Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sandbites's PC freezing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Sandbites's PC freezing

Unread postby alfa » April 25th, 2009, 7:06 am

My computer has something amiss.
1. It would often freeze for no reason at all; it ever used to for the past 2 years.
2. When it freezes only the mouse moves, the keyboard is stuck, i cant even go to the task manager even when i press CLTR+ALT+DEL.
3. Sometimes i would lkeave the PC on and it would have when i come back 15 or 30 mins later. This while no user program initiated is running.
4. 9 out of ten times it would not shut down, it would perpetually stay in the windows is shutting down screen with the circle turning and turning
5. Often it takes some time for the menu or a window to open

I'm running VISTA Ultimate on a Pentium Core2Duo 2 something Gig with 2 Gig ram and and NVDIA Video card. I run a SATA HDrive

===============================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:51 PM, on 4/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IexploreOmea - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - d:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &D&ownload &with BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://d:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://d:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8375 bytes
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm
Advertisement
Register to Remove

Re: Sandbites's PC freezing

Unread postby MWR 3 day Mod » April 30th, 2009, 2:38 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 2nd, 2009, 5:26 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi alfa and welcome to Malware Removal :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Next:

A question if I may, have these problems occurred since you upgraded to Internet Explorer v8.00 or not?

Peer to Peer Advice:

I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet

I'd like you to read the MRU policy for P2P Programs.

Now please go to Start >> Control Panel >> Programs and Features and remove the program listed above (in red).

To do so click once on BitComet >> Uninstall/Change >> follow the prompts.

Very Important!:

You appear to have no Anti-Virus software installed and running. There may be several reasons for this. Either you have disabled your antivirus or there's no antivirus installed. This is a very unsafe practice when accessing the internet and most likely the cause of your malware problems. If you have disabled it, please re-enable it. If you have no antivirus installed download just one only of the two free anti-virus programs listed below please:


Then Install >> Update >> Carry Out a Complete Scan. Have it fix anything it finds.

Next:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application.
  • Right click on RSIT.exe and select Run as Administrator to start RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms?
  • Answer to my IE8 query.
  • Both RSIT logs. <-- Post them individually please.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 3rd, 2009, 1:35 am

Hi,

Its been several days ince someone posted a reply-solution to my problems so i tried some programs which my friends suggested and ended up in same boat. Please take not that i did this before you posted your reply-solution.

In any case i'm making a new hijack this log and posting it below to give you an updated status of my PC. Please note that;
I have removed Bitcomet
I kept zonealar but only for the firewall and program control but disabled its anti-virus and spyware features.
I am now using AVG free anti-virus and spy ware program.
Thanks for the help here's my hijackthis updated log. AS of this log i havent treied any of the fixes you mentioned above to give you a clearer picture of my PC's state
-------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:59 PM, on 5/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8232 bytes
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 3rd, 2009, 5:33 am

Hi :)

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application.
  • Right click on RSIT.exe and select Run as Administrator to start RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms?
  • Both RSIT logs. <-- Post them individually please.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 3rd, 2009, 6:21 am

The computer still feels sluggish every now and then;

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by AJ at 2009-05-03 17:56:09
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 29 GB (39%) free of 76 GB
Total RAM: 2045 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:27 PM, on 5/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\Program Files\SEGA\Medieval II Total War\medieval2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AJ\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AJ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 8223 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732046994-1489633490-2608111576-1000.job
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
C:\Windows\tasks\Uniblue SpyEraser Nag.job
C:\Windows\tasks\Uniblue SpyEraser.job
C:\Windows\tasks\User_Feed_Synchronization-{15C5ECEF-0776-4B1D-827F-EE7AE1322E80}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-03 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Copernic Desktop Search - Home Toolbar - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll [2008-12-11 2305456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-02-03 258134]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-03 1947928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2008-12-12 1588224]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2008-12-12 1588224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-09-26 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840d89db-dc4c-11dd-9acd-000a94128362}]
shell\AutoRun\command - Q:\InstallSeagateManager.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-05-03 17:56:09 ----D---- C:\rsit
2009-05-03 10:20:19 ----HD---- C:\$AVG8.VAULT$
2009-05-03 09:59:38 ----A---- C:\Windows\system32\avgrsstx.dll
2009-05-03 09:59:15 ----D---- C:\ProgramData\avg8
2009-05-03 09:58:34 ----D---- C:\Program Files\AVG
2009-05-03 09:16:56 ----D---- C:\MGtools
2009-04-27 20:15:53 ----D---- C:\ProgramData\SecTaskMan
2009-04-25 18:58:07 ----D---- C:\Program Files\Trend Micro
2009-04-21 13:16:08 ----D---- C:\TMRBLog
2009-04-21 13:15:56 ----A---- C:\RootkitBuster.exe
2009-04-21 13:15:08 ----D---- C:\log
2009-04-21 12:49:32 ----A---- C:\ComboFix.txt
2009-04-21 12:34:47 ----D---- C:\Windows\temp
2009-04-21 12:29:50 ----A---- C:\Windows\zip.exe
2009-04-21 12:29:50 ----A---- C:\Windows\vFind.exe
2009-04-21 12:29:50 ----A---- C:\Windows\SWREG.exe
2009-04-21 12:29:50 ----A---- C:\Windows\grep.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWXCACLS.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWSC.exe
2009-04-21 12:29:49 ----A---- C:\Windows\sed.exe
2009-04-21 12:29:39 ----D---- C:\ComboFix
2009-04-21 12:29:39 ----A---- C:\Windows\system32\CF3468.exe
2009-04-21 12:28:13 ----A---- C:\Windows\system32\swsc.exe
2009-04-21 12:28:12 ----D---- C:\Qoobox
2009-04-21 07:26:10 ----D---- C:\Users\AJ\AppData\Roaming\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\ProgramData\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-21 07:23:07 ----A---- C:\MGtools.exe
2009-04-20 23:38:39 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-20 09:08:00 ----HDC---- C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-20 09:07:03 ----HDC---- C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-20 08:41:29 ----A---- C:\Windows\ntbtlog.txt
2009-04-19 22:33:15 ----A---- C:\Windows\system32\rpcss.dll
2009-04-19 22:33:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-19 22:33:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iashost.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasads.dll
2009-04-19 22:32:39 ----A---- C:\Windows\system32\winhttp.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\kernel32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\secur32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\apilogen.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\amxread.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-18 21:05:36 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-04-18 21:03:40 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-04-13 00:44:15 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 23:03:27 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\msls31.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieui.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\iernonce.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\icardie.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\corpol.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\admparse.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\webcheck.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\occache.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msrating.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\inseng.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\imgutil.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\iepeers.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\wextract.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\mstime.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\iesetup.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\ieakui.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\advpack.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\vbscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\url.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\jscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-12 23:03:21 ----A---- C:\Windows\system32\mshta.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iexpress.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\iertutil.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-12 23:03:19 ----A---- C:\Windows\system32\wininet.dll
2009-04-12 23:03:19 ----A---- C:\Windows\system32\urlmon.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\mshtml.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\ieframe.dll
2009-04-08 20:41:07 ----D---- C:\Users\AJ\AppData\Roaming\Bump Technologies, Inc
2009-04-07 09:17:47 ----D---- C:\Users\AJ\AppData\Roaming\Copernic
2009-03-30 14:28:50 ----D---- C:\Program Files\SonicWallES
2009-03-29 21:19:58 ----D---- C:\ProgramData\NCH Swift Sound
2009-03-29 21:19:57 ----D---- C:\Program Files\NCH Software
2009-03-29 21:19:52 ----D---- C:\Users\AJ\AppData\Roaming\NCH Swift Sound
2009-03-29 13:27:25 ----D---- C:\ProgramData\Google
2009-03-17 22:45:48 ----D---- C:\Users\AJ\AppData\Roaming\MailFrontier
2009-03-17 22:43:54 ----D---- C:\ProgramData\Kaspersky SDK
2009-03-14 10:42:20 ----A---- C:\Windows\system32\schannel.dll
2009-03-02 11:41:21 ----D---- C:\Program Files\Common Files\iZotope
2009-02-25 07:55:41 ----A---- C:\Windows\system32\wmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-25 07:55:39 ----A---- C:\Windows\system32\spwmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-14 07:09:41 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 07:09:37 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-04 08:21:25 ----A---- C:\Windows\system32\deploytk.dll

======List of files/folders modified in the last 3 months======

2009-05-03 17:54:09 ----D---- C:\Windows\Internet Logs
2009-05-03 13:42:07 ----D---- C:\Windows\System32
2009-05-03 13:42:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-03 13:24:45 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2009-05-03 13:24:45 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2009-05-03 13:24:09 ----A---- C:\Windows\system32\bscs.ini
2009-05-03 13:18:20 ----D---- C:\Windows\system32\drivers
2009-05-03 10:10:47 ----SHD---- C:\System Volume Information
2009-05-03 09:59:15 ----HD---- C:\ProgramData
2009-05-03 09:59:10 ----SHD---- C:\Windows\Installer
2009-05-03 09:59:10 ----D---- C:\Config.Msi
2009-05-03 09:58:36 ----D---- C:\Windows
2009-05-03 09:58:34 ----RD---- C:\Program Files
2009-05-03 09:23:44 ----D---- C:\Windows\winsxs
2009-05-03 00:43:06 ----A---- C:\rollback.ini
2009-05-01 20:10:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot2
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot
2009-05-01 10:07:02 ----D---- C:\Windows\Prefetch
2009-05-01 10:05:49 ----D---- C:\T
2009-05-01 00:10:43 ----D---- C:\Windows\system32\ZoneLabs
2009-04-29 06:59:56 ----A---- C:\Windows\NeroDigital.ini
2009-04-27 09:36:55 ----D---- C:\ProgramData\Media Center Programs
2009-04-25 22:54:10 ----D---- C:\Program Files\Java
2009-04-22 00:50:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-21 12:39:24 ----A---- C:\Windows\system.ini
2009-04-21 12:35:56 ----D---- C:\Windows\system32\config
2009-04-21 12:34:55 ----D---- C:\Windows\erdnt
2009-04-21 12:33:41 ----D---- C:\Windows\AppPatch
2009-04-21 12:33:39 ----D---- C:\Program Files\Common Files
2009-04-21 12:29:38 ----D---- C:\Windows\system32\en-US
2009-04-21 08:17:54 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2009-04-20 20:53:28 ----D---- C:\Windows\Debug
2009-04-20 09:45:20 ----SD---- C:\Users\AJ\AppData\Roaming\Microsoft
2009-04-20 09:41:26 ----D---- C:\Users\AJ\AppData\Roaming\Uniblue
2009-04-20 01:55:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-04-20 01:52:22 ----D---- C:\Windows\system32\LogFiles
2009-04-20 01:30:31 ----D---- C:\Windows\system32\wbem
2009-04-20 01:30:31 ----D---- C:\Program Files\Windows Mail
2009-04-20 01:30:29 ----D---- C:\Windows\system32\manifeststore
2009-04-20 01:29:24 ----D---- C:\Windows\inf
2009-04-19 11:43:21 ----D---- C:\Windows\Tasks
2009-04-19 11:43:21 ----D---- C:\Windows\system32\Tasks
2009-04-15 08:34:04 ----D---- C:\Program Files\Adobe
2009-04-13 00:44:26 ----D---- C:\Users\AJ\AppData\Roaming\Mozilla
2009-04-13 00:21:04 ----D---- C:\Windows\rescache
2009-04-12 23:06:51 ----D---- C:\Windows\system32\migration
2009-04-12 23:06:51 ----D---- C:\Windows\PolicyDefinitions
2009-04-12 23:06:51 ----D---- C:\Program Files\Internet Explorer
2009-04-12 22:41:09 ----RSD---- C:\Windows\Fonts
2009-04-08 23:40:03 ----D---- C:\Users\AJ\AppData\Roaming\FrostWire
2009-04-07 09:36:05 ----D---- C:\Program Files\Copernic Desktop Search - Home
2009-04-06 15:01:13 ----D---- C:\Users\AJ\AppData\Roaming\Adobe
2009-04-06 15:01:13 ----D---- C:\ProgramData\Adobe
2009-04-06 07:57:26 ----A---- C:\Windows\system32\mrt.exe
2009-03-31 19:20:50 ----A---- C:\Windows\zllsputility.exe
2009-03-31 19:20:42 ----A---- C:\Windows\system32\zpeng25.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcommdb.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcomm.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vsxml.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vswmi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsutil.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsregexp.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vspubapi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsmonapi.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsinit.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsdata.dll
2009-03-29 13:28:16 ----D---- C:\Users\AJ\AppData\Roaming\Google
2009-02-25 10:59:39 ----D---- C:\Program Files\Windows Media Player
2009-02-14 08:18:53 ----D---- C:\Windows\Microsoft.NET
2009-02-14 08:17:27 ----RSD---- C:\Windows\assembly
2009-02-14 07:12:04 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-05-03 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-03 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-03 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [2002-03-20 14165]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-03-31 293528]
R3 ASAPIW2k;ASAPIW2K; C:\Windows\system32\drivers\ASAPIW2k.sys [2004-03-11 11264]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-23 1761376]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2004-06-22 78976]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 a9xpr15i;a9xpr15i; C:\Windows\system32\drivers\a9xpr15i.sys []
S3 APLMp60;APLMp60 NDIS Protocol Driver; C:\Windows\system32\drivers\APLMp60.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2009-03-31 150544]
S3 TTIUSB;Mako DT3500 SmartCard Reader; C:\Windows\system32\DRIVERS\2800.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-03 298776]
R2 BlueSoleilCS;BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-02-03 1155180]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
R3 BsHelpCS;BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-31 69632]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-14 138680]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; D:\Nero 7\Nero BackItUp\NBService.exe [2006-11-11 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-05-03 17:56:30

======Uninstall list======

!e-library!-->"d:\Program Files\elibrary\unins000.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->D:\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archos MPG4 Translator V3.0.12-->D:\Program Files\Archos MP4SP\Uninstal.exe
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\Windows\system32\Attansic\L1\atcInst.dll,VisUninst C:\Windows\system32\Attansic\L1 x86 pci\ven_1969&dev_1048
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bluesoleil 5.0.5.178-->MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Btfx search 1.0-->"C:\Program Files\Mozilla Firefox\searchplugins\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ 3: Kane's Wrath-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"D:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Copernic Desktop Search - Home-->C:\Program Files\Copernic Desktop Search - Home\uninst.exe
Defraggler (remove only)-->"d:\Program Files\Defraggler\uninst.exe"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go-->MsiExec.exe /X{EADBD0C9-EBF8-49CA-81E6-E1CB72B182DE}
ʹÃüÕÙ»½4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{131C092B-4641-469B-A78D-46235C16BFBC}\setup.exe" -l0x804 -removeonly
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\VistaCodecPack\filters\unins000.exe"
FrostWire 4.17.0-->d:\Program Files\FrostWire\Uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mkv2vob-->MsiExec.exe /X{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NeoTrace Express 3.0-->C:\PROGRA~1\NEOTRA~1\UNWISE.EXE C:\PROGRA~1\NEOTRA~1\INSTALL.LOG
Nero 7 Ultra Edition-->MsiExec.exe /I{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia NSeries Application Installer 6.83.11-->msiexec /qn /x {82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Application Installer-->MsiExec.exe /I{82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Content Copier 6.83.11-->msiexec /qn /x {90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Content Copier-->MsiExec.exe /X{90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Music Manager 6.83.11-->msiexec /qn /x {CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries Music Manager-->MsiExec.exe /I{CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries One Touch Access 6.83.11-->msiexec /qn /x {89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia NSeries One Touch Access-->MsiExec.exe /I{89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia Nseries PC Suite-->MsiExec.exe /I{5A41F810-D0AF-4B50-8F11-C242C76F6D24}
Nokia NSeries System Utilities 6.83.11-->msiexec /qn /x {97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia NSeries System Utilities-->MsiExec.exe /X{97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_eng_us.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Nokia Photos-->MsiExec.exe /I{7EE94A24-188A-4D98-9018-37857701996E}
Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696}
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OtsDJ 1.15.004-->"C:\Windows\OTS_UI.EXE" "D:\\OtsLabs\OTSDJ.osi"
Pacemaker Editor-->MsiExec.exe /I{89F1F5CF-144F-466B-A939-1675B0022ADE}
Palm Outlook Conduits Updater-->MsiExec.exe /I{616A66CD-D36D-4E24-8B67-33AFDFF48061}
palmOne-->MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Picasa 3-->"d:\Program Files\Google\Picasa3\Uninstall.exe"
Pinnacle Hollywood FX 5
-->C:\Windows\unvise32.exe d:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle Hollywood FX for Studio-->C:\Windows\unvise32.exe d:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle Hollywood FX Pack0 - Extra FX-->C:\Windows\unvise32.exe C:\Windows\unhfxpack0.log
PrintFolder-->"d:\Program Files\PrintFolder\unins000.exe"
ProntoEdit-->C:\Windows\uninst.exe -f"d:\program files\DeIsL1.isu" -c"d:\program files\_ISREG32.DLL"
PSP Video 9 2.24-->d:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Registry Mechanic 7.0-->"d:\Program Files\Registry Mechanic\unins000.exe"
Replay AV 8-->C:\Windows\iun6002.exe "d:\Program Files\Replay AV 8\uninstall8.ini"
Rome - Total War(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Security Task Manager 1.7e-->d:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
Spybot - Search & Destroy-->"d:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Tom Clancy's Ghost Recon Advanced Warfighter® 2-->"C:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Rainbow Six Vegas-->C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
TuneXP 1.5-->C:\Windows\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Uniblue RegistryBooster 2009-->"C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\ProgramData\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Uniblue SpyEraser-->"d:\Program Files\Uniblue\SpyEraser\unins000.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Videora iPhone 3G Converter 4.03-->d:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Videora iPod Converter 2.19-->d:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VobSub v2.23 (Remove Only)-->"d:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"d:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
XviD MPEG4 Video Codec (remove only)-->"C:\Windows\system32\xvid-uninstall.exe"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus (disabled)
FW: ZoneAlarm Security Suite Firewall
AS: ZoneAlarm Security Suite Anti-Spyware (disabled)
AS: Spybot - Search and Destroy (disabled) (outdated)

======System event log======

Computer Name: Core2D
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Record Number: 467113
Source Name: Service Control Manager
Time Written: 20090503052343.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 467119
Source Name: Service Control Manager
Time Written: 20090503052405.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 467125
Source Name: Service Control Manager
Time Written: 20090503052551.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 225
Message: The application \Device\HarddiskVolume4\Windows\explorer.exe with process id 3656 stopped the removal or ejection for the device USB\VID_0781&PID_5408\00001770C9618A00.
Record Number: 467132
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20090503054201.037434-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Core2D
Event Code: 52
Message: The driver has detected that device \Device\Harddisk1\DR1 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.
Record Number: 467133
Source Name: disk
Time Written: 20090503063316.722000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Core2D
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 3203816
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090503042308.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 3203850
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090503052838.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 3203851
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090503052838.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 3203853
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090503054204.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 3203854
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090503054204.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Core2D
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 254496
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423144837.605204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: CORE2D$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x3c8
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 254497
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423144837.651204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CORE2D$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x3c8
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 254498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423144837.651204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 254499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423144837.651204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: CORE2D$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x3c8
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 254500
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423144837.684204-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\iZotope\Runtimes
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 3rd, 2009, 12:56 pm

Hi :)

I will be straight with your good self, the computer is a mess operating system and installed software application wise. However we should be able to rectify the situation so all is not doom and gloom. I will add you have received some very poor advice from your friends. What I have mentioned so far is not meant as a admonishment OK and please do not think so, all I will add is you have took the correct course of action seeking assistance even though you had to wait until a helper was available to assist.

Before we start:

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Anti-Virus Conflict Advise:

At present you have two Anti-Virus applications installed and active in system memory:

AVG Free 8.5
ZoneAlarm Security Suite <-- Even though you have disabled the Anti-virus component, I assure you it is still active in system memory.

This is far from ideal, a system conflict has occurred and this actually lessens overall online protection. Please uninstall one of them now, thank you.

ComboFix Advice:

I notice you have ran this very powerful application on your own. Not a wise move, if I may bring your attention to the below:
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper
I would like to see the log created however when you ran the aforementioned application.

It can be located at the root of the installed Hard-Drive here:- C:\ComboFix.txt

MSConfig Advice:

I see the System Configuration Utility has been used in the past to stop certain applications from starting upon a system reboot etc. This is never wise and there are far safer methods than this. However we will address that later and not a cause for concern for the time being OK.

Registry Cleaners:

RE: Registry Mechanic 7.0
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpyEraser


I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

My advice would be to uninstall all of the aforementioned but that is at your own discretion OK.

TuneXP 1.5 Advice:

Thsi application is not suited at all for Vista at all regardless what you may have read online. Also if used incorrectly it will cause major issues. As above my advice would be to uninstall the aforementioned but that is at your own discretion OK.

Next:

Please download Rooter.exe to your desktop.

  • Right click on Rooter.exe and select Run as Administrator to start the application.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt.
  • Post the contents of Rooter.txt in your next reply.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Right click once on RSIT.exe and select Run as Administrator to start the application.
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any problems encountered and or further symptoms?
  • Rooter Log.
  • ComboFix Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 3rd, 2009, 11:05 pm

At present you have two Anti-Virus applications installed and active in system memory:
AVG Free 8.5
ZoneAlarm Security Suite <-- Even though you have disabled the Anti-virus component, I assure you it is still active in system memory.
This is far from ideal, a system conflict has occurred and this actually lessens overall online protection. Please uninstall one of them now, thank you.
Uninstalled AVG

I see the System Configuration Utility has been used in the past to stop certain applications from starting upon a system reboot etc. This is never wise and there are far safer methods than this. However we will address that later and not a cause for concern for the time being OK.
I changed msconfig to Normal startup

Deleted the following

Registry Mechanic 7.0
Uniblue RegistryBooster 2009
Uniblue SpeedUpMyPC 2009
Uniblue SpyEraser[/b]
TuneXP 1.5 Advice
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 3rd, 2009, 11:52 pm

Rooter as of May 4

Microsoft Windows Vista Professional (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:76316 Mo/Free:1424 Mo)
D:\ [Fixed] - NTFS - (Total:238472 Mo/Free:2122 Mo)
E:\ [Fixed] - NTFS - (Total:49999 Mo/Free:948 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
K:\ [Removable] (Total:980 Mo/Free:31 Mo)
L:\ [Removable] (Total:0 Mo/Free:0 Mo)
M:\ [Removable] (Total:0 Mo/Free:0 Mo)
N:\ [Fixed] - NTFS - (Total:200937 Mo/Free:4061 Mo)
O:\ [Fixed] - NTFS - (Total:275999 Mo/Free:3481 Mo)

Mon 05/04/2009|11:06

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\rundll32.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- vsmon.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
--Locked-- ScanningProcess.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\taskeng.exe
--Locked-- ScanningProcess.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\WUDFHost.exe
---------- D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
---------- C:\Windows\System32\mobsync.exe
---------- D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
---------- C:\Windows\System32\rundll32.exe
--Locked-- zlclient.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Windows\RtHDVCpl.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
--Locked-- mantispm.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
---------- C:\Windows\servicing\TrustedInstaller.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/04/2009|11:41

----------------------\\ Scan completed at 11:41




==============================================================

RSIT as of May 4

Logfile of random's system information tool 1.06 (written by random/random)
Run by AJ at 2009-05-04 11:43:42
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 2045 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:11 AM, on 5/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\System32\mobsync.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\AJ\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\AJ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7892 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732046994-1489633490-2608111576-1000.job
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
C:\Windows\tasks\Uniblue SpyEraser Nag.job
C:\Windows\tasks\Uniblue SpyEraser.job
C:\Windows\tasks\User_Feed_Synchronization-{15C5ECEF-0776-4B1D-827F-EE7AE1322E80}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09628AAA-66AD-4FA2-82E2-698185B66463}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Copernic Desktop Search - Home Toolbar - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll [2008-12-11 2305456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-02-03 258134]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 813912]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2008-12-12 1588224]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-09-26 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840d89db-dc4c-11dd-9acd-000a94128362}]
shell\AutoRun\command - Q:\InstallSeagateManager.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-05-04 11:41:36 ----A---- C:\Rooter.txt
2009-05-04 11:06:24 ----D---- C:\Rooter$
2009-05-04 07:45:18 ----D---- C:\Windows\system32\ErrorLogs
2009-05-03 17:56:09 ----D---- C:\rsit
2009-05-03 09:58:34 ----D---- C:\Program Files\AVG
2009-05-03 09:16:56 ----D---- C:\MGtools
2009-04-27 20:15:53 ----D---- C:\ProgramData\SecTaskMan
2009-04-25 18:58:07 ----D---- C:\Program Files\Trend Micro
2009-04-21 13:16:08 ----D---- C:\TMRBLog
2009-04-21 13:15:56 ----A---- C:\RootkitBuster.exe
2009-04-21 13:15:08 ----D---- C:\log
2009-04-21 12:49:32 ----A---- C:\ComboFix.txt
2009-04-21 12:34:47 ----D---- C:\Windows\temp
2009-04-21 12:29:50 ----A---- C:\Windows\zip.exe
2009-04-21 12:29:50 ----A---- C:\Windows\vFind.exe
2009-04-21 12:29:50 ----A---- C:\Windows\SWREG.exe
2009-04-21 12:29:50 ----A---- C:\Windows\grep.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWXCACLS.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWSC.exe
2009-04-21 12:29:49 ----A---- C:\Windows\sed.exe
2009-04-21 12:29:39 ----D---- C:\ComboFix
2009-04-21 12:29:39 ----A---- C:\Windows\system32\CF3468.exe
2009-04-21 12:28:13 ----A---- C:\Windows\system32\swsc.exe
2009-04-21 12:28:12 ----D---- C:\Qoobox
2009-04-21 07:26:10 ----D---- C:\Users\AJ\AppData\Roaming\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\ProgramData\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-21 07:23:07 ----A---- C:\MGtools.exe
2009-04-20 23:38:39 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-20 08:41:29 ----A---- C:\Windows\ntbtlog.txt
2009-04-19 22:33:15 ----A---- C:\Windows\system32\rpcss.dll
2009-04-19 22:33:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-19 22:33:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iashost.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasads.dll
2009-04-19 22:32:39 ----A---- C:\Windows\system32\winhttp.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\kernel32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\secur32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\apilogen.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\amxread.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-18 21:05:36 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-04-18 21:03:40 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-04-13 00:44:15 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 23:03:27 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\msls31.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieui.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\iernonce.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\icardie.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\corpol.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\admparse.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\webcheck.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\occache.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msrating.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\inseng.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\imgutil.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\iepeers.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\wextract.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\mstime.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\iesetup.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\ieakui.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\advpack.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\vbscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\url.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\jscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-12 23:03:21 ----A---- C:\Windows\system32\mshta.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iexpress.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\iertutil.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-12 23:03:19 ----A---- C:\Windows\system32\wininet.dll
2009-04-12 23:03:19 ----A---- C:\Windows\system32\urlmon.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\mshtml.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\ieframe.dll
2009-04-08 20:41:07 ----D---- C:\Users\AJ\AppData\Roaming\Bump Technologies, Inc
2009-04-07 09:17:47 ----D---- C:\Users\AJ\AppData\Roaming\Copernic
2009-03-30 14:28:50 ----D---- C:\Program Files\SonicWallES
2009-03-29 21:19:58 ----D---- C:\ProgramData\NCH Swift Sound
2009-03-29 21:19:57 ----D---- C:\Program Files\NCH Software
2009-03-29 21:19:52 ----D---- C:\Users\AJ\AppData\Roaming\NCH Swift Sound
2009-03-29 13:27:25 ----D---- C:\ProgramData\Google
2009-03-17 22:45:48 ----D---- C:\Users\AJ\AppData\Roaming\MailFrontier
2009-03-17 22:43:54 ----D---- C:\ProgramData\Kaspersky SDK
2009-03-14 10:42:20 ----A---- C:\Windows\system32\schannel.dll
2009-03-02 11:41:21 ----D---- C:\Program Files\Common Files\iZotope
2009-02-25 07:55:41 ----A---- C:\Windows\system32\wmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-25 07:55:39 ----A---- C:\Windows\system32\spwmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-14 07:09:41 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 07:09:37 ----A---- C:\Windows\system32\psisdecd.dll

======List of files/folders modified in the last 3 months======

2009-05-04 11:42:44 ----D---- C:\Windows\Internet Logs
2009-05-04 11:02:27 ----D---- C:\Windows\System32
2009-05-04 11:02:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-04 10:58:22 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2009-05-04 10:58:22 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2009-05-04 10:58:21 ----A---- C:\Windows\system32\bscs.ini
2009-05-04 10:53:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-04 10:47:03 ----HD---- C:\ProgramData
2009-05-04 10:43:32 ----RD---- C:\Program Files
2009-05-04 10:42:41 ----SHD---- C:\Windows\Installer
2009-05-04 10:42:41 ----D---- C:\Config.Msi
2009-05-04 10:38:36 ----A---- C:\rollback.ini
2009-05-04 10:23:43 ----SHD---- C:\System Volume Information
2009-05-04 10:23:33 ----D---- C:\Windows\system32\drivers
2009-05-04 10:23:33 ----D---- C:\Windows
2009-05-03 09:23:44 ----D---- C:\Windows\winsxs
2009-05-01 20:10:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot2
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot
2009-05-01 10:07:02 ----D---- C:\Windows\Prefetch
2009-05-01 10:05:49 ----D---- C:\T
2009-05-01 00:10:43 ----D---- C:\Windows\system32\ZoneLabs
2009-04-29 06:59:56 ----A---- C:\Windows\NeroDigital.ini
2009-04-27 09:36:55 ----D---- C:\ProgramData\Media Center Programs
2009-04-25 22:54:10 ----D---- C:\Program Files\Java
2009-04-22 00:50:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-21 12:39:24 ----A---- C:\Windows\system.ini
2009-04-21 12:35:56 ----D---- C:\Windows\system32\config
2009-04-21 12:34:55 ----D---- C:\Windows\erdnt
2009-04-21 12:33:41 ----D---- C:\Windows\AppPatch
2009-04-21 12:33:39 ----D---- C:\Program Files\Common Files
2009-04-21 12:29:38 ----D---- C:\Windows\system32\en-US
2009-04-21 08:17:54 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2009-04-20 20:53:28 ----D---- C:\Windows\Debug
2009-04-20 09:45:20 ----SD---- C:\Users\AJ\AppData\Roaming\Microsoft
2009-04-20 09:41:26 ----D---- C:\Users\AJ\AppData\Roaming\Uniblue
2009-04-20 01:52:22 ----D---- C:\Windows\system32\LogFiles
2009-04-20 01:30:31 ----D---- C:\Windows\system32\wbem
2009-04-20 01:30:31 ----D---- C:\Program Files\Windows Mail
2009-04-20 01:30:29 ----D---- C:\Windows\system32\manifeststore
2009-04-20 01:29:24 ----D---- C:\Windows\inf
2009-04-19 11:43:21 ----D---- C:\Windows\Tasks
2009-04-19 11:43:21 ----D---- C:\Windows\system32\Tasks
2009-04-15 08:34:04 ----D---- C:\Program Files\Adobe
2009-04-13 00:44:26 ----D---- C:\Users\AJ\AppData\Roaming\Mozilla
2009-04-13 00:21:04 ----D---- C:\Windows\rescache
2009-04-12 23:06:51 ----D---- C:\Windows\system32\migration
2009-04-12 23:06:51 ----D---- C:\Windows\PolicyDefinitions
2009-04-12 23:06:51 ----D---- C:\Program Files\Internet Explorer
2009-04-12 22:41:09 ----RSD---- C:\Windows\Fonts
2009-04-08 23:40:03 ----D---- C:\Users\AJ\AppData\Roaming\FrostWire
2009-04-07 09:36:05 ----D---- C:\Program Files\Copernic Desktop Search - Home
2009-04-06 15:01:13 ----D---- C:\Users\AJ\AppData\Roaming\Adobe
2009-04-06 15:01:13 ----D---- C:\ProgramData\Adobe
2009-04-06 07:57:26 ----A---- C:\Windows\system32\mrt.exe
2009-03-31 19:20:50 ----A---- C:\Windows\zllsputility.exe
2009-03-31 19:20:42 ----A---- C:\Windows\system32\zpeng25.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcommdb.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcomm.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vsxml.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vswmi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsutil.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsregexp.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vspubapi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsmonapi.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsinit.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsdata.dll
2009-03-29 13:28:16 ----D---- C:\Users\AJ\AppData\Roaming\Google
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
2009-02-25 10:59:39 ----D---- C:\Program Files\Windows Media Player
2009-02-14 08:18:53 ----D---- C:\Windows\Microsoft.NET
2009-02-14 08:17:27 ----RSD---- C:\Windows\assembly
2009-02-14 07:12:04 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [2002-03-20 14165]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-03-31 293528]
R3 ASAPIW2k;ASAPIW2K; C:\Windows\system32\drivers\ASAPIW2k.sys [2004-03-11 11264]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-23 1761376]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2004-06-22 78976]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 APLMp60;APLMp60 NDIS Protocol Driver; C:\Windows\system32\drivers\APLMp60.sys []
S3 auejysfo;auejysfo; C:\Windows\system32\drivers\auejysfo.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2009-03-31 150544]
S3 TTIUSB;Mako DT3500 SmartCard Reader; C:\Windows\system32\DRIVERS\2800.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BlueSoleilCS;BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-02-03 1155180]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
R3 BsHelpCS;BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-31 69632]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-14 138680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; D:\Nero 7\Nero BackItUp\NBService.exe [2006-11-11 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------





======================================================

Combofix.txt


ComboFix 09-04-21.07 - AJ 04/21/2009 12:31.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2045.1000 [GMT 8:00]
Running from: c:\t\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w c:\users\AJ\AppData\Roaming\Malwarebytes
2009-04-20 23:26 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 23:26 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-20 23:26 . 2009-04-20 23:26 -------- d-----w c:\programdata\Malwarebytes
2009-04-20 23:23 . 2009-04-20 23:23 1340797 ----a-w C:\MGtools.exe
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\users\AJ\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 01:08 . 2009-04-20 01:41 -------- dc-h--w c:\users\All Users\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-20 01:08 . 2009-04-20 01:41 -------- dc-h--w c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-04-20 01:07 . 2009-04-20 01:45 -------- dc-h--w c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-20 01:07 . 2009-04-20 01:45 -------- dc-h--w c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-04-19 17:29 . 2009-04-19 17:29 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-04-19 14:33 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-19 14:33 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-19 14:33 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-19 14:33 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-19 14:33 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-19 14:33 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-19 14:33 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-19 14:33 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-19 14:33 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-19 14:33 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-19 14:32 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-19 14:32 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-19 14:32 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-19 14:32 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-19 14:32 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-19 14:32 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-19 14:32 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-08 12:41 . 2009-04-08 12:41 -------- d-----w c:\users\AJ\AppData\Local\Bump Technologies, Inc
2009-04-08 12:41 . 2009-04-08 12:41 -------- d-----w c:\users\AJ\AppData\Roaming\Bump Technologies, Inc
2009-04-07 01:17 . 2009-04-07 01:21 -------- d-----w c:\users\AJ\AppData\Roaming\Copernic
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\users\All Users\NCH Swift Sound
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\programdata\NCH Swift Sound
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\users\AJ\AppData\Roaming\NCH Swift Sound
2009-03-29 05:27 . 2009-03-29 05:27 -------- d-----w c:\users\All Users\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 04:39 . 2008-02-16 15:30 351221 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-04-21 04:36 . 2008-02-16 15:37 159446816 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 23:37 . 2009-04-20 23:26 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-20 23:19 . 2008-02-16 16:24 2538 ----a-w C:\rollback.ini
2009-04-20 23:14 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-20 23:14 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-20 23:11 . 2008-02-16 15:37 2065964 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 15:38 . 2009-04-20 15:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-20 15:37 . 2007-07-22 23:28 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-20 03:45 . 2009-04-20 03:47 8192 ----a-w c:\windows\Internet Logs\xDB45A7.tmp
2009-04-20 03:45 . 2009-04-20 03:47 3296768 ----a-w c:\windows\Internet Logs\xDB46D5.tmp
2009-04-20 03:42 . 2009-04-20 03:45 3296256 ----a-w c:\windows\Internet Logs\xDB9919.tmp
2009-04-20 03:42 . 2009-04-20 03:45 3052032 ----a-w c:\windows\Internet Logs\xDB8DED.tmp
2009-04-20 01:41 . 2008-04-04 16:24 -------- d-----w c:\users\AJ\AppData\Roaming\Uniblue
2009-04-20 00:39 . 2009-04-20 00:42 3269632 ----a-w c:\windows\Internet Logs\xDB1421.tmp
2009-04-20 00:39 . 2009-04-20 00:42 2652160 ----a-w c:\windows\Internet Logs\xDB251.tmp
2009-04-20 00:17 . 2007-06-19 15:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-19 17:55 . 2008-02-28 02:15 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-19 17:30 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-19 17:29 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstor.dat
2009-04-19 15:07 . 2007-06-19 06:45 1356 ----a-w c:\users\AJ\AppData\Local\d3d9caps.dat
2009-04-18 13:15 . 2009-04-18 13:05 -------- d-----w c:\program files\Microsoft IntelliPoint
2009-04-18 13:03 . 2009-04-18 13:03 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-04-12 16:26 . 2009-03-17 14:45 -------- d-----w c:\users\AJ\AppData\Roaming\MailFrontier
2009-04-12 14:54 . 2007-06-19 06:46 117136 ----a-w c:\users\AJ\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-08 15:40 . 2007-06-22 16:49 -------- d-----w c:\users\AJ\AppData\Roaming\FrostWire
2009-04-07 01:36 . 2008-10-12 03:43 -------- d-----w c:\program files\Copernic Desktop Search - Home
2009-03-31 11:22 . 2008-02-16 15:30 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-03-31 11:20 . 2008-02-16 15:31 72584 ----a-w c:\windows\zllsputility.exe
2009-03-31 11:20 . 2008-12-03 23:39 1221512 ----a-w c:\windows\System32\zpeng25.dll
2009-03-30 06:28 . 2009-03-30 06:28 -------- d-----w c:\program files\SonicWallES
2009-03-29 13:19 . 2009-03-29 13:19 -------- d-----w c:\program files\NCH Software
2009-03-25 13:35 . 2007-06-22 16:44 -------- d-----w c:\program files\Java
2009-03-19 15:03 . 2008-04-09 01:49 21777776 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-19 02:42 . 2009-03-19 02:42 1052 ----a-w C:\Sabine flash sample.html
2009-03-19 02:42 . 2009-03-19 02:42 14338250 ----a-w C:\Sabine flash sample.swf
2009-03-17 14:43 . 2009-03-17 14:43 -------- d-----w c:\programdata\Kaspersky SDK
2009-03-17 03:38 . 2009-04-19 14:32 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-16 13:27 . 2009-03-16 13:27 160065 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_16_21_27_05_small.dmp.zip
2009-03-15 23:58 . 2009-03-15 23:58 147735 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_03_16_01_00_15_small.dmp.zip
2009-03-08 21:19 . 2009-02-04 00:21 410984 ----a-w c:\windows\System32\deploytk.dll
2009-03-08 11:34 . 2009-04-12 15:03 914944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 . 2009-04-12 15:03 43008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 . 2009-04-12 15:03 18944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 . 2009-04-12 15:03 109056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 . 2009-04-12 15:03 109568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 . 2009-04-12 15:03 132608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 . 2009-04-12 15:03 107520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-04-12 15:03 107008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-04-12 15:03 103936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:33 . 2009-04-12 15:03 420352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:32 . 2009-04-12 15:03 72704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 . 2009-04-12 15:03 71680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 . 2009-04-12 15:03 66560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 . 2009-04-12 15:03 169472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 . 2009-04-12 15:03 34816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:31 . 2009-04-12 15:03 48128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 . 2009-04-12 15:03 45568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:22 . 2009-04-12 15:03 156160 ----a-w c:\windows\System32\msls31.dll
2009-03-02 03:41 . 2009-03-02 03:41 -------- d-----w c:\program files\Common Files\iZotope
2009-02-17 07:27 . 2009-02-17 07:27 143133 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_17_15_27_37_small.dmp.zip
2009-02-17 00:22 . 2007-09-17 01:39 185200 ---ha-w c:\windows\System32\mlfcache.dat
2009-02-09 03:10 . 2009-03-14 02:42 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-05 13:54 . 2009-02-05 13:54 147554 ----a-w c:\windows\Internet Logs\vsmon_2nd_2009_02_05_21_06_22_small.dmp.zip
2008-03-19 14:05 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
2008-09-13 17:35 . 2008-02-03 12:53 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-13 17:35 . 2008-02-03 12:53 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-13 17:35 . 2008-02-03 12:53 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2005-07-14 18:31 . 2006-05-24 16:37 27648 --sha-w c:\windows\System32\AVSredirect.dll
2008-03-17 01:55 . 2008-02-16 15:37 16515104 --sha-w c:\windows\System32\drivers\fidbox(104).dat
2008-03-31 07:44 . 2008-02-16 15:37 20238880 --sha-w c:\windows\System32\drivers\fidbox(162).dat
2008-01-09 11:29 . 2007-10-03 11:48 33417248 --sha-w c:\windows\System32\drivers\fidbox(43).dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2008-12-11 1588224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="d:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-02-03 258134]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-12-31 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9640D0FA-0C01-461C-98BF-1A34775E4CAB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{0ABEC93B-58CD-4D75-8F6C-F067ADB8F42E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E6A5B8CA-CEE9-433D-844D-79074CF13211}"= UDP:17516:BitComet 17516 TCP
"{FE9A00A6-1935-45F9-B9A1-05C2F6DCFA79}"= TCP:17516:BitComet 17516 UDP
"TCP Query User{40134235-C546-4AAF-B851-DDF3044A788F}d:\\program files\\bitcomet\\bitcomet.exe"= UDP:d:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{71FEB94F-C7AF-4AFF-B1C4-F184CE3D23C8}d:\\program files\\bitcomet\\bitcomet.exe"= TCP:d:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{326237F0-5324-4E36-A5BC-111F25FF0F7F}"= UDP:7947:BitComet 7947 TCP
"{9F080FC0-B448-4CF8-B718-F48546D4CB5F}"= TCP:7947:BitComet 7947 UDP
"{F8555FFE-862C-40DA-9C3C-565D33726D73}"= TCP:50000:Bitcomet
"{D8EA42A7-32E6-4F2E-AC11-C2F00518A452}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{B0C2087B-C02F-4D0B-B313-ED86542332F3}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{E1830443-338C-4248-9FA6-8C1DD33E4FAC}"= UDP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{CA364BC8-1DE1-4AED-9C98-B2489BC21EC5}"= TCP:c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"TCP Query User{16D36C18-0D3D-4C82-BC69-12FC6E0E1C70}d:\\program files\\thq\\company of heroes\\archive.exe"= Disabled:UDP:d:\program files\thq\company of heroes\archive.exe:Archive
"UDP Query User{558C4CC1-0037-4E43-B04A-F34A3C04B66B}d:\\program files\\thq\\company of heroes\\archive.exe"= Disabled:TCP:d:\program files\thq\company of heroes\archive.exe:Archive
"{BE627DCC-C039-4B8D-92F2-E928A5136308}"= UDP:e:\limewire\Programs\utorrent.exe:µTorrent
"{650EA54E-4C07-4414-A45F-E4DB609D85CB}"= TCP:e:\limewire\Programs\utorrent.exe:µTorrent
"{8E25D0B2-6CB7-4A4A-929A-4A2103B1D8C4}"= UDP:50000:BitComet 50000 TCP
"{A14CCE12-B986-4C7E-A0D1-ECEF5DFCC0AE}"= UDP:54000:utorrent TCP
"{C4162E86-015C-419E-ACCD-7894A334E5F5}"= TCP:54000:utorrent UDP
"{C1AEBEBB-8DF0-411B-9879-C7869C1497B6}"= UDP:3411:utorrent announce TCP
"{787D699D-1131-4AB0-A815-5AD231226AE0}"= TCP:3411:utorrent announce UDP
"TCP Query User{5C9CF629-BEE9-4F9B-8A7E-58428CC0BC0A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E29625E4-E361-409E-AAD7-E326F30F5139}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{9052CAA8-A374-44F1-9491-94DBB00C21FD}"= UDP:d:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{BECA662A-58ED-4576-8030-A4F3928025F5}"= TCP:d:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{5AF8CF2D-C38C-4484-8096-B1CF33EB0890}"= UDP:d:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{E6CDA4E1-7465-4F9C-B6C1-8B9A12F3CEC5}"= TCP:d:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{16A67228-F020-4DD3-884C-5A39418C0A08}"= UDP:d:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{E0CEA693-3AD8-42D1-BF9E-C4494C93C53D}"= TCP:d:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{089C9DDC-4AAD-485C-821D-97CC6C33486A}"= UDP:d:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{BCEE6952-43C2-4D7C-8FFD-4C0C97986816}"= TCP:d:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts
"{19623D13-E3FB-43B8-A40A-60AF29D6FAB2}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{08C7C422-ABE4-421B-9E36-69360922E9BE}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5567193A-8B60-4D63-8F48-80459965AB83}"= UDP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{3B4B3B69-8D5E-4651-8E14-37F874795DC7}"= TCP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{D4CAFF78-C9FE-4DDD-B375-F02199C11EEE}"= UDP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{5312DC4F-C8C7-4E54-B009-B749EB5D5785}"= TCP:d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{50B0E552-8804-445D-9A67-BABD89F06263}"= UDP:d:\program files\FrostWire\FrostWire.exe:FrostWire 4.13.1.7 BETA
"{10494D54-A319-475C-822B-387CC5D9F893}"= TCP:d:\program files\FrostWire\FrostWire.exe:FrostWire 4.13.1.7 BETA
"{15D8917E-A31F-48A8-98C5-3916A7B38C74}"= UDP:d:\program files\BitComet\BitComet.exe:BitComet
"{FBDFCA79-7FBF-4436-8CDA-5485098CD724}"= TCP:d:\program files\BitComet\BitComet.exe:BitComet
"{B662E17B-5EF8-4BE5-8D43-F484F07AC20E}"= UDP:d:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{86F08843-3E86-431B-AF6A-8C81EC1A46F2}"= TCP:d:\program files\BitComet\tools\CometBrowser.exe:BitComet Resource Browser
"{85CCA87B-FB48-44FA-B3D6-43CE8C19111D}"= UDP:d:\program files\Red Kawa\Video Converter\RKVideoConverter.exe:RKVideoConverter
"{34B0B01B-534D-48D3-8887-B130564C1B31}"= TCP:d:\program files\Red Kawa\Video Converter\RKVideoConverter.exe:RKVideoConverter
"{4130A2BE-2EC4-4DDC-ACD3-87240BF9531D}"= Disabled:UDP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{CCDD6DD2-50E3-435F-9312-F5E2C584863E}"= Disabled:TCP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{FF15E1E7-FFD5-4B41-834F-74B453CF735A}"= UDP:d:\program files\FrostWire\FrostWire.exe:LimeWire
"{BF63D725-B5CB-4ECE-947A-571AC3887ACD}"= TCP:d:\program files\FrostWire\FrostWire.exe:LimeWire
"{30B9EC7F-C165-4112-BE30-902F10D4D18D}"= TCP:6004|d:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{AD94A6DC-2CCC-4A2B-9E21-5C6DBDFB0083}"= UDP:d:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7E8B3818-50CA-4572-B17C-A2864206ACBC}"= TCP:d:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B448A258-A6E7-4BBF-B44D-3303B8D3C88C}"= UDP:d:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{52DD2B24-0E15-464D-BD0D-CA897E9FB1A3}"= TCP:d:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F05C4CBD-5048-4520-91E7-C057A1DF814F}"= Disabled:UDP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{8424A0C8-BCF2-4DB3-97DC-33091042963A}"= Disabled:TCP:d:\program files\Joost\xulrunner\tvprunner.exe:tvprunner
"{5723ED4E-6F6F-4656-BB73-A06EE3597F5B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B36E0907-C8B3-4CD4-B5A5-5EB3E66D9FED}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8062F432-45B8-4F0B-AEFC-8854BD70CC2B}"= UDP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{B0996092-5D78-4234-B5C3-C806333EFC46}"= TCP:d:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{53B4E093-645B-4074-A67F-E61477F993B3}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56538FA4-9D70-4171-96AC-940163A6459E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{09FB4633-BC88-4C2D-B6A4-8578070EEB55}"= UDP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service
"{DBA96475-6C07-48B1-B90C-49077B1DA808}"= TCP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

R2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
R3 APLMp60;APLMp60 NDIS Protocol Driver; [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 TTIUSB;Mako DT3500 SmartCard Reader; [x]
R4 Sibd_s;Sibd_s; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
S3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]


--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ca051c2-1221-11de-9446-806e6f6e6963}]
\shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840d89db-dc4c-11dd-9acd-000a94128362}]
\shell\AutoRun\command - Q:\InstallSeagateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-732046994-1489633490-2608111576-1000.job
- c:\users\AJ\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:18]

2009-03-30 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- d:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-19 01:14]

2009-04-19 c:\windows\Tasks\Uniblue SpyEraser.job
- d:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-19 01:14]

2009-04-20 c:\windows\Tasks\User_Feed_Synchronization-{15C5ECEF-0776-4B1D-827F-EE7AE1322E80}.job
- c:\windows\system32\msfeedssync.exe [2009-04-12 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - d:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\AJ\AppData\Roaming\Mozilla\Firefox\Profiles\ovdobw4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Copernic Desktop Search - Home\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\AJ\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 12:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{0b829ece-d929-4794-a07d-c28f26bf0721}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{0fb7fd7c-a749-4b38-a9b4-f746aabda0b7}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{17c05c8d-c233-402c-9c3c-ec1c28d8a13f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{55fe3bb5-e7aa-4887-ba90-c8ffbb61ffe6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{5c5db8ed-f396-47bb-ac62-ca50b25a8e5f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{6c699874-32a1-49a9-b308-f678e8eb0b24}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{933c838a-9330-45af-b15f-a47a19eb9423}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:08001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{975b6761-fa59-4ad3-9013-81d5ac85ef36}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{9776eb35-b93e-4ed2-9eb9-1a46c7d14e1e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d00030d
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{ac038f1b-9d62-41ef-8049-cc1cc4ddeea9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:1400030d
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{b244f70e-7153-4f04-ada6-e56b990e6851}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a001bfc
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{ddc05053-8bba-4c31-a814-3a289f327302}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000a94
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{ee7ca0e6-e377-4523-a2b3-257de88ade5c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\System\ControlSet060\Services\Tcpip6\Parameters\Interfaces\{f6ccf408-2bbc-4dd7-a621-3ebf33b11d0c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001bfc
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(172)
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\program files\Copernic Desktop Search - Home\DeskbandIntegration301000049.dll
c:\program files\Copernic Desktop Search - Home\SearchPlatform-s.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Copernic Desktop Search - Home\DesktopSearchSystem301000049.dll
d:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\ASUS\AASP\1.00.32\aaCenter.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\rundll32.exe
d:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
.
**************************************************************************
.
Completion time: 2009-04-21 12:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-21 04:49
ComboFix2.txt 2008-03-13 16:57

Pre-Run: 32,728,760,320 bytes free
Post-Run: 32,237,441,024 bytes free

410 --- E O F --- 2009-04-19 17:29
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 4th, 2009, 7:07 am

Hi :)

A marked improvement overall, we still have a fare few tasks to complete however both this time and next OK. Take your time there is no rush what so ever :thumbup:

If you have not done so make sure to enable all components of the installed ZoneAlarm Security Suite.

I apoligise I did not notice until now you have another P2P application installed, namely FrostWire 4.17.0. Please remove this per the forum policy, thank you.

Next:

A question for your good self if I may:

Have you set this yourself and or reorganize this entry: O4 - Global Startup: AutorunsDisabled?

Next:

Right click HiJackThis and select Run as Administrator to start the application. Then select the option Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file)
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

Now click on Fix Checked. Close HiJackThis. Then Reboot(restart) your computer.

Hard-Drive Advice:

The aforementioned could do with some maintenance, please read this topic pertaining:

What to do if your Computer is running slowly

Carry out all the advised for a Vista operating system before proceeding with the below OK.

Note: Do not reduce your System Restore Points and or install a Host File at this time OK.

Repair File Extensions:

Download SREng (System Repair Engineer 2.7.1.1261)

  • Extract it to Desktop and right click on SREng.exe and select Run as Administrator to run it.
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

    Image
  • In your case, it would be .JS
  • Close SREng now.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click on mbam-setup.exe and select Run as Administrator, follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
    • Launch Malwarebytes' Anti-Malware
    • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to Restart the computer, please do so immediately.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Click Start >> Run...(Or depress the Windows Key and R together)and copy and paste in the below from the qoute box
    "%userprofile%\desktop\rsit.exe" /info
  • You will receive Windows UAC prompt if it's turned on. Please allow it.
  • Please read through the disclaimer and click on Continue.
  • RSIT will start running. When done, 2 logs will be produced.
  • The first one, log.txt, will be maximized, the second one, info.txt, will be minimized.
  • Please post both logs in your next reply. 1 log per reply please.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Malwarebytes' Anti-Malware Log.
  • A new set of RSIT Logs. <-- Post them individually please.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 4th, 2009, 7:54 am

Hi!

Many thanks for your time.

So far;
1. The PC feels snappier
2. the menu items open a little faster then before
3. My sidebar has a CPU meter (dont know about its accuracy) but i dont see the CPU activity meter spiking, in an inactive mode, when i didnt press the button for a few mins the CPU seems to be just idling by not thrashing about.
4. The menus open when clicked, not as fast as when windows was first installed but definitely not as bad as the other day when you had to wait for half a second or more for Firefox to open or a menu item like My Computer to open an explorer window.

TIA
sandbites
---------------------------------------------------------
If you have not done so make sure to enable all components of the installed ZoneAlarm Security Suite. I've enabled all and updated the components

I apoligise I did not notice until now you have another P2P application installed, namely FrostWire 4.17.0. Please remove this per the forum policy, thank you. I've just removed frostwire

Have you set this yourself and or reorganize this entry: O4 - Global Startup: AutorunsDisabled?
I dont understand the question but if i may;
I did not sent up this program, i didnt touch anything; the only thing i did before i gave you the previous results (Rooter and RSIT) is I opened msconfig.exe and on Startup Selection I clicked normal startup
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 4th, 2009, 8:37 am

mbam log for May 4, 2009 2032hrs (+8 GMT)

It didnt find any errors
------------------------------------------------------------

Malwarebytes' Anti-Malware 1.36
Database version: 2072
Windows 6.0.6001 Service Pack 1

5/4/2009 8:32:22 PM
mbam-log-2009-05-04 (20-32-22).txt

Scan type: Quick Scan
Objects scanned: 75704
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 4th, 2009, 8:43 am

info.txt logfile of random's system information tool 1.06 2009-05-04 20:34:07

======Uninstall list======

!e-library!-->"d:\Program Files\elibrary\unins000.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->D:\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archos MPG4 Translator V3.0.12-->D:\Program Files\Archos MP4SP\Uninstal.exe
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\Windows\system32\Attansic\L1\atcInst.dll,VisUninst C:\Windows\system32\Attansic\L1 x86 pci\ven_1969&dev_1048
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bluesoleil 5.0.5.178-->MsiExec.exe /X{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Btfx search 1.0-->"C:\Program Files\Mozilla Firefox\searchplugins\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer™ 3: Kane's Wrath-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"D:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Copernic Desktop Search - Home-->C:\Program Files\Copernic Desktop Search - Home\uninst.exe
Defraggler (remove only)-->"d:\Program Files\Defraggler\uninst.exe"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go-->MsiExec.exe /X{EADBD0C9-EBF8-49CA-81E6-E1CB72B182DE}
ʹÃüÕÙ»½4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{131C092B-4641-469B-A78D-46235C16BFBC}\setup.exe" -l0x804 -removeonly
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\VistaCodecPack\filters\unins000.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mkv2vob-->MsiExec.exe /X{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NeoTrace Express 3.0-->C:\PROGRA~1\NEOTRA~1\UNWISE.EXE C:\PROGRA~1\NEOTRA~1\INSTALL.LOG
Nero 7 Ultra Edition-->MsiExec.exe /I{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia NSeries Application Installer 6.83.11-->msiexec /qn /x {82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Application Installer-->MsiExec.exe /I{82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Content Copier 6.83.11-->msiexec /qn /x {90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Content Copier-->MsiExec.exe /X{90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Music Manager 6.83.11-->msiexec /qn /x {CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries Music Manager-->MsiExec.exe /I{CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries One Touch Access 6.83.11-->msiexec /qn /x {89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia NSeries One Touch Access-->MsiExec.exe /I{89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia Nseries PC Suite-->MsiExec.exe /I{5A41F810-D0AF-4B50-8F11-C242C76F6D24}
Nokia NSeries System Utilities 6.83.11-->msiexec /qn /x {97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia NSeries System Utilities-->MsiExec.exe /X{97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_eng_us.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
Nokia Photos-->MsiExec.exe /I{7EE94A24-188A-4D98-9018-37857701996E}
Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696}
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OtsDJ 1.15.004-->"C:\Windows\OTS_UI.EXE" "D:\\OtsLabs\OTSDJ.osi"
Pacemaker Editor-->MsiExec.exe /I{89F1F5CF-144F-466B-A939-1675B0022ADE}
Palm Outlook Conduits Updater-->MsiExec.exe /I{616A66CD-D36D-4E24-8B67-33AFDFF48061}
palmOne-->MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Picasa 3-->"d:\Program Files\Google\Picasa3\Uninstall.exe"
Pinnacle Hollywood FX 5
-->C:\Windows\unvise32.exe d:\Program Files\Pinnacle\Hollywood FX 5\uninstal.log
Pinnacle Hollywood FX for Studio-->C:\Windows\unvise32.exe d:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle Hollywood FX Pack0 - Extra FX-->C:\Windows\unvise32.exe C:\Windows\unhfxpack0.log
PrintFolder-->"d:\Program Files\PrintFolder\unins000.exe"
ProntoEdit-->C:\Windows\uninst.exe -f"d:\program files\DeIsL1.isu" -c"d:\program files\_ISREG32.DLL"
PSP Video 9 2.24-->d:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Replay AV 8-->C:\Windows\iun6002.exe "d:\Program Files\Replay AV 8\uninstall8.ini"
Rome - Total War(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
Studio 9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x9 UNINSTALL
Tom Clancy's Ghost Recon Advanced Warfighter® 2-->"C:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\setup.exe" -runfromtemp -l0x0009 -removeonly
Tom Clancy's Rainbow Six Vegas-->C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Videora iPhone 3G Converter 4.03-->d:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Videora iPod Converter 2.19-->d:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
VobSub v2.23 (Remove Only)-->"d:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\pccs_bluetooth.inf_48f6f624\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinPatrol 2009-->d:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"d:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World in Conflict-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
XviD MPEG4 Video Codec (remove only)-->"C:\Windows\system32\xvid-uninstall.exe"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [2009-05-04]
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) [2009-05-04]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [2009-05-04]
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [2009-05-04]
O2 - BHO: (no name) - {09628AAA-66AD-4FA2-82E2-698185B66463} - (no file) [2009-05-04]

======Security center information======

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall
AS: ZoneAlarm Security Suite Anti-Spyware

======System event log======

Computer Name: CORE2D
Event Code: 1004
Message: The DHCP Client service is shutting down. The following error occurred :
Access is denied.
Record Number: 468253
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20090504122335.000000-000
Event Type: Warning
User:

Computer Name: Core2D
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 468256
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090504122341.560794-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL
Record Number: 468322
Source Name: Service Control Manager
Time Written: 20090504122421.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 468327
Source Name: Service Control Manager
Time Written: 20090504122421.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 468335
Source Name: Service Control Manager
Time Written: 20090504122614.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Core2D
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 3204198
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090504114545.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 3204230
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090504120246.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 3204231
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090504120246.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3012
Message: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Record Number: 3204264
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090504123016.000000-000
Event Type: Error
User:

Computer Name: Core2D
Event Code: 3011
Message: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Record Number: 3204265
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090504123016.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Core2D
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CORE2D$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x3c8
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 255038
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423145056.486204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 255039
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423145056.486204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: CORE2D$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x3c8
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 255040
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423145056.521204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: CORE2D$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x3c8
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 255041
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423145056.521204-000
Event Type: Audit Success
User:

Computer Name: Core2D
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 255042
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090423145056.521204-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\iZotope\Runtimes
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 4th, 2009, 8:44 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by AJ at 2009-05-04 20:33:56
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 30 GB (39%) free of 76 GB
Total RAM: 2045 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:04 PM, on 5/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\System32\mobsync.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\AJ\Desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\AJ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7362 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-732046994-1489633490-2608111576-1000.job
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
C:\Windows\tasks\Uniblue SpyEraser Nag.job
C:\Windows\tasks\Uniblue SpyEraser.job
C:\Windows\tasks\User_Feed_Synchronization-{15C5ECEF-0776-4B1D-827F-EE7AE1322E80}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Copernic Desktop Search - Home Toolbar - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll [2008-12-11 2305456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-02-03 258134]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-06 849280]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2008-12-12 1588224]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\Hotsync.exe [2004-06-09 471040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-09-26 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{840d89db-dc4c-11dd-9acd-000a94128362}]
shell\AutoRun\command - Q:\InstallSeagateManager.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 3 months======

2009-05-04 20:18:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-04 20:09:20 ----D---- C:\Users\AJ\AppData\Roaming\WinPatrol
2009-05-04 11:41:36 ----A---- C:\Rooter.txt
2009-05-04 11:06:24 ----D---- C:\Rooter$
2009-05-04 07:45:18 ----D---- C:\Windows\system32\ErrorLogs
2009-05-03 17:56:09 ----D---- C:\rsit
2009-05-03 09:58:34 ----D---- C:\Program Files\AVG
2009-05-03 09:16:56 ----D---- C:\MGtools
2009-04-27 20:15:53 ----D---- C:\ProgramData\SecTaskMan
2009-04-25 18:58:07 ----D---- C:\Program Files\Trend Micro
2009-04-21 13:16:08 ----D---- C:\TMRBLog
2009-04-21 13:15:56 ----A---- C:\RootkitBuster.exe
2009-04-21 13:15:08 ----D---- C:\log
2009-04-21 12:49:32 ----A---- C:\ComboFix.txt
2009-04-21 12:34:47 ----D---- C:\Windows\temp
2009-04-21 12:29:50 ----A---- C:\Windows\zip.exe
2009-04-21 12:29:50 ----A---- C:\Windows\vFind.exe
2009-04-21 12:29:50 ----A---- C:\Windows\SWREG.exe
2009-04-21 12:29:50 ----A---- C:\Windows\grep.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWXCACLS.exe
2009-04-21 12:29:49 ----A---- C:\Windows\SWSC.exe
2009-04-21 12:29:49 ----A---- C:\Windows\sed.exe
2009-04-21 12:29:39 ----D---- C:\ComboFix
2009-04-21 12:29:39 ----A---- C:\Windows\system32\CF3468.exe
2009-04-21 12:28:13 ----A---- C:\Windows\system32\swsc.exe
2009-04-21 12:28:12 ----D---- C:\Qoobox
2009-04-21 07:26:10 ----D---- C:\Users\AJ\AppData\Roaming\Malwarebytes
2009-04-21 07:26:02 ----D---- C:\ProgramData\Malwarebytes
2009-04-21 07:23:07 ----A---- C:\MGtools.exe
2009-04-20 23:38:39 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 23:38:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-20 08:41:29 ----A---- C:\Windows\ntbtlog.txt
2009-04-19 22:33:15 ----A---- C:\Windows\system32\rpcss.dll
2009-04-19 22:33:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-19 22:33:14 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iashost.exe
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-19 22:33:13 ----A---- C:\Windows\system32\iasads.dll
2009-04-19 22:32:39 ----A---- C:\Windows\system32\winhttp.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-19 22:32:34 ----A---- C:\Windows\system32\kernel32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\secur32.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\apilogen.dll
2009-04-19 22:32:33 ----A---- C:\Windows\system32\amxread.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-19 22:32:30 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-18 21:05:36 ----D---- C:\Program Files\Microsoft IntelliPoint
2009-04-18 21:03:40 ----D---- C:\Program Files\Microsoft IntelliType Pro
2009-04-13 00:44:15 ----D---- C:\Program Files\Mozilla Firefox
2009-04-12 23:03:27 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\msls31.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieui.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\iernonce.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\ieakeng.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\icardie.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\corpol.dll
2009-04-12 23:03:26 ----A---- C:\Windows\system32\admparse.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\webcheck.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\occache.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msrating.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\licmgr10.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\inseng.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\imgutil.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\iepeers.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-12 23:03:25 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\wextract.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\mstime.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeedssync.exe
2009-04-12 23:03:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\iesetup.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\ieakui.dll
2009-04-12 23:03:24 ----A---- C:\Windows\system32\advpack.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\vbscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\url.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\jscript.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-12 23:03:23 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-12 23:03:21 ----A---- C:\Windows\system32\mshta.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iexpress.exe
2009-04-12 23:03:21 ----A---- C:\Windows\system32\iesysprep.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-12 23:03:20 ----A---- C:\Windows\system32\iertutil.dll
2009-04-12 23:03:20 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-12 23:03:19 ----A---- C:\Windows\system32\wininet.dll
2009-04-12 23:03:19 ----A---- C:\Windows\system32\urlmon.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\mshtml.dll
2009-04-12 23:03:18 ----A---- C:\Windows\system32\ieframe.dll
2009-04-08 20:41:07 ----D---- C:\Users\AJ\AppData\Roaming\Bump Technologies, Inc
2009-04-07 09:17:47 ----D---- C:\Users\AJ\AppData\Roaming\Copernic
2009-03-30 14:28:50 ----D---- C:\Program Files\SonicWallES
2009-03-29 21:19:58 ----D---- C:\ProgramData\NCH Swift Sound
2009-03-29 21:19:57 ----D---- C:\Program Files\NCH Software
2009-03-29 21:19:52 ----D---- C:\Users\AJ\AppData\Roaming\NCH Swift Sound
2009-03-29 13:27:25 ----D---- C:\ProgramData\Google
2009-03-17 22:45:48 ----D---- C:\Users\AJ\AppData\Roaming\MailFrontier
2009-03-17 22:43:54 ----D---- C:\ProgramData\Kaspersky SDK
2009-03-14 10:42:20 ----A---- C:\Windows\system32\schannel.dll
2009-03-02 11:41:21 ----D---- C:\Program Files\Common Files\iZotope
2009-02-25 07:55:41 ----A---- C:\Windows\system32\wmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-25 07:55:39 ----A---- C:\Windows\system32\spwmp.dll
2009-02-25 07:55:39 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-14 07:09:41 ----A---- C:\Windows\system32\EncDec.dll
2009-02-14 07:09:37 ----A---- C:\Windows\system32\psisdecd.dll

======List of files/folders modified in the last 3 months======

2009-05-04 20:33:09 ----D---- C:\Windows\Internet Logs
2009-05-04 20:30:20 ----D---- C:\Windows\System32
2009-05-04 20:30:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-04 20:24:24 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2009-05-04 20:24:23 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2009-05-04 20:24:23 ----A---- C:\Windows\system32\bscs.ini
2009-05-04 20:18:26 ----SHD---- C:\System Volume Information
2009-05-04 20:18:04 ----D---- C:\Windows\system32\drivers
2009-05-04 20:18:00 ----RD---- C:\Program Files
2009-05-04 20:08:27 ----D---- C:\T
2009-05-04 18:48:09 ----A---- C:\rollback.ini
2009-05-04 10:53:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-04 10:47:03 ----HD---- C:\ProgramData
2009-05-04 10:42:41 ----SHD---- C:\Windows\Installer
2009-05-04 10:42:41 ----D---- C:\Config.Msi
2009-05-04 10:23:33 ----D---- C:\Windows
2009-05-03 09:23:44 ----D---- C:\Windows\winsxs
2009-05-01 20:10:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot2
2009-05-01 19:58:57 ----D---- C:\Windows\system32\catroot
2009-05-01 10:07:02 ----D---- C:\Windows\Prefetch
2009-05-01 00:10:43 ----D---- C:\Windows\system32\ZoneLabs
2009-04-29 06:59:56 ----A---- C:\Windows\NeroDigital.ini
2009-04-27 09:36:55 ----D---- C:\ProgramData\Media Center Programs
2009-04-25 22:54:10 ----D---- C:\Program Files\Java
2009-04-22 00:50:57 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-21 12:39:24 ----A---- C:\Windows\system.ini
2009-04-21 12:35:56 ----D---- C:\Windows\system32\config
2009-04-21 12:34:55 ----D---- C:\Windows\erdnt
2009-04-21 12:33:41 ----D---- C:\Windows\AppPatch
2009-04-21 12:33:39 ----D---- C:\Program Files\Common Files
2009-04-21 12:29:38 ----D---- C:\Windows\system32\en-US
2009-04-21 08:17:54 ----A---- C:\Windows\system32\REMOTEDEVICE.INI
2009-04-20 20:53:28 ----D---- C:\Windows\Debug
2009-04-20 09:45:20 ----SD---- C:\Users\AJ\AppData\Roaming\Microsoft
2009-04-20 09:41:26 ----D---- C:\Users\AJ\AppData\Roaming\Uniblue
2009-04-20 01:52:22 ----D---- C:\Windows\system32\LogFiles
2009-04-20 01:30:31 ----D---- C:\Windows\system32\wbem
2009-04-20 01:30:31 ----D---- C:\Program Files\Windows Mail
2009-04-20 01:30:29 ----D---- C:\Windows\system32\manifeststore
2009-04-20 01:29:24 ----D---- C:\Windows\inf
2009-04-19 11:43:21 ----D---- C:\Windows\Tasks
2009-04-19 11:43:21 ----D---- C:\Windows\system32\Tasks
2009-04-15 08:34:04 ----D---- C:\Program Files\Adobe
2009-04-13 00:44:26 ----D---- C:\Users\AJ\AppData\Roaming\Mozilla
2009-04-13 00:21:04 ----D---- C:\Windows\rescache
2009-04-12 23:06:51 ----D---- C:\Windows\system32\migration
2009-04-12 23:06:51 ----D---- C:\Windows\PolicyDefinitions
2009-04-12 23:06:51 ----D---- C:\Program Files\Internet Explorer
2009-04-12 22:41:09 ----RSD---- C:\Windows\Fonts
2009-04-08 23:40:03 ----D---- C:\Users\AJ\AppData\Roaming\FrostWire
2009-04-07 09:36:05 ----D---- C:\Program Files\Copernic Desktop Search - Home
2009-04-06 15:01:13 ----D---- C:\Users\AJ\AppData\Roaming\Adobe
2009-04-06 15:01:13 ----D---- C:\ProgramData\Adobe
2009-04-06 07:57:26 ----A---- C:\Windows\system32\mrt.exe
2009-03-31 19:20:50 ----A---- C:\Windows\zllsputility.exe
2009-03-31 19:20:42 ----A---- C:\Windows\system32\zpeng25.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcommdb.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\zlcomm.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vsxml.dll
2009-03-31 19:20:38 ----A---- C:\Windows\system32\vswmi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsutil.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsregexp.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vspubapi.dll
2009-03-31 19:20:36 ----A---- C:\Windows\system32\vsmonapi.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsinit.dll
2009-03-31 19:20:34 ----A---- C:\Windows\system32\vsdata.dll
2009-03-29 13:28:16 ----D---- C:\Users\AJ\AppData\Roaming\Google
2009-03-09 05:19:08 ----A---- C:\Windows\system32\deploytk.dll
2009-02-25 10:59:39 ----D---- C:\Program Files\Windows Media Player
2009-02-14 08:18:53 ----D---- C:\Windows\Microsoft.NET
2009-02-14 08:17:27 ----RSD---- C:\Windows\assembly
2009-02-14 07:12:04 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 PCLEPCI;PCLEPCI; \??\C:\Windows\system32\drivers\pclepci.sys [2002-03-20 14165]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-03-31 293528]
R3 ASAPIW2k;ASAPIW2K; C:\Windows\system32\drivers\ASAPIW2k.sys [2004-03-11 11264]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2008-11-12 46592]
R3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2007-06-24 38920]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-23 1761376]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2004-06-22 78976]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2007-03-05 34448]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2007-03-05 44304]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S3 ab9b2u5w;ab9b2u5w; C:\Windows\system32\drivers\ab9b2u5w.sys []
S3 APLMp60;APLMp60 NDIS Protocol Driver; C:\Windows\system32\drivers\APLMp60.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2007-06-24 34312]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
S3 TSP;TSP; \??\C:\Windows\system32\drivers\klif.sys [2009-03-31 150544]
S3 TTIUSB;Mako DT3500 SmartCard Reader; C:\Windows\system32\DRIVERS\2800.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 BlueSoleilCS;BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-02-03 1155180]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
R3 BsHelpCS;BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 57447]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-12-31 69632]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-14 138680]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NBService;NBService; D:\Nero 7\Nero BackItUp\NBService.exe [2006-11-11 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 4th, 2009, 9:17 am

Hi!

Many thanks, i'm happy to report that the PC feels snappier, the right click menus open quite fast, even the Firefox windows scroll a little bit faster than usual. It hasnt hanged (or is it hung) since our second fix except when i first ran malware byte. As previously ill advised, i renamed the mabam.exe to mb.exe and the scan went through as directed.

Again many thanks for the time you've spent with me and my computer woes.

sandbites
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware