Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NT Authority\System Error Message: Remote Procedure Call (RP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby fjorn » February 9th, 2010, 1:48 am

Image

Running Windows XP Pro SP3

I keep randomly getting this error.
So far I've run many Malwarebytes scans, Spybot Search and Destroy scans and iolo Anti Virus scans(I know it's not the best but other seem to clash with my System Mechanic because it's set to work with the iolo one) which all turn up nothing.

I found some information from 2003 that would lead me to believe that what I have is like the W32.Blaster.Worm documented back then, but after running symantec's specific tool to get rid of Blaster I ended up finding nothing again.

This has been bugging me for a few weeks now while I tried to find out what was going on when I had the free time to run these long scans. At the same time my services.exe and one of my svchost.exe files are always running at about 10% of my CPU each and it definitely seems related to the NT AUTHORITY RPC errors I'm getting now.


Help with this will be extremely appreciated.


Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:23 AM, on 09/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional\delay.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desktop Monitor Web Server (DMWebSrv) - Unknown owner - C:\SyAM\jetty\DMWebSrv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Desktop Monitor Agent (SMAgent) - SyAM Software, Inc. - C:\SyAM\system_monitor\agent\smaagent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
fjorn
Active Member
 
Posts: 7
Joined: February 9th, 2010, 1:44 am
Advertisement
Register to Remove

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby MWR 3 day Mod » February 12th, 2010, 3:22 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby xixo_12 » February 14th, 2010, 12:59 pm

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Please make sure you have done your reading on this topic : How to get help at this forum

Next,
Uninstall List.
  • Run the HiJack This.
  • Click on Open the Misc Tools section button.
  • Click on Misc Tools tab.
  • Under the System tools, click on Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • Content of uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby fjorn » February 14th, 2010, 4:37 pm

HijackThis uninstall list:

32 Bit HP CIO Components Installer
Acrobat.com
Acrobat.com
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.3.0 - CPSID_52073
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AnalogX NetStat Live
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audiosurf
Authentium AntiVirus SDK - 2
BitComet 1.14
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Compatibility Pack for the 2007 Office system
Connect
Critical Update for Windows Media Player 11 (KB959772)
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
D-Link RangeBooster N DWA-542
Dragon Age: Origins
Dragon Age: Origins - Character Creator
EA Download Manager
er100LT
EVGA Display Driver
forteManager
Free iPod Video Converter 1.34
FrostWire 4.18.0
Guitar Pro 5.2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotspot Shield 1.34
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPSSupply
Intel Audio Studio 2.0
Intel(R) Desktop Utilities
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections 11.2.0.69
iolo technologies' System Mechanic Professional
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 3
Junk Mail filter update
kuler
Logitech Desktop Messenger
Logitech G11 Keyboard Software 1.03
Logitech SetPoint
Logitech SetPoint 5.00
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
Mass Effect
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
mIRC
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
NVIDIA Drivers
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Online Armor 3.0
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Power Tab Editor 1.7
PowerDVD
PowerISO
QuickTime
RadarSync
Rainlendar2 (remove only)
RealPlayer
Revo Uninstaller 1.85
SDK
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sentinel System Driver 5.41.1 (32-bit)
SigmaTel Audio
Soundcrank
SpeechRedist
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Starcraft
Steam
Suite Shared Configuration CS4
SyAM Desktop Monitor Local-Agent 3.10
System Requirements Lab
Team Fortress Classic
The Witcher
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
TrackMania Nations Forever
Uniblue RegistryBooster 2010
Uniblue System Tweaker
Unreal Tournament 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Winamp
WindowBlinds
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Office 12
Xvid 1.1.3 final uninstall
fjorn
Active Member
 
Posts: 7
Joined: February 9th, 2010, 1:44 am

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby xixo_12 » February 15th, 2010, 7:41 pm

Hi,
Let's proceed.

First,
P2P software.
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitComet 1.14
FrostWire 4.18.0

  • It's not a good idea to have them.
  • You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above.
  • If you do not wish to remove your P2P programs, don't proceed with the next instruction and please tell me to close this topic.

Next,
CKScanner by askey127.
Please download from HERE and save to the desktop.
Note: If you are using Vista, right click and choose Run as Administrator.
  • Double click on CKScanner.exe to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of CKFiles.txt
  • Content of log.txt and info.txt (Find both in c:\rsit)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby fjorn » February 16th, 2010, 2:26 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\darrenmc\desktop\games\company of heroes\keygen.exe
c:\documents and settings\darrenmc\desktop\games\unreal tournament 3\keygen\reloaded.nfo
c:\program files\bestgameever\audiosurf\engine\channels\crypt.dll
scanner sequence 3.AB.11
----- EOF -----



info.txt logfile of random's system information tool 1.06 2010-02-16 13:22:34

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Acrobat 9.3.0 - CPSID_52073-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS4-->C:\Program Files\Common Files\Adobe\Installers\2a31ae7a5c43ff52d8577782dd34e04\Setup.exe --uninstall=1
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Premiere Pro-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AnalogX NetStat Live-->C:\Program Files\AnalogX\NetStat Live\nslu.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link RangeBooster N DWA-542-->C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe -runfromtemp -l0x0009 -removeonly
Dragon Age: Origins - Character Creator-->"C:\program files\steam\steam.exe" steam://uninstall/24920
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
er100LT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
forteManager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1883A84D-94AA-432C-9519-FA31B6B118B9}\setup.exe" -l0x9 -removeonly
Free iPod Video Converter 1.34-->"C:\Program Files\iPod Video Converter\unins000.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotspot Shield 1.34-->C:\Program Files\Hotspot Shield\Uninstall.exe
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0-->MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel(R) Desktop Utilities-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5982296-84CC-4D5B-B791-B03650F3380E}
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections 11.2.0.69-->MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
iolo technologies' System Mechanic Professional-->"C:\Program Files\iolo\System Mechanic Professional\unins000.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech G11 Keyboard Software 1.03-->MsiExec.exe /X{77A1C7DD-E4F6-4057-92FC-710219215987}
Logitech SetPoint 5.00-->MsiExec.exe /I{D3120436-1358-4253-9EB2-257FFE8CE1D9}
Logitech SetPoint-->C:\Program Files\Logitech\SetPoint II\MsgBox.exe 0,Please uninstall SetPoint 5.x before removing this version of SetPoint.,SetPoint,48
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials-->MsiExec.exe /X{AAB93551-3FFE-42B2-8315-96252BBC1033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Online Armor 3.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RadarSync -->C:\Program Files\RadarSync\uninst.exe
Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Revo Uninstaller 1.85-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sentinel System Driver 5.41.1 (32-bit)-->MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
Soundcrank-->MsiExec.exe /X{CF6F9254-2A5E-4682-A67E-38C3986376EA}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SyAM Desktop Monitor Local-Agent 3.10-->MsiExec.exe /X{01381BB8-2ABB-40CE-988F-49DBF392FE7D}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/20
The Witcher-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
TrackMania Nations Forever-->"C:\Program Files\Steam\steam.exe" steam://uninstall/11020
Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) [2008-08-20]
O20 - AppInit_DLLs: wbsys.dllc:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL tdpfzy.dll [2008-09-08]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2008-12-19]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab [2010-02-08]
O2 - BHO: (no name) - {E9F3DB20-DCBF-4556-9C71-B7143CD17163} - (no file) [2010-02-08]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-02-08]
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab [2010-02-08]
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab [2010-02-08]
O18 - Protocol: bwr0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwo0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw30s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw00 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw20s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw60 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwv0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwu0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw80 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwp0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwh0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw50s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwg0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwg0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwt0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwm0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwj0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwh0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwd0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw70 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bww0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab [2010-02-08]
O18 - Protocol: bwe0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw-0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw60s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw-0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw10 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwx0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwn0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw50 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwb0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwz0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bws0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwx0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwy0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwb0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwt0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwk0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwj0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw+0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwn0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwy0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwq0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwe0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwf0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw80s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwc0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bww0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwi0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwv0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw90s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw+0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bws0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwq0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwf0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwu0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwo0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: offline-8876480 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwd0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwa0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw70s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw90 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwm0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw30 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwp0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwk0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwz0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw10s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw40 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwc0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwi0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw20 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw00s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwr0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwl0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwa0 - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bw40s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]
O18 - Protocol: bwl0s - {D8A0CF79-394C-4B55-9F1E-F0486BACC6D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [2010-02-08]

======Security center information======

AV: iolo AntiVirus®
FW: Online Armor Firewall

======System event log======

Computer Name: DARRENMC-F380CF
Event Code: 7000
Message: The Desktop Monitor Web Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 36752
Source Name: Service Control Manager
Time Written: 20100125102338.000000-300
Event Type: error
User:

Computer Name: DARRENMC-F380CF
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Desktop Monitor Web Server service to connect.

Record Number: 36751
Source Name: Service Control Manager
Time Written: 20100125102338.000000-300
Event Type: error
User:

Computer Name: DARRENMC-F380CF
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 001CF05ACC01. The IP address being used is 169.254.60.151.

Record Number: 36750
Source Name: Dhcp
Time Written: 20100125102315.000000-300
Event Type: warning
User:

Computer Name: DARRENMC-F380CF
Event Code: 1002
Message: The IP address lease 192.168.1.111 for the Network Card with network address 001CF05ACC01 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Record Number: 36749
Source Name: Dhcp
Time Written: 20100125102213.000000-300
Event Type: error
User:

Computer Name: DARRENMC-F380CF
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 36738
Source Name: W32Time
Time Written: 20100125002935.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: DARRENMC-F380CF
Event Code: 21
Message: Monitoring Agent Could not continue operation, stopping...

Record Number: 6829
Source Name: SyAM-Events
Time Written: 20091129085346.000000-300
Event Type: warning
User:

Computer Name: DARRENMC-F380CF
Event Code: 21
Message: Monitoring Agent Could not continue operation, stopping...

Record Number: 6818
Source Name: SyAM-Events
Time Written: 20091128115716.000000-300
Event Type: warning
User:

Computer Name: DARRENMC-F380CF
Event Code: 21
Message: Monitoring Agent Could not continue operation, stopping...

Record Number: 6799
Source Name: SyAM-Events
Time Written: 20091127094306.000000-300
Event Type: warning
User:

Computer Name: DARRENMC-F380CF
Event Code: 1517
Message: Windows saved user DARRENMC-F380CF\DarrenMc registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 6792
Source Name: Userenv
Time Written: 20091126235930.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DARRENMC-F380CF
Event Code: 21
Message: Monitoring Agent Could not continue operation, stopping...

Record Number: 6782
Source Name: SyAM-Events
Time Written: 20091126225454.000000-300
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\PROGRA~1\DISKEE~1\DISKEE~2\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
fjorn
Active Member
 
Posts: 7
Joined: February 9th, 2010, 1:44 am

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby fjorn » February 16th, 2010, 2:27 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by DarrenMc at 2010-02-16 13:21:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 183 GB (60%) free of 305 GB
Total RAM: 3326 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:32, on 16/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DarrenMc\My Documents\Downloads\CKScanner.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DarrenMc\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\DarrenMc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional\delay.exe
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/bo ... oardID.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desktop Monitor Web Server (DMWebSrv) - Unknown owner - C:\SyAM\jetty\DMWebSrv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: Desktop Monitor Agent (SMAgent) - SyAM Software, Inc. - C:\SyAM\system_monitor\agent\smaagent.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 10271 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2010-01-17 218160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-12-21 349640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-07-17 55824]
"Launch LGDCore"=C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe [2006-07-22 1126400]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-10-06 6223048]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-07-17 55824]
"ioloDelayModule"=C:\Program Files\iolo\System Mechanic Professional\delay.exe [2008-04-17 96256]
""= []
"iolo AntiVirus"=C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe [2009-08-28 1110440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LDM"=\Program\ []
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-watch]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe [2007-02-01 285696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2006-09-21 9138176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo AntiVirus]
C:\Program Files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe [2009-08-28 1110440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipTray.exe]
C:\Program Files\Intel\IDU\iptray.exe [2006-09-11 2205696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Console]
C:\SyAM\system_monitor\agent\winvnc.exe [2007-11-19 368640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2010-01-19 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe [2009-10-23 361896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-08-04 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^DarrenMc^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"winvnc"=3
"usnjsvc"=3
"UleadBurningHelper"=2
"RichVideo"=2
"NMIndexingService"=3
"NBService"=3
"iPod Service"=3
"AWService"=2
"Apple Mobile Device"=2
"IDriverT"=3
"FLEXnet Licensing Service"=3
"Bonjour Service"=2
"XAMPP"=2
"WinDefend"=2
"IOLO_SRV"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2008-03-23 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-10-06 886984]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
"notification packages"=
:\WINDOWS\system32\srr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\Steam\steamapps\missingeye\half-life\hl.exe"="C:\Program Files\Steam\steamapps\missingeye\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\missingeye\team fortress classic\hl.exe"="C:\Program Files\Steam\steamapps\missingeye\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\missingeye\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\missingeye\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\steamapps\missingeye\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\missingeye\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe"="C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe:*:Enabled:LostPlanetDx9"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\xampp\apache\bin\apache.exe"="C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"C:\Documents and Settings\DarrenMc\Local Settings\Temp\Rar$EX00.078\eclipse\eclipse.exe"="C:\Documents and Settings\DarrenMc\Local Settings\Temp\Rar$EX00.078\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\DarrenMc\Desktop\Eclipse\eclipse.exe"="C:\Documents and Settings\DarrenMc\Desktop\Eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe:*:Enabled:iolo Firewall®"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\missingeye\half-life blue shift\hl.exe"="C:\Program Files\Steam\steamapps\missingeye\half-life blue shift\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\missingeye\opposing force\hl.exe"="C:\Program Files\Steam\steamapps\missingeye\opposing force\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\HLTV Tool by Marach\HLTV Tool.exe"="C:\Program Files\HLTV Tool by Marach\HLTV Tool.exe:*:Enabled:Program for recording HLTV demos easily and accurately."
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe:*:Enabled:iolo AntiVirus®"
"C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus® Email Protection"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla"
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe"="C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe"="C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever"
"C:\Program Files\Steam\steamapps\common\dragon age orgins character creator\DAOriginsLauncher.exe"="C:\Program Files\Steam\steamapps\common\dragon age orgins character creator\DAOriginsLauncher.exe:*:Enabled:Dragon Age: Origins - Character Creator"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7254a90d-f5c8-11dc-b4e5-0019d1edfaf5}]
shell\AutoRun\command - J:\RECYCLER\restore.exe
shell\open\command - J:\RECYCLER\restore.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-02-16 13:21:44 ----D---- C:\rsit
2010-02-09 21:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-09 21:50:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-09 21:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-09 21:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-09 21:47:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-09 21:47:00 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-09 21:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-09 21:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-09 21:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-09 12:54:48 ----A---- C:\WINDOWS\system32\tmp.txt
2010-02-09 12:54:19 ----A---- C:\rapport.txt
2010-02-09 12:53:25 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-02-09 12:53:24 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-02-09 12:53:24 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-02-09 12:53:24 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\swsc.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\swreg.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\Process.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-02-09 12:53:23 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-02-07 23:43:41 ----D---- C:\Program Files\Panda Security
2010-02-07 00:47:33 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-01-31 12:27:01 ----D---- C:\WINDOWS\83F12F73D52E40C093B1463C311C4E17.TMP
2010-01-31 03:34:49 ----D---- C:\Program Files\RadarSync
2010-01-31 02:14:46 ----A---- C:\WINDOWS\system32\WmiConf.txt
2010-01-30 16:44:13 ----D---- C:\Program Files\VS Revo Group
2010-01-27 14:48:01 ----D---- C:\Documents and Settings\DarrenMc\Application Data\System Tweaker
2010-01-27 14:29:23 ----D---- C:\Program Files\Uniblue
2010-01-17 15:39:17 ----D---- C:\Hotspot Shield
2010-01-17 15:13:50 ----D---- C:\Program Files\Hotspot Shield

======List of files/folders modified in the last 1 months======

2010-02-16 13:11:02 ----D---- C:\Program Files\Mozilla Firefox
2010-02-16 13:08:45 ----D---- C:\WINDOWS\Prefetch
2010-02-16 13:08:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-16 13:08:08 ----D---- C:\Program Files\mIRC
2010-02-16 12:08:59 ----SHD---- C:\WINDOWS\Installer
2010-02-16 12:08:59 ----HD---- C:\Config.Msi
2010-02-16 12:08:10 ----D---- C:\Documents and Settings\DarrenMc\Application Data\OnlineArmor
2010-02-16 12:07:57 ----D---- C:\WINDOWS\Temp
2010-02-16 12:06:18 ----D---- C:\WINDOWS\system32
2010-02-16 12:06:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-16 03:51:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-16 00:21:37 ----D---- C:\Program Files\Steam
2010-02-15 22:06:15 ----D---- C:\Documents and Settings\DarrenMc\Application Data\soundcrank
2010-02-15 19:30:49 ----RD---- C:\Program Files
2010-02-15 19:30:38 ----D---- C:\Program Files\BitComet
2010-02-15 11:55:00 ----SD---- C:\WINDOWS\Tasks
2010-02-14 23:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2010-02-14 15:00:31 ----D---- C:\Downloads
2010-02-14 14:59:01 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-11 10:49:17 ----HD---- C:\WINDOWS\inf
2010-02-09 22:07:08 ----D---- C:\WINDOWS
2010-02-09 21:50:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-09 21:50:47 ----A---- C:\WINDOWS\imsins.BAK
2010-02-09 21:50:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-09 21:50:45 ----D---- C:\WINDOWS\system32\drivers
2010-02-08 18:55:02 ----D---- C:\Documents and Settings\DarrenMc\Application Data\FileZilla
2010-02-08 00:30:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-07 22:33:00 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-07 22:21:05 ----SHD---- C:\System Volume Information
2010-02-07 21:43:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-07 21:30:44 ----D---- C:\WINDOWS\system32\Restore
2010-02-07 00:48:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-04 23:30:42 ----RSD---- C:\WINDOWS\Fonts
2010-02-04 23:15:22 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-01 14:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-31 12:38:12 ----D---- C:\WINDOWS\system32\config
2010-01-31 12:27:38 ----D---- C:\Program Files\THQ
2010-01-31 03:35:58 ----D---- C:\WINDOWS\system32\wbem
2010-01-31 03:35:58 ----D---- C:\WINDOWS\Registration
2010-01-31 03:34:31 ----D---- C:\Program Files\Intel
2010-01-31 03:33:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-31 02:58:45 ----D---- C:\Documents and Settings\All Users\Application Data\Atheros
2010-01-31 02:05:38 ----D---- C:\Program Files\IDT
2010-01-31 01:26:33 ----A---- C:\WINDOWS\resetlog.txt
2010-01-30 17:41:01 ----D---- C:\Documents and Settings\DarrenMc\Application Data\iolo
2010-01-30 17:24:22 ----D---- C:\Program Files\Macromedia
2010-01-30 17:19:16 ----D---- C:\Program Files\Diskeeper Corporation
2010-01-30 17:17:25 ----D---- C:\WINDOWS\Help
2010-01-30 17:12:15 ----D---- C:\Documents and Settings\DarrenMc\Application Data\HLSW
2010-01-30 17:10:24 ----D---- C:\Program Files\InterVideo
2010-01-30 17:07:22 ----D---- C:\WINDOWS\WinSxS
2010-01-30 16:59:28 ----D---- C:\Program Files\LucasArts
2010-01-27 15:00:24 ----SHD---- C:\WINDOWS\CSC
2010-01-27 14:29:44 ----D---- C:\Documents and Settings\DarrenMc\Application Data\Uniblue
2010-01-26 21:06:51 ----A---- C:\WINDOWS\win.ini
2010-01-26 21:06:51 ----A---- C:\WINDOWS\system.ini
2010-01-22 22:05:44 ----D---- C:\Program Files\Adobe
2010-01-22 10:58:55 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 10:58:55 ----D---- C:\Program Files\Internet Explorer
2010-01-22 10:58:44 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-07-24 9341]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-03-28 278984]
R2 caniodrvr;caniodrvr; \??\C:\SyAM\system_monitor\agent\drivers\caniodrvr.sys []
R2 CSS DVP;Dynamic Virus Protection; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-07-09 834448]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-03-28 25416]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2006-02-28 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2006-02-28 55936]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2002-12-17 76288]
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-12-17 44384]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-16 1343584]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-03-02 246680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-03-02 44416]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-11-12 37376]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-07-26 10368]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2007-07-06 57376]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-07-17 34960]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-07-17 36240]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 pdiddcci;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\pdiddcci.sys [2006-11-16 11776]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2006-11-16 15920]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2005-10-12 36484]
R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2005-10-12 22272]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2009-11-12 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 aojl9sj4;aojl9sj4; C:\WINDOWS\system32\drivers\aojl9sj4.sys []
S3 exdisk;Express Disk Service; C:\WINDOWS\system32\DRIVERS\exdisk.sys [2004-08-04 14074]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys []
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exe [2007-07-27 364629]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-02-01 73728]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe [2007-07-09 177416]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-10-06 1402568]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-10-06 3321032]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 DMWebSrv;Desktop Monitor Web Server; C:\SyAM\jetty\DMWebSrv.exe [2004-01-02 110592]
S2 SMAgent;Desktop Monitor Agent; C:\SyAM\system_monitor\agent\smaagent.exe [2006-05-11 139264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-12 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S4 AWService;Admin Works Agent X8; C:\Program Files\Intel\IDU\awServ.exe [2006-08-18 67072]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S4 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-11-17 224816]
S4 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-11-12 331824]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-11-17 57640]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 IOLO_SRV;iolo System Guard; C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe [2009-10-23 326056]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 winvnc;Remote Console; C:\SyAM\system_monitor\agent\winvnc.exe [2007-11-19 368640]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
fjorn
Active Member
 
Posts: 7
Joined: February 9th, 2010, 1:44 am

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby xixo_12 » February 17th, 2010, 12:10 pm

Hi,

BACKDOOR TROJAN
I'm afraid I have some bad news for you. Your computer is infected with BACKDOOR TROJAN. Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victims machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, Backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer, change settings on the computer and more. Please read this article by Roger A. Grimes on Remote Access Trojans it will give you an idea of the severity of the type of infection you have.
Reference : Link


You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Because of the severity and the capabilities of this type of virus, (it cannot be known what changes to your system it has made or if it opened up other ways into your system) The only responsible course of action I can advise is to reformat your computer and reinstall windows.

Further reading:

Post any question if you have.
Please let us know what you have decided to do in your next post.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby fjorn » February 17th, 2010, 3:21 pm

Is there no other possible options at all? I'm sure you can understand why I would be wary of reformatting my computer as the only means of cleaning this out. I feel like there should be a few other things worth trying still.
fjorn
Active Member
 
Posts: 7
Joined: February 9th, 2010, 1:44 am

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby xixo_12 » February 17th, 2010, 8:48 pm

Hi,

Discussion.
Is there no other possible options at all? I'm sure you can understand why I would be wary of reformatting my computer as the only means of cleaning this out. I feel like there should be a few other things worth trying still.

I would say this is the most prudent course of action. It's the best advice I can offer to you.
Additional information : Your machine overall is in quite a mess operating system wise.
This is one of serious infection that have no other option except Reformat and Reinstall.

Even though I can attempt to clean your machin, there's a distinct possibility the files related with this backdoor infection is still hidden and active in the system.
This infection will have made modifications to the system files and our tools might not detect the modifications that occurred.

In other words, it may look clean to me but in the reality, you're still using a infected system.
That's why I strongly recommended Reformat and Reinstall as the best option.

Please post any question you may have.
Please let us know what you have decided after reading my explanation.
Thank you.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby xixo_12 » February 20th, 2010, 7:19 am

Hello :),

Reminder.
It's 48 hours since my last reply.
Please let me know if you have any problem to understand my instruction or you need extra time.
In order to maintain our policy,
You have next 24 hours to reply at this topic, otherwise it will be closed as inactive.

Regards,
xixo_12
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby fjorn » February 20th, 2010, 5:40 pm

Went ahead and reformatted the other day
fjorn
Active Member
 
Posts: 7
Joined: February 9th, 2010, 1:44 am

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby xixo_12 » February 20th, 2010, 8:10 pm

Hi,
Good choice of decision. :thumbright:
Here, is a few advices.
There are a couple of things you should do immediately after installing Windows and before surfing the net.

SpywareBlaster.
  • SpywareBlaster help your Internet Explorer more strong as it will help to block known malicious ActiveX
  • A tutorial on installing & using this product can be found HERE

Antivirus.

Malwarebytes' Anti-Malware.

WinPatrol.
  • Unwanted things always occur behind your knowledge. Let's this software take the snapshot of it.
  • For more information and installation can be found HERE

Windows/Program Update.
Please make sure to have your Windows Automatic Update turn ON or you can do it manually.
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
  • Go to Start > All Programs > Windows Update
To update Office
  • Open up any Office program.
  • Go to Help > Check for Updates

You always can refer at both website to check either any updates are needed for your system.

Information.

Happy Safe Surfing ;)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: NT Authority\System Error Message: Remote Procedure Call (RP

Unread postby Dakeyras » February 22nd, 2010, 7:57 am

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware