MsiExec.exe /I{8CF5C176-FE64-416D-B116-7660CCDC6812}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Natco PC LRC Program vsn. 3.0.0-->MsiExec.exe /I{74DA7EDD-8423-43FA-B6C1-9B95AD77F45F}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Palm Desktop and Synchronization Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall
Paradigm C++-->C:\WINDOWS\IsUninst.exe -fc:\Paradigm\pcpp.isu
PC-Doctor 5 for Windows-->C:\Program Files\PCDR5\uninst.exe
PCWH-->C:\PROGRA~1\PICC\UNWISE.EXE C:\PROGRA~1\PICC\INSTALL.LOG
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
Pico Technology Software-->MsiExec.exe /I{A8F8B443-9809-4C33-B7BF-64ECAEEC929B}
Protel 99 SE Service Pack 6-->C:\PROGRA~1\DESIGN~1\System\UNINST~1\SERVIC~1\UNWISE.EXE /R C:\PROGRA~1\DESIGN~1\System\UNINST~1\SERVIC~1\INSTALL.LOG
Protel 99 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{498EE1A0-971C-11D3-A365-0080C8D7EFAF}\setup.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Remove Multimedia Center-->C:\ibmtools\apps\recnow\sequencer.exe -fc:\ibmtools\apps\recnow\uninst.seq
Rescue and Recovery - Client Security Solution-->MsiExec.exe /I{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}
Scroll Lock Indicator Utility-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\TpScrLk.inf
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sense and Control Dashboard version 1.0.3.34412-->"C:\Program Files\Cypress\SCD\1.00\unins000.exe"
shadeBlue Indigo Terminal Emulator-->C:\PROGRA~1\SHADEB~1\Indigo\UNWISE.EXE C:\PROGRA~1\SHADEB~1\Indigo\INSTALL.LOG
Silicon Laboratories C8051Fxxx Tools Release 1.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92F6B3DE-CE3D-4FA0-A61C-DA13F844A347}\setup.exe" -l0x9
Silicon Laboratories C8051Fxxx uVision2 Driver v2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93C0452F-A242-4542-829C-AE8807F00C42}\setup.exe" -l0x9 -removeonly
Silicon Laboratories FLASH Programming Utilities-->"C:\Program Files\InstallShield Installation Information\{4E3B9EF1-90A6-4FF2-879F-AADA4A6A14EB}\setup.exe" -runfromtemp -l0x0009 -removeonly
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Suunto Monitor-->"C:\Program Files\Suunto Monitor\unins000.exe"
Suunto Training Manager-->"C:\Program Files\Suunto Training Manager\unins000.exe"
Suunto USB Drive-->"C:\WINDOWS\unins000.exe"
Suunto USB Serial Port-->C:\WINDOWS\system32\suuunin2k.exe C:\WINDOWS\system32\suuunin.u2k
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.INF
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\IBMTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TUSB3410 Single Driver Wrapper-->MsiExec.exe /X{3956160C-D6B7-490C-A991-1C8167E91009}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0017-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-003B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Project 2007 Help (KB963668)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {1DF07773-4289-4998-BC2C-83539AD85C50}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)-->msiexec /package {90120000-0017-0409-0000-0000000FF1CE} /uninstall {9A9DF47B-DB4B-485D-8211-7430ABEC5259}
Update for Microsoft Office Visio 2007 Help (KB963666)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
uVision2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A5E79C4-00C8-45F5-AA3F-5F1F1618D34A}\setup.exe" -l0x9
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VCP installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{15F092F3-4488-49A1-87EA-2BD40338AEAC}
VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"
VSO Inspector 1.2.7d-->"C:\Program Files\vso\tools\unins000.exe"
WinCvs 2.0-->"C:\Program Files\GNU\WinCvs 2.0\unins000.exe"
Windows Driver Package - Needhams Electronics Inc (empusb) USB (6/27/2005 2.01.0000.0)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\empusb_29AC06753320B1ED9352B1A22EDF017AD47B9F04\empusb.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.12.4-->"C:\Program Files\WinMerge\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
ZoneAlarm Anti-virus-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Toolbar-->C:\Program Files\CheckPoint\ZAForceField\Uninstall.exe

======Security center information======

AV: ZoneAlarm Antivirus
FW: ZoneAlarm Firewall

======System event log======

Computer Name: LENOVO-3D921F96
Event Code: 7000
Message: The Cypress ezusb service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 46798
Source Name: Service Control Manager
Time Written: 20100203082431.000000-360
Event Type: error
User:

Computer Name: LENOVO-3D921F96
Event Code: 7000
Message: The Analog Devices BV USB Driver (adbvusb.sys) service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 46797
Source Name: Service Control Manager
Time Written: 20100203082431.000000-360
Event Type: error
User:

Computer Name: LENOVO-3D921F96
Event Code: 14319
Message: Service 'WMPNetworkSvc' did not start because Group Policy is preventing Windows Media Player from sharing media with other devices.

Record Number: 46795
Source Name: WMPNetworkSvc
Time Written: 20100203082413.000000-360
Event Type: error
User:

Computer Name: LENOVO-3D921F96
Event Code: 8032
Message: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{54648897-F9E7-419F-AB6D-E07057F7F284}.
The backup browser is stopping.

Record Number: 46786
Source Name: BROWSER
Time Written: 20100203074818.000000-360
Event Type: error
User:

Computer Name: LENOVO-3D921F96
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\DELL_DESKTOP on the network \Device\NetBT_Tcpip_{54648897-F9E7-419F-AB6D-E07057F7F284}.
The data is the error code.

Record Number: 46785
Source Name: BROWSER
Time Written: 20100203074454.000000-360
Event Type: warning
User:

=====Application event log=====

Computer Name: LENOVO-3D921F96
Event Code: 1002
Message: Hanging application Client99SE.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 23831
Source Name: Application Hang
Time Written: 20091020165552.000000-300
Event Type: error
User:

Computer Name: LENOVO-3D921F96
Event Code: 1517
Message: Windows saved user LENOVO-3D921F96\Jeff Rosenberg registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 23775
Source Name: Userenv
Time Written: 20091016070541.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-3D921F96
Event Code: 1002
Message: Hanging application Client99SE.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 23773
Source Name: Application Hang
Time Written: 20091015225506.000000-300
Event Type: error
User:

Computer Name: LENOVO-3D921F96
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 23704
Source Name: ASP.NET 2.0.50727.0
Time Written: 20091014073057.000000-300
Event Type: warning
User:

Computer Name: LENOVO-3D921F96
Event Code: 1517
Message: Windows saved user LENOVO-3D921F96\Jeff Rosenberg registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 23654
Source Name: Userenv
Time Written: 20091011233614.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\LonWorks\Bin;C:\Program Files\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\IBM ThinkVantage\Client Security Solution;C:\PROGRA~1\PICC;C:\Program Files\Pico Technology\Pico Full\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Lenovo;C:\Program Files\shadeBlue\Indigo;C:\Program Files\Microchip\MPLAB IDE\VDI;C:\Program Files\Microchip\MPLAB C30\bin;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SMA"=C:\Program Files\IBM ThinkVantage\SMA\
"IBMSHARE"=%SystemDrive%\IBMSHARE
"RR"=C:\Program Files\IBM ThinkVantage\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\IBM ThinkVantage\Common\Python24
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TVT"=C:\Program Files\Lenovo
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » February 28th, 2010, 11:05 pm

here is the log file
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jeff Rosenberg at 2010-02-27 17:40:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (40%) free of 91 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:50 PM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff Rosenberg\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff Rosenberg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2675067656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8929374187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13208 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2009-12-28 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2009-12-28 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2009-10-14 578928]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2009-12-28 700416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-07-03 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2009-02-02 181536]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-03-23 120368]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-12-21 1996336]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-10-17 1037192]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2009-10-14 730480]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2010-01-04 685392]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-11-10 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2009-05-21 100104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-08 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfy
psqlpwd
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc75fcfc-005b-11de-bb62-0014a4d724f4}]
shell\AutoRun\command - E:\wubi.exe --cdmenu


======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-02-27 17:40:28 ----D---- C:\rsit
2010-02-27 17:38:39 ----D---- C:\Program Files\Trend Micro
2010-02-26 06:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-21 08:54:37 ----D---- C:\Documents and Settings\Jeff Rosenberg\Application Data\Auslogics
2010-02-21 07:23:19 ----A---- C:\Documents and Settings\Jeff Rosenberg\Application Data\netstat.bat
2010-02-19 22:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-19 22:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-19 22:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-19 22:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-19 22:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-19 22:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-19 22:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-19 22:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-19 22:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 09:26:19 ----D---- C:\Program Files\Common Files\Remote Control Software Common
2010-02-11 09:26:10 ----D---- C:\Program Files\Logitech
2010-02-11 09:25:12 ----D---- C:\Program Files\Common Files\Remote Control USB Driver
2010-02-02 09:41:11 ----D---- C:\Program Files\iPod
2010-02-02 09:40:53 ----D---- C:\Program Files\iTunes
2010-02-02 09:29:34 ----D---- C:\Program Files\Safari

======List of files/folders modified in the last 1 months======

2010-02-27 17:40:41 ----D---- C:\WINDOWS\Prefetch
2010-02-27 17:39:53 ----D---- C:\WINDOWS\Internet Logs
2010-02-27 17:38:39 ----RD---- C:\Program Files
2010-02-27 17:28:06 ----D---- C:\Program Files\Mozilla Thunderbird
2010-02-27 17:25:09 ----RSHD---- C:\RRbackups
2010-02-27 17:23:50 ----D---- C:\WINDOWS\Temp
2010-02-27 17:21:57 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-27 17:21:40 ----SHD---- C:\System Volume Information
2010-02-27 16:00:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-27 16:00:04 ----A---- C:\Log.txt
2010-02-27 13:17:40 ----SHD---- C:\WINDOWS\Installer
2010-02-26 12:25:28 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 06:32:57 ----AD---- C:\WINDOWS
2010-02-26 06:31:00 ----AD---- C:\WINDOWS\system32
2010-02-26 06:28:29 ----HD---- C:\WINDOWS\inf
2010-02-26 06:28:22 ----A---- C:\WINDOWS\imsins.BAK
2010-02-26 06:28:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-26 06:28:15 ----D---- C:\WINDOWS\ie8updates
2010-02-26 06:27:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-25 23:25:03 ----A---- C:\WINDOWS\TextEdit99SE.INI
2010-02-25 23:25:03 ----A---- C:\WINDOWS\AdvSch99SE.ini
2010-02-25 23:25:03 ----A---- C:\WINDOWS\ADVPCB99SE.INI
2010-02-25 23:25:02 ----A---- C:\WINDOWS\Client99SE.INI
2010-02-25 23:06:24 ----A---- C:\WINDOWS\ProHelp99SE.INI
2010-02-23 22:51:55 ----A---- C:\WINDOWS\Netlist99SE.INI
2010-02-23 21:11:10 ----A---- C:\WINDOWS\AdvRoute.ini
2010-02-21 15:29:49 ----A---- C:\WINDOWS\CAMManager99SE.ini
2010-02-21 08:50:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-21 08:48:10 ----D---- C:\WINDOWS\system32\drivers
2010-02-21 08:45:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-21 08:45:41 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-19 22:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-17 10:31:54 ----D---- C:\temp
2010-02-11 09:26:19 ----D---- C:\Program Files\Common Files
2010-02-11 09:25:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-09 01:09:01 ----D---- C:\Program Files\pdfforge Toolbar
2010-02-03 00:50:16 ----A---- C:\WINDOWS\ManRoute99SE.INI
2010-02-03 00:47:55 ----A---- C:\WINDOWS\CAM2000DE.ini
2010-02-02 09:41:07 ----D---- C:\Program Files\Common Files\Apple
2010-02-02 09:36:03 ----D---- C:\Program Files\QuickTime
2010-02-01 17:20:16 ----RHD---- C:\Documents and Settings\Jeff Rosenberg\Application Data\Microchip
2010-02-01 13:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-30 22:36:00 ----A---- C:\WINDOWS\CAMNCDrill99SE.ini
2010-01-30 22:35:38 ----A---- C:\WINDOWS\CAMGerber99SE.ini
2010-01-30 22:34:33 ----A---- C:\WINDOWS\CAMBillOfMaterials99SE.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-12 317072]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-09 31846]
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2009-05-13 13360]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-10-17 486280]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 ds1410d;ds1410d; \??\C:\WINDOWS\system32\Drivers\ds1410d.sys []
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 EMPNT;EMPNT; C:\WINDOWS\system32\drivers\EMPNT.sys [2003-11-13 3360]
R2 giveio;giveio; C:\WINDOWS\system32\drivers\giveio.sys [2001-09-07 5161]
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PDNTGEI;Paradigm GEI PromICE Driver; C:\WINDOWS\system32\drivers\PDNTGEI.sys [1999-07-15 33952]
R2 PIO_1149;pio_1149; \??\C:\WINDOWS\system32\Drivers\pio_1149.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2009-08-10 13952]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2009-08-10 69936]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-11-11 3301888]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-11-01 1342122]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-03-18 241296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-09-15 5977216]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-11 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-12-08 50832]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ADBVUSB;Analog Devices BV USB Driver (adbvusb.sys); C:\WINDOWS\System32\Drivers\ezusb.sys [2003-03-13 27507]
S2 EZUSB;Cypress ezusb; C:\WINDOWS\System32\Drivers\ezusb.sys [2003-03-13 27507]
S2 MCP_SPI;%MCP_SPI.SvcDesc%; C:\WINDOWS\System32\Drivers\MCP_SPI.sys [2006-04-04 11497]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS); C:\WINDOWS\System32\Drivers\icd2w2k.sys [2004-03-22 12427]
S2 PICOPP;Pico Technology Ltd USB Driver (picopp.sys); C:\WINDOWS\System32\Drivers\picopp.sys [2007-03-01 86680]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-11-01 56648]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 empusb;empusb; C:\WINDOWS\system32\DRIVERS\empusb.sys [2005-05-16 11520]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512]
S3 jlink;J-Link driver; C:\WINDOWS\System32\Drivers\jlink.sys [2007-03-05 14208]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 NCBULK;MPLAB HS USB client driver; C:\WINDOWS\system32\drivers\RealICEBulk.sys [2007-04-05 12160]
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2007-02-27 1783936]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-05-22 15326]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-17 47360]
S3 PSoCUSB;Cypress PSoC Designer USB Driver; C:\WINDOWS\System32\Drivers\Cypress\FTRF\PSoCUSB.sys [2008-11-24 38144]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN; C:\WINDOWS\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 slabbus;Suunto Sports Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-05-11 55312]
S3 slabser;Suunto USB Serial Port Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-05-11 89808]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 umpusbxp;VCP Serial Port Driver; C:\WINDOWS\system32\DRIVERS\umpusbxp.sys [2004-11-01 76768]
S3 USA19H;USA19H; C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver; C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 44928]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBMotion;USBMotion.SYS - USB Motion Controller; C:\WINDOWS\System32\Drivers\USBMotion.sys [2007-07-27 19968]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MSP430 Application UART; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-03-23 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BCSWAP;BCSWAP; C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-09-13 91496]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2009-12-28 380928]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-11-10 573440]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2005-11-01 258103]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2007-03-14 122880]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 858384]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-03-19 38176]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-09-21 954368]
R2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-01-04 1012080]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2009-01-28 39976]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-12-21 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-12-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-10-17 2384240]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » February 28th, 2010, 11:07 pm

here is the gmer file
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-28 17:28:47
Windows 5.1.2600 Service Pack 3
Running: 299gtjx2.exe; Driver: C:\DOCUME~1\JEFFRO~1\LOCALS~1\Temp\pwdoikob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB9DCC542]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwClose [0xB9DCCDBA]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB968E600]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateEvent [0xB9DCDDCC]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB9687D50]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF7B674D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateMutant [0xB9DCDCA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB9DCC148]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB968EE10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB96A5D00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB96A6120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB96B0210]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB9DCDEFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB9DCF784]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwCreateThread [0xB9DCCA58]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB968EF80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB9DCF176]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB9688C30]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB96AD750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB96AD130]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB9DCD524]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB96A4E40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateKey [0xB9DCBE80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB9DCBF2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwFsControlFile [0xB9DCD330]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwLoadDriver [0xB9DCF208]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB96AE050]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB96AE280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB96B05C0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB9DCC076]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenEvent [0xB9DCDE6E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB9688720]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenKey [0xB9DCB592]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenMutant [0xB9DCDD3C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB96A8420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSection [0xB9DCF7AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB9DCDFA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB96A7FF0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryKey [0xB9DCBFD4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB9DCBBFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQuerySection [0xB9DCFB50]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueryValueKey [0xB9DCB84C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwQueueApcThread [0xB9DCF49E]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB96AF400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB96AEA10]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyPort [0xB9DCE32A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB9DCE1F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB968E150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB96AF0A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwResumeThread [0xB9DD0028]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSaveKey [0xB9DCB1FE]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB968E8E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetContextThread [0xB9DCCC76]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB9689050]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetInformationToken [0xB9DCE86C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xB96AF8B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB9DCFC90]
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF7B67520]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendProcess [0xB9DCFD74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwSuspendThread [0xB9DCFE9C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB96A6CF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB96A6A20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwTerminateThread [0xB9DCC80E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB9DCFA06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB9DCC998]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wxp_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat B1858D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a80d70c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4d724f4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a80d70c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0014a4d724f4 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500\1106b091-f036-4f81-bd93-bbf66a490d07 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500\65149341-9132-4335-81ce-3f8fefc7c34e 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_5eca0dc8-a8a1-4714-9be5-773c9a8668be 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_5eca0dc8-a8a1-4714-9be5-773c9a8668be 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_5eca0dc8-a8a1-4714-9be5-773c9a8668be 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_5eca0dc8-a8a1-4714-9be5-773c9a8668be 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\a81bb17e1f5dc49a730b06b63f6d28e9_5eca0dc8-a8a1-4714-9be5-773c9a8668be 61 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_5eca0dc8-a8a1-4714-9be5-773c9a8668be 893 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\ThinkVantage\Client Security\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500\1106b091-f036-4f81-bd93-bbf66a490d07 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500\65149341-9132-4335-81ce-3f8fefc7c34e 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\21378957aab141e9016e6ce20b2d9297_5eca0dc8-a8a1-4714-9be5-773c9a8668be 47 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\6b29ae44e85efac3c72ff4d1865d73f1_5eca0dc8-a8a1-4714-9be5-773c9a8668be 53 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\83aa4cc77f591dfc2374580bbd95f6ba_5eca0dc8-a8a1-4714-9be5-773c9a8668be 45 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\8f71098770f72c7a67cd8f1151619865_5eca0dc8-a8a1-4714-9be5-773c9a8668be 54 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\b5a30ed1fba43e4369d128c7fafe703a_5eca0dc8-a8a1-4714-9be5-773c9a8668be 55 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\c566e256c9c83c93d039b46dd5977a82_5eca0dc8-a8a1-4714-9be5-773c9a8668be 51 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Crypto\RSA\S-1-5-21-850112161-2060084202-4171111548-1005\fc18fee1a3c34156184c76fe26419dc1_5eca0dc8-a8a1-4714-9be5-773c9a8668be 923 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500\1106b091-f036-4f81-bd93-bbf66a490d07 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-3329469142-1727329023-3477221585-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\8caa78a9-6351-497c-8854-6b5dd99da8d0 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\0a119121-5e9c-4d9e-9bb0-485f54302257 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\29c23a58-9ce6-4739-9ddd-f5b3260f79c4 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\464df6c8-b8c9-444c-94ee-2e71e02b1499 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\505ca41c-507d-4b69-abc8-cde1ec99bf12 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\55003389-5ba5-46f1-996b-85f8a10425e6 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\62aadd80-ff7e-405f-a5d4-37ed4fad8558 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\82b35da3-afa5-4d53-bb2a-10a4ec648096 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\92876c70-01e5-4dd1-bdc6-19c400079e51 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\95ba66e4-67a5-462e-9ce6-b7d6be3f1546 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\9b9417f0-135e-41b7-a47a-0540ab57a4c1 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\c2ed9f9f-c937-40c6-be35-78534b8600de 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\ed80b77f-37ea-4afc-831a-0ca2b6acc5d5 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\fbd536b1-dece-4cf5-ae78-2ec929302ab6 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\fc9e8fd8-8b55-4e19-80a6-da4ccd44418d 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-850112161-2060084202-4171111548-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500\65149341-9132-4335-81ce-3f8fefc7c34e 388 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\Protect\S-1-5-21-953274704-1044022726-3584609443-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security 0 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security\encobject.dat 4824 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security\hwkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security\pwdrecovery.dat 1104 bytes
File C:\RRbackups\Documents and Settings\Jeff Rosenberg\Application Data\ThinkVantage\Client Security\symkeys.dat 2624 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\hints.dat 8192 bytes
File C:\RRbackups\regcerts.dat 8192 bytes
File C:\RRbackups\SAM 262144 bytes
File C:\RRbackups\system 8126464 bytes
File C:\RRbackups\system.dat 12288 bytes
File C:\RRbackups\tvt.txt 9450 bytes
File C:\RRbackups\usersids.dat 16640 bytes

---- EOF - GMER 1.0.15 ----
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby melboy » March 1st, 2010, 4:33 pm

Hi

brokenarrow_jeff wrote:I have an IBM laptop T60 that I recently found something from spigot,inc (malware?)


Application updater? It looks to have been bundled with this: pdfforge Toolbar v1.1.2


Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program below and click Remove
      pdfforge Toolbar v1.1.2



    TFC

    • Please download TFC by Old Timer to your desktop,
    • Save any unsaved work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • Click the Start button in the bottom left of TFC
    • If prompted, click "Yes" to reboot.

    Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



    Malwarebytes' Anti-Malware (MBAM)

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Select Perform Quick scan, then click on Scan
    • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
    • Check all items then click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply.

      The log can also be found here:
      1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
      2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » March 2nd, 2010, 11:28 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3816
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/2/2010 6:17:52 PM
mbam-log-2010-03-02 (18-17-52).txt

Scan type: Quick Scan
Objects scanned: 137375
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby melboy » March 3rd, 2010, 3:57 am

Hi

Hows the computer running?



Update Adobe Reader
Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 9.3 to your PC's desktop.
  • Uninstall Adobe Reader 9.2 via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Uninstall all old versions of Java
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 15
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



TFC

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.

  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » March 3rd, 2010, 9:02 am

Melboy:

first, I really appreciate your help ... second ... I removed acrobat 9.2, installed 9.3, removed the old java, installed the new java, ran tfc ... then I tried to run the eset online scanner from firefox ... it just froze my laptop ... I had to use task manager to exit firefox ... I tried this several times with reboots, etc ... same result ... I also don't seem to be able to open new windows in firefox, links in web pages (example: the TFC blue link on your last post) will not link, and the google search toolbar in firefox doesn't seem to work all the time

my computer runs many applications ok but it still takes about 90 seconds to shutdown, many times the mouse left click does not work or has to be used several times ... there is still something wrong

did I say I really appreciate your help? ... hopefully at the end of this you can give me some advice on what antivirus/malware tools you use

jeff
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby melboy » March 3rd, 2010, 9:17 am

Hi Jeff

You're welcome!

Are the browser problems limited to FireFox? What about IE?

Try the Kaspersky scan instead - let me know if you have problems.



Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » March 3rd, 2010, 3:14 pm

Melboy:

I think I may have messed up a little ... I tried to get the Kaspersky online version and turned out to get a version that loaded onto my pc ... it asked me to remove the ZoneLabs antivirus so I did ... now I have a Kaspersky 30 day free trial version loaded ... so I did a full scan with Kaspersky, which took 2 hours and it found nothing that needed fixing (report included)... I also included a hijackthis report

Date: Today (events: 144)
My Update Center (events: 4)
3/3/2010 12:59:34 PM Task completed Kaspersky Anti-Virus Subsystem My Update Center
3/3/2010 12:57:18 PM Task started Kaspersky Anti-Virus Subsystem My Update Center
3/3/2010 10:47:06 AM Task completed Kaspersky Anti-Virus Subsystem My Update Center
3/3/2010 10:42:33 AM Task started Kaspersky Anti-Virus Subsystem My Update Center
Objects Scan (events: 6)
3/3/2010 1:00:17 PM Task completed Kaspersky Anti-Virus Subsystem Quick Scan
3/3/2010 12:59:43 PM Task started Kaspersky Anti-Virus Subsystem Quick Scan
3/3/2010 12:49:41 PM Task completed Kaspersky Anti-Virus Subsystem Rootkit Scan
3/3/2010 12:42:33 PM Task started Kaspersky Anti-Virus Subsystem Rootkit Scan
3/3/2010 12:38:10 PM Task completed Kaspersky Anti-Virus Subsystem Full Scan
3/3/2010 10:48:27 AM Task started Kaspersky Anti-Virus Subsystem Full Scan
IM Anti-Virus (events: 1)
3/3/2010 10:42:14 AM Task started Kaspersky Anti-Virus Subsystem IM Anti-Virus
Proactive Defense (events: 1)
3/3/2010 10:42:14 AM Task started Kaspersky Anti-Virus Subsystem Proactive Defense
System Watch (events: 123)
3/3/2010 10:42:14 AM System File System System
3/3/2010 10:42:14 AM  File  
3/3/2010 10:42:14 AM Windows NT Session Manager File C:\WINDOWS\system32\ SMSS.EXE
3/3/2010 10:42:14 AM Client Server Runtime Process File C:\WINDOWS\system32\ CSRSS.EXE
3/3/2010 10:42:14 AM Windows NT Logon Application File C:\WINDOWS\system32\ WINLOGON.EXE
3/3/2010 10:42:14 AM Services and Controller app File C:\WINDOWS\system32\ SERVICES.EXE
3/3/2010 10:42:14 AM LSA Shell (Export Version) File C:\WINDOWS\system32\ LSASS.EXE
3/3/2010 10:42:14 AM ThinkPad Power Management Service File C:\WINDOWS\system32\ IBMPMSVC.EXE
3/3/2010 10:42:14 AM ATI External Event Utility EXE Module File C:\WINDOWS\system32\ ATI2EVXX.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM Intel(R) Wireless Management Service File C:\Program Files\INTEL\WIFI\BIN\ S24EVMON.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM ATI External Event Utility EXE Module File C:\WINDOWS\system32\ ATI2EVXX.EXE
3/3/2010 10:42:14 AM Spooler SubSystem App File C:\WINDOWS\system32\ SPOOLSV.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM Apple Mobile Device Service File C:\Program Files\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\ APPLEMOBILEDEVICESERVICE.EXE
3/3/2010 10:42:14 AM Bonjour Service File C:\Program Files\BONJOUR\ MDNSRESPONDER.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM Bluetooth Support Server File C:\Program Files\THINKPAD\BLUETOOTH SOFTWARE\BIN\ BTWDINS.EXE
3/3/2010 10:42:14 AM CrypKey NT Service File C:\WINDOWS\system32\ CRYPSERV.EXE
3/3/2010 10:42:14 AM Intel(R) PROSet/Wireless Event Log Service File C:\Program Files\INTEL\WIFI\BIN\ EVTENG.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM RegMgr Module File C:\Program Files\COMMON FILES\INTERVIDEO\REGMGR\ IVIREGMGR.EXE
3/3/2010 10:42:14 AM Java(TM) Quick Starter Service File C:\Program Files\JAVA\JRE6\BIN\ JQS.EXE
3/3/2010 10:42:14 AM Intel(R) PROSet/Wireless Registry Service File C:\Program Files\COMMON FILES\INTEL\WIRELESSCOMMON\ REGSRVC.EXE
3/3/2010 10:42:14 AM Sunbelt Software Anti Malware Service File C:\Program Files\SUNBELT SOFTWARE\COUNTERSPY\ SBAMSVC.EXE
3/3/2010 10:42:14 AM Generic Host Process for Win32 Services File C:\WINDOWS\system32\ SVCHOST.EXE
3/3/2010 10:42:14 AM ThinkVantage Registry Monitor Service File C:\Program Files\COMMON FILES\LENOVO\ TVT_REG_MONITOR_SVC.EXE
3/3/2010 10:42:14 AM ThinkVantage Active Protection System - HDD Logger Module File C:\WINDOWS\system32\ TPHDEXLG.EXE
3/3/2010 10:42:14 AM TPKMPSVC.EXE File C:\WINDOWS\system32\ TPKMPSVC.EXE
3/3/2010 10:42:14 AM ibmtcsd Application File C:\Program Files\IBM THINKVANTAGE\CLIENT SECURITY SOLUTION\ IBMTCSD.EXE
3/3/2010 10:42:14 AM rrservice Module File C:\Program Files\IBM THINKVANTAGE\RESCUE AND RECOVERY\ RRSERVICE.EXE
3/3/2010 10:42:14 AM ThinkVantage Scheduler File C:\Program Files\COMMON FILES\LENOVO\SCHEDULER\ TVTSCHED.EXE
3/3/2010 10:42:14 AM PWMDBSVC Module File C:\Program Files\THINKPAD\UTILITIES\ PWMDBSVC.EXE
3/3/2010 10:42:14 AM ThinkVantage System Update Service File C:\Program Files\LENOVO\SYSTEM UPDATE\ SUSERVICE.EXE
3/3/2010 10:42:14 AM Windows Update File C:\WINDOWS\system32\ WUAUCLT.EXE
3/3/2010 10:42:14 AM WMI File C:\WINDOWS\system32\WBEM\ UNSECAPP.EXE
3/3/2010 10:42:14 AM Windows Explorer File C:\WINDOWS\ EXPLORER.EXE
3/3/2010 10:42:14 AM Application Layer Gateway Service File C:\WINDOWS\system32\ ALG.EXE
3/3/2010 10:42:14 AM WMI File C:\WINDOWS\system32\WBEM\ WMIPRVSE.EXE
3/3/2010 10:42:14 AM Synaptics TouchPad Enhancements File C:\Program Files\SYNAPTICS\SYNTP\ SYNTPENH.EXE
3/3/2010 10:42:14 AM ThinkVantage Active Protection System File C:\WINDOWS\system32\ TPSHOCKS.EXE
3/3/2010 10:42:14 AM ThinkPad EasyEject Support Application File C:\PROGRA~1\ThinkPad\UTILIT~1\ EzEjMnAp.Exe
3/3/2010 10:42:14 AM On screen display message generator for ThinkPad File C:\Program Files\LENOVO\HOTKEY\ TPOSDSVC.EXE
3/3/2010 10:42:14 AM ThinkVantage Productivity Center Manager File C:\PROGRA~1\THINKV~2\PrdCtr\ LPMGR.exe
3/3/2010 10:42:14 AM cssauth File C:\Program Files\IBM THINKVANTAGE\CLIENT SECURITY SOLUTION\ CSSAUTH.EXE
3/3/2010 10:42:14 AM PrivateDisk Service File C:\Program Files\IBM THINKVANTAGE\SAFEGUARD PRIVATEDISK\ PDSERVICE.EXE
3/3/2010 10:42:14 AM ThinkPad Power Manager Background Monitor and Tray Battery Gauge File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWRMGRTR.DLL
3/3/2010 10:42:14 AM TouchPad Driver Helper Application File C:\Program Files\SYNAPTICS\SYNTP\ SYNTPLPR.EXE
3/3/2010 10:42:14 AM TPSCRLK.EXE File C:\WINDOWS\system32\ TPSCRLK.EXE
3/3/2010 10:42:14 AM On screen display drawer File C:\Program Files\LENOVO\HOTKEY\ TPONSCR.EXE
3/3/2010 10:42:14 AM SMax4PNP File C:\Program Files\ANALOG DEVICES\CORE\ SMAX4PNP.EXE
3/3/2010 10:42:14 AM Drive Letter Access Component File C:\WINDOWS\system32\DLA\ DLACTRLW.EXE
3/3/2010 10:42:14 AM Bluetooth Control Panel Applet File C:\WINDOWS\system32\ BTHPROPS.CPL
3/3/2010 10:42:14 AM ThinkPad Full Screen Magnifier File C:\Program Files\LENOVO\ZOOM\ TPSCREX.EXE
3/3/2010 10:42:14 AM Message Center Plus Launcher File C:\Program Files\LENOVO\MESSAGE CENTER PLUS\ MCPLAUNCH.EXE
3/3/2010 10:42:14 AM scheduler_proxy Application File C:\Program Files\COMMON FILES\LENOVO\SCHEDULER\ SCHEDULER_PROXY.EXE
3/3/2010 10:42:14 AM SBAMTray Application File C:\Program Files\SUNBELT SOFTWARE\COUNTERSPY\ SBAMTRAY.EXE
3/3/2010 10:42:14 AM Catalyst Control Center: Monitoring program File C:\Program Files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\ MOM.EXE
3/3/2010 10:42:14 AM iTunesHelper File C:\Program Files\ITUNES\ ITUNESHELPER.EXE
3/3/2010 10:42:14 AM Catalyst Control Centre: Host application File C:\Program Files\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\ CCC.EXE
3/3/2010 10:42:14 AM Java(TM) Update Scheduler File C:\Program Files\COMMON FILES\JAVA\JAVA UPDATE\ JUSCHED.EXE
3/3/2010 10:42:14 AM CTF Loader File C:\WINDOWS\system32\ CTFMON.EXE
3/3/2010 10:42:14 AM Windows Media Player Network Sharing Service Configuration Application File C:\Program Files\WINDOWS MEDIA PLAYER\ WMPNSCFG.EXE
3/3/2010 10:42:14 AM Digital Line Detection File C:\Program Files\DIGITAL LINE DETECT\ DLG.EXE
3/3/2010 10:42:14 AM iPodService Module (32-bit) File C:\Program Files\IPOD\BIN\ IPODSERVICE.EXE
3/3/2010 10:42:14 AM Windows® installer File C:\WINDOWS\system32\ MSIEXEC.EXE
3/3/2010 10:42:14 AM Kaspersky Anti-Virus File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ avp.exe
3/3/2010 10:42:14 AM Kaspersky Anti-Virus File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ avp.exe
3/3/2010 10:42:24 AM Microsoft(C) Register Server File C:\WINDOWS\system32\ REGSVR32.EXE
3/3/2010 10:42:25 AM Microsoft(C) Register Server File C:\WINDOWS\system32\ REGSVR32.EXE
3/3/2010 10:42:26 AM Kaspersky Anti-Virus GUI Windows part File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ BASEGUI.PPL
3/3/2010 10:42:33 AM Kaspersky Anti-Virus File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ avp.exe
3/3/2010 10:42:34 AM Kaspersky Anti-Virus GUI Windows part File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ BASEGUI.PPL
3/3/2010 10:46:02 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 10:46:03 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 10:47:06 AM Kaspersky Anti-Virus File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ avp.exe
3/3/2010 10:47:22 AM Task Scheduler Engine File C:\WINDOWS\system32\ SCHEDSVC.DLL
3/3/2010 10:47:22 AM Task Scheduler Engine File C:\WINDOWS\system32\ SCHEDSVC.DLL
3/3/2010 10:47:22 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 10:47:22 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 10:51:32 AM Windows® installer File C:\WINDOWS\system32\ MSIEXEC.EXE
3/3/2010 10:52:24 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 10:52:30 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 10:56:29 AM Message Center Plus File C:\Program Files\LENOVO\MESSAGE CENTER PLUS\ MESSAGECENTERPLUS.EXE
3/3/2010 10:57:25 AM WMI File C:\WINDOWS\system32\WBEM\ WMIPRVSE.EXE
3/3/2010 10:57:43 AM LTTCheck File C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPTOLTT_ROW\ LTTCHECK.EXE
3/3/2010 10:57:44 AM LTTCheck File C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPTOLTT_ROW\ LTTCHECK.EXE
3/3/2010 10:57:44 AM LTTCheck File C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\ LTTCheck.exe
3/3/2010 10:57:45 AM LTTCheck File C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT2\ LTTCheck.exe
3/3/2010 10:57:45 AM Message Center Plus File C:\Program Files\LENOVO\MESSAGE CENTER PLUS\ MESSAGECENTERPLUS.EXE
3/3/2010 10:58:28 AM Logon Screen Saver File C:\WINDOWS\system32\ logon.scr
3/3/2010 10:58:50 AM WMI File C:\WINDOWS\system32\WBEM\ WMIPRVSE.EXE
3/3/2010 11:04:34 AM Disk Defragmenter Module File C:\WINDOWS\system32\ DEFRAG.EXE
3/3/2010 11:04:37 AM Disk Defragmenter Module File C:\WINDOWS\system32\ DEFRAG.EXE
3/3/2010 11:16:56 AM Logon Screen Saver File C:\WINDOWS\system32\ logon.scr
3/3/2010 11:17:01 AM Task Scheduler Engine File C:\WINDOWS\system32\ SCHEDSVC.DLL
3/3/2010 11:17:09 AM Task Scheduler Engine File C:\WINDOWS\system32\ SCHEDSVC.DLL
3/3/2010 11:17:09 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 11:17:09 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 11:20:02 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 11:20:06 AM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 11:26:58 AM Logon Screen Saver File C:\WINDOWS\system32\ logon.scr
3/3/2010 12:50:21 PM Logon Screen Saver File C:\WINDOWS\system32\ logon.scr
3/3/2010 12:50:23 PM Task Scheduler Engine File C:\WINDOWS\system32\ SCHEDSVC.DLL
3/3/2010 12:50:24 PM Task Scheduler Engine File C:\WINDOWS\system32\ SCHEDSVC.DLL
3/3/2010 12:50:24 PM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 12:50:24 PM PWMIDTSK.EXE File C:\PROGRA~1\ThinkPad\UTILIT~1\ PWMIDTSK.EXE
3/3/2010 12:57:18 PM Kaspersky Anti-Virus File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ avp.exe
3/3/2010 12:59:34 PM Kaspersky Anti-Virus File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ avp.exe
3/3/2010 1:01:48 PM HijackThis File C:\Program Files\trend micro\hijackthis\ hijackthis.exe
3/3/2010 1:02:00 PM WMI File C:\WINDOWS\system32\WBEM\ WMIPRVSE.EXE
3/3/2010 1:02:10 PM Notepad File C:\WINDOWS\system32\ notepad.exe
3/3/2010 1:03:30 PM WMI File C:\WINDOWS\system32\WBEM\ WMIPRVSE.EXE
3/3/2010 1:03:49 PM Firefox File C:\Program Files\Mozilla Firefox\ FIREFOX.EXE
3/3/2010 1:03:57 PM Firefox File C:\Program Files\Mozilla Firefox\ FIREFOX.EXE
3/3/2010 1:03:58 PM Firefox File C:\Program Files\Mozilla Firefox\ FIREFOX.EXE
3/3/2010 1:04:01 PM Java(TM) Quick Starter binary File C:\Program Files\JAVA\JRE6\BIN\ jqsnotify.exe
3/3/2010 1:04:01 PM Java(TM) Quick Starter binary File C:\Program Files\JAVA\JRE6\BIN\ jqsnotify.exe
3/3/2010 1:04:03 PM WebToolBar component File C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ KLWTBLFS.EXE
Web Anti-Virus (events: 1)
3/3/2010 10:42:24 AM Task started Kaspersky Anti-Virus Subsystem Web Anti-Virus
Mail Anti-Virus (events: 1)
3/3/2010 10:42:14 AM Task started Kaspersky Anti-Virus Subsystem Mail Anti-Virus
File Anti-Virus (events: 5)
3/3/2010 11:04:07 AM Packed PE_Patch Generic Host Process for Win32 Services File C:\WINDOWS\system32\drivers\ pciidex.sys
3/3/2010 11:04:06 AM Packed PE_Patch Generic Host Process for Win32 Services File C:\WINDOWS\system32\drivers\ tdi.sys
3/3/2010 11:04:05 AM Packed PE_Patch Generic Host Process for Win32 Services File C:\WINDOWS\system32\drivers\ battc.sys
3/3/2010 10:42:31 AM Packed PE_Patch System File C:\WINDOWS\system32\drivers\ kmixer.sys
3/3/2010 10:42:14 AM Task started Kaspersky Anti-Virus Subsystem File Anti-Virus
My Protection (events: 2)
3/3/2010 10:42:24 AM Databases are obsolete Kaspersky Anti-Virus
3/3/2010 10:42:33 AM Your computer is protected Kaspersky Anti-Virus


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:09 PM, on 3/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2675067656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8929374187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 12406 bytes
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby melboy » March 3rd, 2010, 6:35 pm

brokenarrow_jeff wrote:Melboy:

I think I may have messed up a little ... now I have a Kaspersky 30 day free trial version loaded...


Errm... just a little. How did you mange that? Let me know whether you want to try kaspersky (Bare in mind it will require a paid subscription when your trial is up), or re-install your zone alarm or whether you would like me to give you some further recommendations.


At this point I'm not seeing too much by way of an active malware infection.


SystemLook

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :file
    C:\WINDOWS\system32\Drivers\pio_1149.sys
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Download SREng
  • Extract it to Desktop and double click SREngLdr.exe to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

    Image

  • In your case, it would be .scr
  • Close SREng now.



Fix HijackThis entries
  • Run HijackThis
  • Click on the do a system scan only button
  • Put a check beside all of the items listed below (if present):

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.

REBOOT


Re-run - RSIT (Random's System Information Tool)
You should still have this program on your desktop.

  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
    RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: spigot, very slow shutdown ... malware help needed

Unread postby brokenarrow_jeff » March 3rd, 2010, 10:58 pm

Melboy:

my zone alarm was expiring in 20 days ... I have used it for many years ... I don't have a problem paying for programs that really protect my computer ... so what programs do you think are the very best for anti-virus, firewall, anti-malware etc?

thanks again for your help ... is there a way to support the work of this site and people like you?



SystemLook: I know this program ... pio_1149.sys is a driver for a JTAG programmer that attaches to a USB port made by Corelis ... I rarely use the JTAG programmer on my laptop


SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:45 on 03/03/2010 by Jeff Rosenberg (Administrator - Elevation successful)

========== file ==========

C:\WINDOWS\system32\Drivers\pio_1149.sys - File found and opened.
MD5: A4D1C2192C2AE55348C96F1FC294C4FA
Created at 18:49 on 20/06/2008
Modified at 22:22 on 05/12/2006
Size: 32000 bytes
Attributes: --a---
FileDescription: PIO-1149.1/E Device Driver for WinNT/2K/XP
FileVersion: 1.08 built by: WinDDK
ProductVersion: 1.08
OriginalFilename: pio_1149.sys
InternalName: pio_1149.sys
ProductName: PIO-1149.1/E Boundary Scan Controller
CompanyName: Corelis Inc.
LegalCopyright: Copyright (C) Corelis Inc. 2002

-=End Of File=-

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jeff Rosenberg at 2010-03-03 17:55:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (39%) free of 91 GB
Total RAM: 1022 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:50 PM, on 3/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jeff Rosenberg\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff Rosenberg.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 2675067656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8929374187
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 12150 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-07-03 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2009-02-02 181536]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-03-23 120368]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2005-12-21 1996336]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"SBAMTray"=C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe [2010-01-04 685392]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-11-10 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2009-05-21 100104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-08 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
csspwntfy
psqlpwd
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInstrumentation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc75fcfc-005b-11de-bb62-0014a4d724f4}]
shell\AutoRun\command - E:\wubi.exe --cdmenu


======List of files/folders created in the last 1 months======

2010-03-03 13:23:29 ----D---- C:\Program Files\Common Files\Java
2010-03-03 10:40:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-03-03 10:40:04 ----D---- C:\Program Files\Kaspersky Lab
2010-03-03 10:27:41 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-03 05:52:51 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-02 18:06:48 ----D---- C:\Documents and Settings\Jeff Rosenberg\Application Data\Malwarebytes
2010-03-02 18:06:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-03-02 18:06:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-27 17:40:28 ----D---- C:\rsit
2010-02-27 17:38:39 ----D---- C:\Program Files\Trend Micro
2010-02-26 06:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-21 08:54:37 ----D---- C:\Documents and Settings\Jeff Rosenberg\Application Data\Auslogics
2010-02-21 07:23:19 ----A---- C:\Documents and Settings\Jeff Rosenberg\Application Data\netstat.bat
2010-02-19 22:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-19 22:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-19 22:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-19 22:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-19 22:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-19 22:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-19 22:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-19 22:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-19 22:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-11 09:26:19 ----D---- C:\Program Files\Common Files\Remote Control Software Common
2010-02-11 09:26:10 ----D---- C:\Program Files\Logitech
2010-02-11 09:25:12 ----D---- C:\Program Files\Common Files\Remote Control USB Driver

======List of files/folders modified in the last 1 months======

2010-03-03 17:55:50 ----D---- C:\WINDOWS\Prefetch
2010-03-03 17:55:16 ----RSHD---- C:\RRbackups
2010-03-03 17:54:22 ----D---- C:\WINDOWS\Temp
2010-03-03 17:50:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-03 17:50:38 ----A---- C:\Log.txt
2010-03-03 17:27:10 ----D---- C:\Program Files\Mozilla Thunderbird
2010-03-03 13:28:47 ----AD---- C:\WINDOWS
2010-03-03 13:24:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-03 13:23:29 ----SHD---- C:\WINDOWS\Installer
2010-03-03 13:23:29 ----D---- C:\Program Files\Common Files
2010-03-03 13:18:47 ----AD---- C:\WINDOWS\system32
2010-03-03 10:46:12 ----D---- C:\WINDOWS\system32\drivers
2010-03-03 10:42:13 ----SHD---- C:\System Volume Information
2010-03-03 10:41:56 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-03 10:41:00 ----HD---- C:\WINDOWS\inf
2010-03-03 10:40:04 ----RD---- C:\Program Files
2010-03-03 10:35:54 ----D---- C:\Program Files\CheckPoint
2010-03-03 05:51:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-03 05:48:50 ----D---- C:\Program Files\Java
2010-03-03 05:24:42 ----D---- C:\Program Files\Common Files\Adobe
2010-03-03 05:24:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-03-02 18:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-02 17:55:55 ----D---- C:\WINDOWS\WinSxS
2010-03-01 15:40:59 ----A---- C:\WINDOWS\TextEdit99SE.INI
2010-03-01 15:40:59 ----A---- C:\WINDOWS\AdvSch99SE.ini
2010-03-01 15:40:58 ----A---- C:\WINDOWS\ADVPCB99SE.INI
2010-03-01 15:40:57 ----A---- C:\WINDOWS\Client99SE.INI
2010-03-01 08:21:41 ----A---- C:\WINDOWS\ProHelp99SE.INI
2010-02-27 23:53:53 ----D---- C:\WINDOWS\Minidump
2010-02-26 12:25:28 ----D---- C:\Program Files\Mozilla Firefox
2010-02-26 06:28:22 ----A---- C:\WINDOWS\imsins.BAK
2010-02-26 06:28:17 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-26 06:28:15 ----D---- C:\WINDOWS\ie8updates
2010-02-26 06:27:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-23 22:51:55 ----A---- C:\WINDOWS\Netlist99SE.INI
2010-02-23 21:11:10 ----A---- C:\WINDOWS\AdvRoute.ini
2010-02-21 15:29:49 ----A---- C:\WINDOWS\CAMManager99SE.ini
2010-02-21 08:50:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-21 08:45:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-21 08:45:41 ----D---- C:\Program Files\Common Files\InstallShield
2010-02-19 22:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-17 10:31:54 ----D---- C:\temp
2010-02-11 09:25:51 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-03-03 315408]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-09 31846]
R1 sbaphd;sbaphd; C:\WINDOWS\system32\drivers\sbaphd.sys [2009-05-13 13360]
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 ds1410d;ds1410d; \??\C:\WINDOWS\system32\Drivers\ds1410d.sys []
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 EMPNT;EMPNT; C:\WINDOWS\system32\drivers\EMPNT.sys [2003-11-13 3360]
R2 giveio;giveio; C:\WINDOWS\system32\drivers\giveio.sys [2001-09-07 5161]
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PDNTGEI;Paradigm GEI PromICE Driver; C:\WINDOWS\system32\drivers\PDNTGEI.sys [1999-07-15 33952]
R2 PIO_1149;pio_1149; \??\C:\WINDOWS\system32\Drivers\pio_1149.sys []
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2009-08-10 13952]
R2 sbapifs;sbapifs; C:\WINDOWS\system32\drivers\sbapifs.sys [2009-08-10 69936]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp2;SMI Helper Driver (smihlp2); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-11-11 3301888]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-11-01 1342122]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-03-18 241296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2009-09-15 5977216]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-11 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-12-08 50832]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
S2 ADBVUSB;Analog Devices BV USB Driver (adbvusb.sys); C:\WINDOWS\System32\Drivers\ezusb.sys [2003-03-13 27507]
S2 EZUSB;Cypress ezusb; C:\WINDOWS\System32\Drivers\ezusb.sys [2003-03-13 27507]
S2 MCP_SPI;%MCP_SPI.SvcDesc%; C:\WINDOWS\System32\Drivers\MCP_SPI.sys [2006-04-04 11497]
S2 MCUSBICD2;Microchip MPLAB ICD 2 Firmware Client Driver (ICD2W2K.SYS); C:\WINDOWS\System32\Drivers\icd2w2k.sys [2004-03-22 12427]
S2 PICOPP;Pico Technology Ltd USB Driver (picopp.sys); C:\WINDOWS\System32\Drivers\picopp.sys [2007-03-01 86680]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-11-01 56648]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 empusb;empusb; C:\WINDOWS\system32\DRIVERS\empusb.sys [2005-05-16 11520]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-05-18 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-05-18 61067]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-06 192512]
S3 jlink;J-Link driver; C:\WINDOWS\System32\Drivers\jlink.sys [2007-03-05 14208]
S3 MaRdPnp;MaRdPnp; C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 NCBULK;MPLAB HS USB client driver; C:\WINDOWS\system32\drivers\RealICEBulk.sys [2007-04-05 12160]
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2007-02-27 1783936]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-11-26 2236544]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2002-05-22 15326]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-17 47360]
S3 PSoCUSB;Cypress PSoC Designer USB Driver; C:\WINDOWS\System32\Drivers\Cypress\FTRF\PSoCUSB.sys [2008-11-24 38144]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN; C:\WINDOWS\system32\DRIVERS\rcblan.sys [2007-01-24 39704]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SDDMI2;SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys []
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-06-28 42752]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 slabbus;Suunto Sports Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-05-11 55312]
S3 slabser;Suunto USB Serial Port Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-05-11 89808]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 umpusbxp;VCP Serial Port Driver; C:\WINDOWS\system32\DRIVERS\umpusbxp.sys [2004-11-01 76768]
S3 USA19H;USA19H; C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 727908]
S3 USA19H2KP;Keyspan USB Serial Port Driver; C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 44928]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBMotion;USBMotion.SYS - USB Motion Controller; C:\WINDOWS\System32\Drivers\USBMotion.sys [2007-07-27 19968]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MSP430 Application UART; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-03-23 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 BCSWAP;BCSWAP; C:\WINDOWS\system32\drivers\BCSWAP.sys [2007-09-13 91496]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-11-10 573440]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2005-11-01 258103]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2007-03-14 122880]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 858384]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-03-19 38176]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 473360]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-09-21 954368]
R2 SBAMSvc;CounterSpy Antispyware; C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2010-01-04 1012080]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2009-01-28 39976]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-12-21 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2005-12-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
brokenarrow_jeff
Regular Member
 
Posts: 17
Joined: February 21st, 2010, 4:20 pm

Re: spigot, very slow shutdown ... malware help needed

Unread postby melboy » March 4th, 2010, 3:12 pm

Hi jeff

my zone alarm was expiring in 20 days ... I have used it for many years ... I don't have a problem paying for programs that really protect my computer ... so what programs do you think are the very best for anti-virus, firewall, anti-malware etc?

I'll give you some recommendations when we're done.

thanks again for your help ... is there a way to support the work of this site and people like you?


Thank you - You can use the "Support us" link here or at the top of the page.



How are things running now?

Note: The instructions for MBAM are slightly different to the last time I had you run it.



MBR Rootkit Detector

Please download MBR.exe by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Start > Run. Copy and paste the contents of the codebox below into the run box (Do Not include Code:), then click OK :
Code: Select all
cmd /c \mbr.exe -t >log.txt&start log.txt

A log will be generated called Log.txt Post it in your next reply.



TFC

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.




Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select select Perform full scan, leave the default options as they are and then click Start Scan.
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware