Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE automatic popups + audio

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE automatic popups + audio

Unread postby pjso » July 8th, 2010, 5:36 am

Hello,

IE keeps popping up an ad window every 30 minutes or so. PC was clean a few days ago.
I don't use IE. IE is not visibly running, foreground or background, when these windows pop up. These are not pop-up ads being triggered by my surfing. I only use Firefox.
Some days ago I've installed pokerstars.com software, and after some time, windows started appearing with random ads.
Honestly, do not know if they are related.
The ad windows are well behaved - they only appear once, can be closed, and do not re-appear again for some considerable time. There are no multiple windows, annoying endless loops, or the like.
Another interesting thing is that the audio volume for Wave is constantly being reset to 0 (not mute-check-box-activated, just the value 0 and no sound). This is happening all the time.

I've ran Microsoft Security Essentials + Spybot and they couldn't find anything positive. They were both installed after the symptoms above started to appear.
During this night, I've noticed that there is audio being played - related to some ads, but there were no active windows of any kind open. Strange.

I wonder if you can give me a hand with this situation.

Hijack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:45, on 08-07-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Notebook Hardware Control\nhcservice.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Certificate Import] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF27445.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Serviço Google Update (gupdate1ca0ed083ccb0e) (gupdate1ca0ed083ccb0e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Program Files\Notebook Hardware Control\nhcservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7241 bytes


Uninstall Log
µTorrent
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Better File Rename 5.7
Broadcom 802.11 Wireless LAN Adapter
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon Utilities EOS Utility
Cartão de Cidadão
CCleaner
CDBurnerXP
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00)
Creative Live! Cam User's Guide
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
CutePDF Writer 2.7
DAEMON Tools Toolbar
e-Deklaracje Desktop
e-Deklaracje Desktop
Exact Audio Copy 0.99pb5
FLV Player 2.0 (build 25)
foobar2000 v0.9.6.8
FreecoNet Phone 2.7
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
GTK+ Runtime 2.14.7 rev a (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 1.00 A7
HP Integrated Module with Bluetooth wireless technology
ImgBurn
IrfanView (remove only)
IRS - Modelo 3 v1.0.12
Java(TM) 6 Update 15
K-Lite Mega Codec Pack 4.9.5
LowRateVoip
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Image Composite Editor
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2003 Proofing Tools
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Communicator 2007 R2
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME (2007)
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Microsoft XNA Framework Redistributable 3.1
Monkey's Audio
Mozilla Firefox (3.6.6)
Mp3tag v2.44
MSN
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MyVision USB DVB-T BDA Device
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia Software Updater
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
Notepad++
Notowania OnLine 3 BM Alior Bank
Nowe Gadu-Gadu
NSS (remove only)
NTFS Undelete v0.94
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
Opera 10.53
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Ovi Desktop Sync Engine
OviMPlatform
Paint.NET v3.5.4
PC Connectivity Solution
Picasa 3
Pidgin
PlayReady PC Runtime x86
Poedit
QT Lite 3.1.0
RegAlyzer
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
Skype Toolbars
Skype™ 4.2
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
TeraCopy 2.01
Texas Instruments PCIxx21/x515/xx12 drivers.
TomTom HOME 2.6.4.1641
TomTom HOME Visual Studio Merge Modules
Ultra Defragmenter
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Veetle TV 0.9.16
VLC media player 1.0.1
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
XPS Essentials Pack
XPS Essentials Pack 1.0
Zoiper
pjso
Active Member
 
Posts: 7
Joined: July 8th, 2010, 5:16 am
Advertisement
Register to Remove

Re: IE automatic popups + audio

Unread postby MWR 3 day Mod » July 11th, 2010, 10:54 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: IE automatic popups + audio

Unread postby turtledove » July 13th, 2010, 2:06 am

Hello pjso and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested* Do not install/uninstall anything unless requested
**Please be sure you have read Malware Removal Forum Guidelines and Rules especially P2P Policy
*If you can do the above all should go well.

*If you do not understand a step, please STOP and ASK before proceeding*

**All fixes are for this computer and the current issues on it. Please Do Not use these instructions on another issue or computer.**



Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Post
C:\RSIT\log.txt
C:\RSIT\info.txt
Are there any search redirects or slowness since this occurred? Add any specifics you can to describe issues.

Thank you,

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby pjso » July 13th, 2010, 4:10 am

Hello turtledove.

There are no search redirects nor slowness associated.
The only symptoms are indeed the random appearing of the iexplore.exe process, some IE popups with ads that sometimes contain audio, and the wave volume slider constantly being reset to 0 after a few minutes.

I've been running different spyware/malware scans and the tools cannot find anything.

Please find the requested logs:

log.txt
Code: Select all
\pLogfile of random's system information tool 1.08 (written by random/random)
Run by pjso at 2010-07-13 09:01:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 95 GB
Total RAM: 894 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:01:42, on 13-07-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Notebook Hardware Control\nhcservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\pjso\Desktop\RSIT.exe
C:\Program Files\trend micro\pjso.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Certificate Import] C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF27445.cfxxe" /c "C:\ComboFix\C.bat"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {23DC814C-C8AE-464D-993A-A55DEF80F86B} (NewLogin.ctlLogin) - http://timesheet.lionbridge.com/login/Login.CAB
O16 - DPF: {3A69525E-7CF7-446A-8C5F-9D734E751B8C} (Timesheet.ctlTS) - http://timesheet.lionbridge.com/Timesheet/Timesheet.CAB
O16 - DPF: {869918A4-D254-4CCB-AA52-7E8306AF937A} (xLogin.ctlLogin) - http://timesheet.lionbridge.com/twin.CAB
O16 - DPF: {94AFD35A-278C-4587-986A-83E405BD2D33} (Reports.ctlReports) - http://timesheet.lionbridge.com/Reports/reports.CAB
O16 - DPF: {BAD45452-F8D4-4DC2-B27E-AC738D096B3E} (AssignEmps.ctlAssign) - http://timesheet.lionbridge.com/AssignEmps/AssignEmps.CAB
O16 - DPF: {E14385A9-F2F1-41D0-BD5B-3043BC045FC5} (xToolbar.ctlToolbar) - http://timesheet.lionbridge.com/Toolbar/xToolbar.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Serviço Google Update (gupdate1ca0ed083ccb0e) (gupdate1ca0ed083ccb0e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Notebook Hardware Control Service - http://www.pbus-167.com - C:\Program Files\Notebook Hardware Control\nhcservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7467 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1220945662-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1220945662-1801674531-1003UA.job
C:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-27 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-12-01 344064]
"NotebookHardwareControl"=C:\Program Files\Notebook Hardware Control\nhc.exe [2007-05-04 2629632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
""= []
"Certificate Import"=C:\Program Files\Cartão de Cidadão\PtEidTrayApplet.exe [2010-05-14 595328]
"Communicator"=C:\Program Files\Microsoft Office Communicator\communicator.exe [2008-12-16 5160288]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"combofix"=C:\ComboFix\CF27445.cfxxe /c C:\ComboFix\C.bat []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"LowRateVoip"=C:\Program Files\LowRateVoip\LowRateVoip.exe [2010-01-14 9167160]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2010-06-05 322352]
"eyeBeam SIP Client"= []
""= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-11-27 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"Pidgin"=C:\Program Files\Pidgin\pidgin.exe [2010-05-31 48106]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe [2007-05-02 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-27 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-27 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-06-03 251240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=0xFFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LowRateVoip\LowRateVoip.exe"="C:\Program Files\LowRateVoip\LowRateVoip.exe:*:Enabled:LowRateVoip"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0"
"C:\Program Files\FreecoNet\FreecoNet\Ninja.exe"="C:\Program Files\FreecoNet\FreecoNet\Ninja.exe:*:Enabled:Ninja - X-Phone"
"C:\Program Files\Attractel\Zoiper\Zoiper.exe"="C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper"
"C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe"="C:\Program Files\Team MediaPortal\MediaPortal TV Server\TvService.exe:LocalSubNet:Enabled:MediaPortal TV Server"
"C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe"="C:\Program Files\Team MediaPortal\MediaPortal\MediaPortal.exe:LocalSubNet:Enabled:MediaPortal"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2"
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-13 09:01:19 ----D---- C:\rsit
2010-07-11 15:42:16 ----D---- C:\Program Files\JRE
2010-07-11 15:36:49 ----SHD---- C:\Config.Msi
2010-07-11 15:35:13 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-07-11 15:35:09 ----D---- C:\Program Files\Common Files\Java
2010-07-11 15:34:54 ----A---- C:\WINDOWS\system32\javaws.exe
2010-07-11 15:34:54 ----A---- C:\WINDOWS\system32\javaw.exe
2010-07-11 15:34:54 ----A---- C:\WINDOWS\system32\java.exe
2010-07-11 15:34:54 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-07-11 15:34:14 ----D---- C:\Program Files\Java
2010-07-11 12:44:15 ----D---- C:\Program Files\RadarSync
2010-07-08 23:37:05 ----D---- C:\Program Files\Airport Mania - First Flight
2010-07-08 09:22:10 ----D---- C:\Program Files\Trend Micro
2010-07-07 22:56:11 ----D---- C:\Program Files\Pidgin
2010-07-07 22:45:50 ----D---- C:\WINDOWS\Internet Logs
2010-07-07 22:42:58 ----D---- C:\Program Files\Cisco Systems
2010-07-07 12:53:34 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-07-07 12:53:29 ----D---- C:\Program Files\Common Files\DESIGNER
2010-07-07 12:52:50 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-07-07 12:42:24 ----D---- C:\Program Files\Microsoft Analysis Services
2010-07-07 12:36:46 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-07-05 22:56:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-05 22:56:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-05 22:48:52 ----D---- C:\Documents and Settings\pjso\Application Data\Safer Networking
2010-07-05 22:44:23 ----D---- C:\Program Files\Safer Networking
2010-07-05 00:20:32 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-07-05 00:07:22 ----D---- C:\Program Files\Microsoft Security Essentials
2010-07-04 12:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952011$
2010-07-01 23:09:50 ----D---- C:\Program Files\PokerStars
2010-06-30 11:46:50 ----D---- C:\WINDOWS\system32\pteidpp
2010-06-30 11:00:16 ----D---- C:\WINDOWS\ie8updates
2010-06-30 10:58:23 ----D---- C:\WINDOWS\WBEM
2010-06-30 10:56:09 ----HDC---- C:\WINDOWS\ie8
2010-06-20 00:49:41 ----ASH---- C:\hiberfil.sys
2010-06-20 00:49:39 ----ASH---- C:\pagefile.sys
2010-06-16 22:45:50 ----D---- C:\Documents and Settings\pjso\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2010-07-13 09:01:12 ----D---- C:\WINDOWS\Prefetch
2010-07-13 09:01:04 ----D---- C:\WINDOWS\temp
2010-07-13 09:00:55 ----D---- C:\Documents and Settings\pjso\Application Data\.purple
2010-07-13 09:00:01 ----D---- C:\Documents and Settings\pjso\Application Data\uTorrent
2010-07-13 08:26:54 ----D---- C:\Documents and Settings\pjso\Application Data\Skype
2010-07-12 15:13:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-12 13:59:10 ----SD---- C:\WINDOWS\Tasks
2010-07-11 19:14:42 ----D---- C:\WINDOWS\Microsoft.NET
2010-07-11 18:53:08 ----SD---- C:\Documents and Settings\pjso\Application Data\Microsoft
2010-07-11 17:22:48 ----D---- C:\Documents and Settings\pjso\Application Data\foobar2000
2010-07-11 15:47:20 ----SHD---- C:\WINDOWS\Installer
2010-07-11 15:45:19 ----RSD---- C:\WINDOWS\assembly
2010-07-11 15:42:55 ----RSD---- C:\WINDOWS\Fonts
2010-07-11 15:42:16 ----RD---- C:\Program Files
2010-07-11 15:42:11 ----D---- C:\Program Files\OpenOffice.org 3
2010-07-11 15:36:00 ----D---- C:\WINDOWS\system32
2010-07-11 15:35:09 ----D---- C:\Program Files\Common Files
2010-07-11 13:26:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-07-11 13:24:34 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-11 12:37:24 ----D---- C:\Documents and Settings\pjso\Application Data\skypePM
2010-07-08 23:39:51 ----D---- C:\WINDOWS
2010-07-08 22:45:02 ----D---- C:\Documents and Settings\pjso\Application Data\Mozilla
2010-07-08 10:22:10 ----D---- C:\WINDOWS\system32\drivers
2010-07-08 09:57:31 ----D---- C:\Qoobox
2010-07-07 22:45:08 ----HD---- C:\WINDOWS\inf
2010-07-07 13:04:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-07-07 13:03:17 ----D---- C:\WINDOWS\SHELLNEW
2010-07-07 12:56:46 ----D---- C:\WINDOWS\system32\config
2010-07-07 12:52:52 ----D---- C:\Program Files\Microsoft Office
2010-07-07 12:52:50 ----D---- C:\Program Files\Microsoft.NET
2010-07-05 22:30:44 ----HD---- C:\WINDOWS\PIF
2010-07-05 00:07:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-07-04 21:06:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-04 20:38:06 ----D---- C:\Program Files\CCleaner
2010-07-04 12:54:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-01 23:47:17 ----D---- C:\Program Files\Mozilla Firefox
2010-06-30 11:46:51 ----D---- C:\Program Files\Cartão de Cidadão
2010-06-30 11:24:15 ----D---- C:\Program Files\Microsoft
2010-06-30 11:08:19 ----D---- C:\WINDOWS\Help
2010-06-30 11:08:19 ----D---- C:\Program Files\Internet Explorer
2010-06-30 11:01:09 ----A---- C:\WINDOWS\imsins.BAK
2010-06-30 11:00:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-30 10:58:23 ----D---- C:\WINDOWS\system32\en-US
2010-06-30 10:58:11 ----D---- C:\WINDOWS\Media
2010-06-29 11:58:08 ----D---- C:\Program Files\NTFS Undelete
2010-06-21 09:52:19 ----D---- C:\Documents and Settings\pjso\Application Data\vlc
2010-06-19 23:04:58 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-15 10:42:20 ----D---- C:\Program Files\LowRateVoip

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-11-27 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-11-27 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-01 1412608]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-01 604928]
R3 BTKRNL;Enumerador de barramento Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-12 1342602]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-01 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-01 349312]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MBLAUDRV;Mobiola Audio Service; C:\WINDOWS\system32\drivers\BTCamAudioDrv.sys [2008-03-31 13312]
R3 MBLAUDRVOUT;Mobiola Audio Out Service; C:\WINDOWS\system32\drivers\BTCamAudioDrvOut.sys [2008-03-31 18304]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nhcDriverDevice;Notebook Hardware Control Driver; \??\C:\WINDOWS\system32\drivers\nhcDriver.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-11-27 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-11-27 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-11-27 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2006-07-06 168448]
S3 AWEAlloc;AWE Memory Allocation Driver; C:\WINDOWS\system32\DRIVERS\awealloc.sys []
S3 btaudio;Dispositivo de áudio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-12 401664]
S3 BTDriver;Driver de comunicação virtual Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-12 30363]
S3 BTWDNDIS;Driver de acesso à rede local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-12 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 catchme;catchme; \??\C:\DOCUME~1\pjso\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2009-08-10 89600]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\WINDOWS\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\WINDOWS\system32\DRIVERS\splitcam.sys []
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 ultradfg;ultradfg; C:\WINDOWS\System32\DRIVERS\ultradfg.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VF0470Vid;Live! Cam Notebook (VF0470); C:\WINDOWS\system32\DRIVERS\V0470Vid.sys [2007-05-09 146720]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-11-16 131984]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-07-15 721904]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-11-27 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-01 393216]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-12 258103]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-11 153376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service; C:\Program Files\Notebook Hardware Control\nhcservice.exe [2009-07-11 77824]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-11-27 14336]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 gupdate1ca0ed083ccb0e;Serviço Google Update (gupdate1ca0ed083ccb0e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-27 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-27 190448]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-04-27 611840]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-06-03 92008]

-----------------EOF-----------------


info.txt
Code: Select all
info.txt logfile of random's system information tool 1.08 2010-07-13 09:01:47

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Better File Rename 5.7-->"C:\Program Files\Better File Rename\unins000.exe"
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Canon EOS Kiss_N REBEL_XT 350D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} 
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.6.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Cartão de Cidadão-->MsiExec.exe /X{F4CA3BD0-FC66-4438-96AC-74275AB4C5A9}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\UIU32a.exe -U -ICPL309BA.INF
Creative Live! Cam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9  /remove
Creative Live! Cam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9  /remove
Creative Live! Cam Notebook (VF0470) Driver (1.03.01.00)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0470.uns -unsext NT -plugin V0470Pin.dll -pluginres CtCamPin.crl -langid 0x0409
Creative Live! Cam User's Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EDB7E6-D292-44BD-8CA6-A3E33C9D7750}\setup.exe" -l0x9  /remove
Creative Photo Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9  /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9  /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9  /remove
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
e-Deklaracje Desktop-->msiexec /qb /x {CDD46178-82E5-5D00-DBB7-F16B828F5325}
e-Deklaracje Desktop-->MsiExec.exe /I{CDD46178-82E5-5D00-DBB7-F16B828F5325}
Exact Audio Copy 0.99pb5-->C:\Program Files\Exact Audio Copy\uninst.exe
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
foobar2000 v0.9.6.8-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
FreecoNet Phone 2.7-->"C:\Program Files\FreecoNet\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\WINDOWS\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\WINDOWS\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Talk Plugin-->MsiExec.exe /I{26B878A8-5704-3B64-BDBC-4F0EACA38121}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP BatteryCheck 1.00 A7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9  -removeonly uninst
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IRS - Modelo 3 v1.0.12-->C:\Program Files\Declarações Electrónicas\Modelo3IRS\uninstall.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
K-Lite Mega Codec Pack 4.9.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LowRateVoip-->"C:\Program Files\LowRateVoip\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Image Composite Editor-->MsiExec.exe /I{78E804CC-A148-4C8F-AD46-0B476EFE34C2}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools-->MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2007 R2-->MsiExec.exe /X{928EE567-49F9-4082-A7B3-9BB82CD3C0FE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Outlook Web Access S/MIME (2007)-->MsiExec.exe /I{3C19B361-C9E5-4D9C-99AA-CF039CE7F96E}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.44-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
MyVision USB DVB-T BDA Device-->C:\WINDOWS\RTL\RTLunist.exe
Nokia Connectivity Cable Driver-->MsiExec.exe /I{1B9B5B3B-28E7-4E59-A80D-D670AA984514}
Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}
Nokia Ovi Suite-->C:\Documents and Settings\All Users\Application Data\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
Nokia Ovi Suite-->MsiExec.exe /X{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}
Nokia Software Updater-->MsiExec.exe /X{09C468CA-2940-466A-AAE8-DCC0C6E9323C}
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix-->C:\Program Files\Notebook Hardware Control\uninst.exe
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Notowania OnLine 3 BM Alior Bank-->"C:\Program Files\NOL3\Notowania OnLine 3 BM Alior Bank\unins000.exe"
Nowe Gadu-Gadu-->C:\Program Files\Nowe Gadu-Gadu\Uninstall.exe
NSS (remove only)-->C:\Program Files\NSS\uninstall.exe
NTFS Undelete v0.94-->"C:\Program Files\NTFS Undelete\unins000.exe"
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org 3.2-->MsiExec.exe /I{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
Opera 10.53-->MsiExec.exe /X{1F85CAAA-B786-4E5B-AADD-638856992EF3}
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
Ovi Desktop Sync Engine-->MsiExec.exe /X{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}
OviMPlatform-->MsiExec.exe /I{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}
Paint.NET v3.5.4-->MsiExec.exe /X{053B3DA8-91B5-4682-A130-715412A1A252}
PC Connectivity Solution-->MsiExec.exe /I{DCD22647-6D31-479D-8F97-16D0AA934D9E}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
Poedit-->"C:\Program Files\Poedit\unins000.exe"
QT Lite 3.1.0-->"C:\Program Files\QT Lite\unins000.exe"
RegAlyzer-->"C:\Program Files\Safer Networking\RegAlyzer\unins000.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartFTP Client 4.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 4.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /X{49F09453-8205-48CF-ADE6-29CE6B509669}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeraCopy 2.01-->"C:\Program Files\TeraCopy\unins000.exe"
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}\setup.exe -runfromtemp -l0x0409
TomTom HOME 2.6.4.1641-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Ultra Defragmenter-->"C:\WINDOWS\UltraDefrag\uninstall.exe"
Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XPS Essentials Pack 1.0-->%SystemRoot%\$NtUninstallXpsEP$\spuninst\spuninst.exe /u
XPS Essentials Pack-->MsiExec.exe /X{6A69D94E-C569-4154-9643-72E94D1DDFDA}
Zoiper-->"C:\Program Files\Attractel\Zoiper\uninstall.exe"

======Hosts File======

127.0.0.1 	mpa.one.microsoft.com

======Security center information======

AV: Microsoft Security Essentials
FW: Avira FireWall

======System event log======

Computer Name: COMPUTER_1
Event Code: 12
Message: The device 'HL-DT-ST DVDRAM GSA-4084N' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\3131373231363835443935392020202020202020) disappeared from the system without first being prepared for removal.

Record Number: 9018
Source Name: PlugPlayManager
Time Written: 20100502071920.000000+060
Event Type: error
User: 

Computer Name: COMPUTER_1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0014A5A2B45A.  The following
error occurred: 
An operation was attempted on something that is not a socket.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 9012
Source Name: Dhcp
Time Written: 20100502071248.000000+060
Event Type: warning
User: 

Computer Name: COMPUTER_1
Event Code: 15300
Message: MTP WPD Driver has failed to start. Error 0x8007001f.

Record Number: 9001
Source Name: WPDMTPDriver
Time Written: 20100501165427.000000+060
Event Type: error
User: 

Computer Name: COMPUTER_1
Event Code: 2511
Message: The server service was unable to recreate the share Ajlawju because the directory C:\Documents and Settings\pjso\Desktop\Ajlawju no longer exists.  Please run "net share Ajlawju /delete" to delete the share, or recreate the directory C:\Documents and Settings\pjso\Desktop\Ajlawju.

Record Number: 8968
Source Name: Server
Time Written: 20100501141257.000000+060
Event Type: warning
User: 

Computer Name: COMPUTER_1
Event Code: 15300
Message: MTP WPD Driver has failed to start. Error 0x8007001f.

Record Number: 8953
Source Name: WPDMTPDriver
Time Written: 20100501054447.000000+060
Event Type: error
User: 

=====Application event log=====

Computer Name: COMPUTER_1
Event Code: 3
Message: Communicator was unable to resolve the DNS hostname of the login server sipinternal.lionbridge.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipinternal.lionbridge.com because it could not be resolved.

Record Number: 7773
Source Name: Communicator
Time Written: 20100703165457.000000+060
Event Type: error
User: 

Computer Name: COMPUTER_1
Event Code: 1
Message: Communicator was unable to locate the login server.  No DNS SRV records exist for domain lionbridge.com, so Communicator was unable to login.



Resolution:

Please double-check the server name to make sure that it is typed correctly.  If it is correct, the network administrator will either need to use manual configuration to specify the login server's fully-qualified domain name (FQDN), or add DNS SRV records for the lionbridge.com domain in order to allow automatic client configuration.  The DNS SRV records _sipinternaltls._tcp.lionbridge.com, _sipinternal._tcp.lionbridge.com and/or _sip._tls.lionbridge.com may need to be configured if automatic configuration is desired.

Record Number: 7772
Source Name: Communicator
Time Written: 20100703165457.000000+060
Event Type: warning
User: 

Computer Name: COMPUTER_1
Event Code: 3
Message: Communicator was unable to resolve the DNS hostname of the login server sipexternal.lionbridge.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipexternal.lionbridge.com because it could not be resolved.

Record Number: 7771
Source Name: Communicator
Time Written: 20100703165427.000000+060
Event Type: error
User: 

Computer Name: COMPUTER_1
Event Code: 3
Message: Communicator was unable to resolve the DNS hostname of the login server sipexternal.lionbridge.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipexternal.lionbridge.com because it could not be resolved.

Record Number: 7770
Source Name: Communicator
Time Written: 20100703165427.000000+060
Event Type: error
User: 

Computer Name: COMPUTER_1
Event Code: 3
Message: Communicator was unable to resolve the DNS hostname of the login server sip.lionbridge.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full.  If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sip.lionbridge.com because it could not be resolved.

Record Number: 7769
Source Name: Communicator
Time Written: 20100703165427.000000+060
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QT Lite\QTSystem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
pjso
Active Member
 
Posts: 7
Joined: July 8th, 2010, 5:16 am

Re: IE automatic popups + audio

Unread postby turtledove » July 13th, 2010, 1:14 pm

Hi pjso,

Thank you for the logs. I will be back as soon as possible with any further steps.

Meanwhile, please do the following if not done already so we may continue:

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

µTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore.

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For a fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs. Please do so, and also uninstall these out of date programs, we will update them later:
Adobe Reader 9.1.3
Java(TM) 6 Update 15


These outdated versions leave your system open to vulnerabilities.

Please also delete the folder in Red:
C:\Program Files\uTorrent

Can you tell me how long you have had Combofix on your computer?
This program should only be used under advise of trained forum helpers. If used incorrectly, it can leave your system unbootable.

Note, it is not necessary to place your logs in the code box. If they need more than one post to fit, that is fine.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby pjso » July 13th, 2010, 1:45 pm

Hi Turtledove.

About utorrent it'll be done as soon as I get home.

Regarding combofix - it's been lying there for quite some months. More than 6, for sure.
pjso
Active Member
 
Posts: 7
Joined: July 8th, 2010, 5:16 am

Re: IE automatic popups + audio

Unread postby turtledove » July 13th, 2010, 2:04 pm

Hi pjso,

Thanks for the reply. I should have some additional steps tonight or by the morning for you.

Have a good evening :)

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby pjso » July 13th, 2010, 5:31 pm

Hello Turtledove,

The required steps are done.
uTorrent, Adobe Reader 9.1.3 and Java(TM) 6 Update 15 are currently uninstalled.

I've been wondering whether this issue can be caused by an exploited MBR ?
pjso
Active Member
 
Posts: 7
Joined: July 8th, 2010, 5:16 am

Re: IE automatic popups + audio

Unread postby turtledove » July 14th, 2010, 1:12 am

Hello pjso,

Thank you for the information. We will take a look to see if there is a problem regarding MBR.

Please copy or Print out these instructions for reference. Note, one log I request may take more than one reply. Please do not post it in code or quote box.

Step 1

Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
**Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Step 2

SysProt AntiRootkit
Please download SysProt.zip ... by swatkat. Save it to your desktop.
Alternate download sites include: Softpedia, MajorGeeks, BetaNews and FreewareGeeks
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
  1. Right click on SysProt.zip and select "Extract All"....
  2. Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."
  3. Click on the Browse...button, then click on Desktop, then click OK.
  4. Once done, check (tick) the Show extracted files box and click Finish.
  5. Open the SysProt folder... Double click Sysprot.exe to start the program.
  6. Click on the Log tab.
  7. In the Write to log box... check ALL items... then check Hidden Objects Only at the bottom of the window.
  8. Click the Create Log button... (After a few seconds a new window should appear.)
  9. Select Scan root drive only... then click the Start button, to begin scanning.
    When completed, a window appears indicating the scan finished & a log file was successfully created.
    The SysProt folder on your desktop, will contain the scan results file named "SysProtLog.txt".
  10. Please copy and paste the contents of SysProtLog.txt into your next reply.


Post
CKFiles.txt
SysProtLog.txt - *May take 2 or more replies*


Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby pjso » July 14th, 2010, 4:31 am

Hi,

After running the required tests,pl ease have a look on the logs.

ckfiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


SysProtLog.txt
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AAD3E000
Module End: AAD56000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B74000
Module End: F7B76000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2475
Remote Address: LM-IN-F18.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2474
Remote Address: LM-IN-F18.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2473
Remote Address: LM-IN-F18.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2465
Remote Address: LM-IN-F100.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2447
Remote Address: A92-122-127-8.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2446
Remote Address: WWW-CONNECT-10-01-SNC2.FACEBOOK.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2445
Remote Address: WWW-10-03-ASH2.FACEBOOK.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2432
Remote Address: LM-IN-F18.1E100.NET:HTTPS
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2430
Remote Address: LM-IN-F18.1E100.NET:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2413
Remote Address: LM-IN-F17.1E100.NET:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2143
Remote Address: HOST-85-27-2-133.BRUTELE.BE:43797
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:2072
Remote Address: 65.213.75.98:5061
Type: TCP
Process: C:\Program Files\Microsoft Office Communicator\communicator.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:1976
Remote Address: BY2MSG1020808.GATEWAY.EDGE.MESSENGER.LIVE.COM:1863
Type: TCP
Process: C:\Program Files\Pidgin\pidgin.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:1968
Remote Address: 91.214.237.54:8074
Type: TCP
Process: C:\Program Files\Pidgin\pidgin.exe
State: ESTABLISHED

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:NETBIOS-SSN
Remote Address: 172.17.3.117:49241
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:NETBIOS-SSN
Remote Address: 172.17.3.117:49240
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COMPUTER_1:3645
Remote Address: LOCALHOST:3644
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1:3644
Remote Address: LOCALHOST:3645
Type: TCP
Process: C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
State: ESTABLISHED

Local Address: COMPUTER_1:3644
Remote Address: LOCALHOST:2261
Type: TCP
Process: C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
State: ESTABLISHED

Local Address: COMPUTER_1:3644
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Documents and Settings\pjso\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
State: LISTENING

Local Address: COMPUTER_1:3551
Remote Address: LOCALHOST:3550
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1:3550
Remote Address: LOCALHOST:3551
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1:3547
Remote Address: LOCALHOST:3546
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1:3546
Remote Address: LOCALHOST:3547
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1:2261
Remote Address: LOCALHOST:3644
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMPUTER_1:1086
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: COMPUTER_1:59634
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: LISTENING

Local Address: COMPUTER_1:2565
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pidgin\pidgin.exe
State: LISTENING

Local Address: COMPUTER_1:2204
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pidgin\pidgin.exe
State: LISTENING

Local Address: COMPUTER_1:1977
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Pidgin\pidgin.exe
State: LISTENING

Local Address: COMPUTER_1:MS-SQL-S
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
State: LISTENING

Local Address: COMPUTER_1:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COMPUTER_1:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMPUTER_1:1984
Remote Address: NA
Type: UDP
Process: C:\Program Files\Pidgin\pidgin.exe
State: NA

Local Address: COMPUTER_1:1983
Remote Address: NA
Type: UDP
Process: C:\Program Files\Pidgin\pidgin.exe
State: NA

Local Address: COMPUTER_1:1980
Remote Address: NA
Type: UDP
Process: C:\Program Files\Pidgin\pidgin.exe
State: NA

Local Address: COMPUTER_1:1979
Remote Address: NA
Type: UDP
Process: C:\Program Files\Pidgin\pidgin.exe
State: NA

Local Address: COMPUTER_1:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMPUTER_1:1365
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft Office Communicator\communicator.exe
State: NA

Local Address: COMPUTER_1:1085
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: COMPUTER_1:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMPUTER_1:59634
Remote Address: NA
Type: UDP
Process: C:\Program Files\Skype\Phone\Skype.exe
State: NA

Local Address: COMPUTER_1:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COMPUTER_1:MS-SQL-M
Remote Address: NA
Type: UDP
Process: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
State: NA

Local Address: COMPUTER_1:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COMPUTER_1:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:

Object: C:\Program Files\Nowe Gadu-Gadu\skins\Siedem zyczen
Status: Hidden

Object: C:\Program Files\Nowe Gadu-Gadu\skins\Wielki Blekit
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{6E39D2E9-765C-46F5-833A-DCD163D6175E}
Status: Access denied
pjso
Active Member
 
Posts: 7
Joined: July 8th, 2010, 5:16 am

Re: IE automatic popups + audio

Unread postby turtledove » July 14th, 2010, 5:36 am

Hello pjso,

Thank you for the logs. Let's get a better look.

*Please copy or print these out, as you will have no internet during part of this fix*




Step 1

Please locate Combofix.exe - it should be on your desktop.
If so, please Right Click and delete it. Do NOT delete anything else. We need the current version, as it is updated quite frequently.

*Please use Add/Remove Programs and uninstall Spybot Search and Destroy for now, as it does interfere with the following Fix. We can install it once the machine is clear.

Step 2

ComboFix
Please download ImageComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
Alternate download sites: Mirror #2 or Mirror #3

Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.


The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

  1. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  2. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  3. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
  4. If not already installed... Press Yes to the "Install Recovery Console" prompt.
  5. Press Yes at the Recovery Console installation results prompt... Even if unsuccessful, have ComboFix continue the scan.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix will disconnect you from the Internet, may cause your desktop to disappear and also change your clock settings... this is normal, so don't worry. They will be restored when finished. The ComboFix window data will be changing with various "Stages"... completed. When finished the screen will show that a log is being created.
    ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
    When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
  6. Please copy/paste the contents of log.txt... in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **



Post
New Combofix log
How your computer is now running

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby turtledove » July 15th, 2010, 2:58 pm

Hello pjso,

Can you tell me if this Computer is used for business or only for personal use?
I ask due to this line in your logs:
COMPUTER_1.BEWLEYS HOTEL LEOPARDSTOWN

Please let me know which it is used for before completing the above instructions.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby pjso » July 15th, 2010, 4:04 pm

Hi Turtledove,

This is my private computer.
I'm currently on a business trip, so that's why the network id shows up like that.
pjso
Active Member
 
Posts: 7
Joined: July 8th, 2010, 5:16 am

Re: IE automatic popups + audio

Unread postby turtledove » July 16th, 2010, 9:51 pm

Hello pjso,

Please Note the following and read the included link.

Business Use Computer
Unfortunately, we cannot help remove malware from a computer, used for business purposes, even occasionally.
Many of these type systems may have specific modifications made..which could be removed or damaged by the tools we use. These altered systems may also hinder our tools, possibly reducing their effectiveness in removing the malware.
An extract taken from the Malware Removal's rules posted at the top of the Malware Removal forum:
Malware Removal Administration wrote:Computers used in a business environment often have policies and other modifications made to them. It is impossible for us to differentiate these from ones that have been made by an infection, so in removing what we think is an infection, we may compromise the business set up of your computer.

The scans we run often reveal information that most businesses would not want exposed in an open forum, and there are other legal constraints and ramifications involved with business machines that we are not equipped or trained to deal with.

We will close any topic where we believe the computer is one that is used in a business environment, irrespective of whether that business is a large company or a small one man enterprise.
For a corporate or multi-computer business:
I strongly advise that you contact your IT department. Make them aware of the problems you are having. If your computer is infected (possibly others as well), your IT department needs to be aware of this, so they can devise a plan to minimize any business impact.
For a single computer used for business purposes:
I would advise your contract an individual or firm to deal with any computer problems.

I'm sorry, that I am not able to offer you more assistance. Thank you, for your understanding in this matter.
I will now ask for this topic to be closed.

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: IE automatic popups + audio

Unread postby Elrond » July 17th, 2010, 2:56 pm

As attempting to remove malware from a business machine falls outside the scope of this forum, this topic is now closed.

We wish you the best of luck in resolving these issues.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware