Free Malware Removal Forum

[psychopiano]

I've had some problems with this particular Trojan, known from Malwarebytes as Trojan.Cinmus. It seems to be causing the explorer.exe to occasionally slow down, and general slowing down of the whole system. Malwarebytes doesn't seem able to fully remove it.

Here is my Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:53, on 09/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Users\Alastair\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1060933
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010\program\dbhagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Aston2] "C:\Program Files\Aston2\Aston2.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Paragon System Backup Service - Paragon Software Group - C:\Program Files\Paragon Software\System Backup 2010\program\dbhservice.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 14882 bytes

and my Uninstall list:

?????
µTorrent
1-Click YouTube To MP3 Converter 2.2
3D Waterfall Screensaver 1.0
7-Zip 9.10 beta
Acer Arcade Deluxe
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Lightroom 2.4
Adobe Reader 8.1.0
Agere Systems HDA Modem
Aimersoft Media Converter(Build 1.3.1.0)
Air Mouse Server
AmpliTube X-GEAR
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Aston 2.0.0
Astro Gemini Screensaver Manager 2.0
Audacity 1.3.9 (Unicode)
Audio Creator LE 1.5
avast! Antivirus
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Backspin Billiards
BHODemon 2.0.0.23
Big Kahuna Reef
BitComet 1.17
blinkbox Download Manager
Bonjour
BpmChecker
Cakewalk Sound Center 1.0.0
CamStudio
CCleaner
CDBurnerXP
Christmas 3D Screensaver 1.0
Christmas Eve Scene 3D Screensaver 3.0
CoffeeCup Visual Site Designer Software
Cucusoft iPhone Ringtone Maker 2.4.4
Cucusoft YouTube Mate 7.17
Debut Video Capture Software
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DivxToDVD 0.5.2
Dorgem 2.1.0
Download Direct
DubIt
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Rebuilder
EA SPORTS(TM) FIFA Online
EASEUS Data Recovery Wizard 5.0.1
Edirol HQ Orchestral v1.01
eLicenser Control
eSobi v2
ExifCleaner 1.2
EZBack-it-up 2.0.1
FFmpeg for Audacity on Windows
FILEminimizer Pictures
FileZilla Client 3.3.1
FileZilla Server (remove only)
Flickr Uploadr 3.2.1
Flip Words 2
Football Manager 2010 Demo
Forest Life 3D Screensaver 1.2
Free YouTube to MP3 Converter version 3.2
Freecorder 4.0 Application
Freecorder Toolbar
GigaPan Upload 1.0.0825
GIMP 2.6.8
Gold Fish Animated Wallpaper version 1.0
Google Chrome
Google Desktop
Google Gears
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCare Data Recovery Software3.5
Icepine Video Converter Pro 2
ImageMagick 6.5.9-5 Q16 (2010-02-15)
ImgBurn
InfraRecorder
Intel(R) Graphics Media Accelerator Driver
InterLok Driver Kit
iTunes
Jalbum
James Bond 007: Nightfire Demo
Java(TM) 6 Update 16
JDownloader
Jodix Video MP3 Extractor 1.12
K-Lite Codec Pack 5.9.0 (Full)
LAME v3.98.2 for Audacity
Launch Manager
LG MC USB U330 driver
LG PC Suite II
LG USB Modem driver
Linux MultiMedia Studio (LMMS)
Lockerz_Wave_Updater Toolbar
MagicScore
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft GIF Animator
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.5.9)
MP3MyMP3 3.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Creator 5
Musicnotes Player
Musicnotes Software Suite 1.1
My Webcam Broadcaster
Notation Player 2.5.2
NTI Backup Now 5
NTI Media Maker 8
Open Video Joiner version 3.3.0.0
Orion
Paint.NET v3.5.5
PC Tools Firewall Plus 6.0
PCHand Screen Capture (GOTD Version) 1.8.0.2
PCHand Screen Recorder (GOTD Version) 1.8.5.2
PeerGuardian 2.0
Perfect Macro Recorder 2.00
PhotoNow!
picture-shark 1.0
PipPlus
Pixifex
PowerDirector
PPTV V2.4.2.0013
Process Lasso
PTLens
PunkBuster Services
QuickTime
Race Driver 3
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
RehanFX Shader Transitions and Effects (ShaderTFX)
Replay Music
Riva FLV Encoder 2.0
RollerCoaster Tycoon 2
Samplitude SE No.9 9.1.1.1 (US)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Serif WebPlus SE
Sibelius 6 Demo
Sky Player
SopCast 2.0.4
Sothink Logo Maker
Sothink SWF Quicker
Spotify
Steam
Steinberg Cubase 5
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Stellarium 0.10.2
StreamTorrent 1.0
Studio Instruments 1.0
Synaptics Pointing Device Driver
Tag&Rename 3.5.5
Transmute v2.04
TubeHunter Media Center
TVAnts 1.0
UltraSlideshow Flash Creator 1.22
Unity Web Player
Universal UVI Player 1.0.2.
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18
UUSee ÍøÂçµçÊÓ [4.8.307.11]
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.16
Vegas Pro 9.0
Veoh Web Player
VirtualCloneDrive
Visual LightBox
Vuze
Wii Video 9 5.04
Windows 7 Upgrade Advisor
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Winter Night 3D Screensaver 1.0
WMV Joiner version 1.1
XnView 1.97
YAMAHA Musicsoft Downloader 5
YouTube Downloader 2.5.3
YouTube Playlist Converter
Zoner Photo Studio 12

Hope you can help

Thanks.

EDIT - Though I don't use it for P2P, I just removed Vuze in accordance with the policy thing, and ran a registry clean on CCleaner.

[turtledove]

Hello pschopiano and welcome

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested* Do not install/uninstall anything unless requested
**Please be sure you have read Malware Removal Forum Guidelines and Rules especially P2P Policy
*If you can do the above all should go well.
*If you do not understand a step, please STOP and ASK before proceeding*

**All fixes are for this computer and the current issues on it. Please Do Not use these instructions on another issue or computer.**

Note: Vista/Win7 Users: Some tools will require you Right Click and select Run as Administrator to run correctly.

Step 1

Remove P2P Software
Along with having removed Vuze, please remove the following:
µTorrent

These are one of the biggest routes to infections

While there, please uninstall outdated and vulnerable programs and extra Anti Virus and Firewalls, there should only be one each installed to reduce conflict and slowdown of your computer: Let me know which Anti Virus and Firewall you keep.
Adobe Reader 8.1.0
Java(TM) 6 Update 16


Step 2
Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.


Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
  
• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
    
  • info.txt will be opened minimized.
    
• Please post the contents of both log.txt and info.txt.
  

Step 3
Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe
**Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



Post
C:\RSIT\log.txt
C:\RSIT\info.txt
CKFiles.txt
Which Anti Virus and Firewall you kept
A description of how your system is running.


Thank you,

turtledove

[psychopiano]

RSIT

log.txt:

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alastair at 2010-07-14 19:44:11
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 4 GB (6%) free of 71 GB
Total RAM: 3000 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:44:46, on 14/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Alastair\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Alastair.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1060933
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010\program\dbhagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Aston2] "C:\Program Files\Aston2\Aston2.exe"
O4 - HKCU\..\Run: [XBList] D:\Program Files\XBList\XBList.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O15 - Trusted Zone: login.live.com
O15 - Trusted Zone: live.xbox.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Paragon System Backup Service - Paragon Software Group - C:\Program Files\Paragon Software\System Backup 2010\program\dbhservice.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 16068 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d6451b1-a91e-435e-ba58-134ec4797456}]
Lockerz Wave Updater Toolbar - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-19 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-01 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-16 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
{0d6451b1-a91e-435e-ba58-134ec4797456} - Lockerz Wave Updater Toolbar - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll [2010-03-17 2355224]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2009-11-09 2331672]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-04-11 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-04-11 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-04-18 167936]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-17 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-17 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-17 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-09-10 809480]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-11 409600]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2010-01-18 3168216]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-10-21 1032640]
""= []
"DBHAgent"=C:\Program Files\Paragon Software\System Backup 2010\program\dbhagent.exe [2010-01-11 68112]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-19 202256]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-05-19 414736]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-05-19 252944]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2009-11-15 158752]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Cm106Sound"=RunDll32 cm106.cpl,CMICtrlWnd []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-10-21 1032640]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-16 68856]
"PPAP"=C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe [2010-02-04 173512]
"PPLiveVA"=C:\Program Files\PPLive\PPVA\PPLiveVA.exe [2009-12-30 71152]
"Aston2"=C:\Program Files\Aston2\Aston2.exe [2010-05-24 211968]
"XBList"=D:\Program Files\XBList\XBList.exe [2009-09-20 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2009-12-28 2940664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-07 34040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\Download Direct\DLD.exe [2007-09-06 1343488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-16 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-10-29 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-12-23 2642168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

C:\Users\Alastair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-14 19:44:11 ----D---- C:\rsit
2010-07-14 13:29:54 ----D---- C:\Program Files\Common Files\Native Instruments
2010-07-14 13:29:26 ----A---- C:\Windows\system32\NI_IRC_1_2.dll
2010-07-14 13:29:26 ----A---- C:\Windows\system32\NI_DFD_1_5.dll
2010-07-14 13:29:25 ----A---- C:\Windows\system32\bconvert.dll
2010-07-13 09:12:30 ----D---- C:\Users\Alastair\AppData\Roaming\XBList
2010-07-10 17:58:51 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2010-07-10 17:57:45 ----N---- C:\Windows\Vmix106.dll
2010-07-10 17:57:38 ----A---- C:\Windows\Cm106.ini.cfl
2010-07-10 17:57:33 ----N---- C:\Windows\system32\Cmeau106.exe
2010-07-10 17:56:37 ----A---- C:\Windows\system32\drivers\CM106.sys
2010-07-10 17:56:33 ----N---- C:\Windows\system32\CmiInstallResAll.dll
2010-07-10 17:56:33 ----N---- C:\Windows\Cm106.ini.cfg
2010-07-10 17:56:33 ----A---- C:\Windows\Cm106.ini.imi
2010-07-09 18:06:46 ----D---- C:\Users\Alastair\AppData\Roaming\Yahoo!
2010-07-09 18:06:46 ----D---- C:\ProgramData\Yahoo! Companion
2010-07-09 18:06:44 ----D---- C:\Program Files\Yahoo!
2010-07-09 17:30:15 ----D---- C:\Program Files\Trend Micro
2010-07-09 17:19:12 ----D---- C:\Program Files\BHODemon 2
2010-07-09 15:01:07 ----A---- C:\Windows\system32\libeay32.dll
2010-07-08 22:51:17 ----D---- C:\ProgramData\WindowsSearch
2010-06-29 00:02:31 ----D---- C:\Program Files\RehanFX
2010-06-28 23:58:49 ----A---- C:\Rebuilder.ini
2010-06-28 23:58:49 ----A---- C:\Installer.txt
2010-06-24 03:02:08 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 03:02:08 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 03:02:08 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 03:02:07 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 03:02:07 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 08:34:21 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 08:34:20 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-21 10:58:44 ----D---- C:\Users\Alastair\AppData\Roaming\gtk-2.0

======List of files/folders modified in the last 1 months======

2010-07-14 19:44:43 ----D---- C:\ProgramData\Kontiki
2010-07-14 19:44:42 ----D---- C:\Windows\Temp
2010-07-14 19:44:08 ----D---- C:\Windows\Prefetch
2010-07-14 19:42:06 ----SHD---- C:\Windows\Installer
2010-07-14 19:42:03 ----SHD---- C:\Config.Msi
2010-07-14 19:41:40 ----D---- C:\Program Files\Common Files\Adobe
2010-07-14 19:41:35 ----D---- C:\ProgramData\Adobe
2010-07-14 19:41:25 ----D---- C:\Program Files\Adobe
2010-07-14 19:41:05 ----D---- C:\Windows\winsxs
2010-07-14 19:39:29 ----D---- C:\Windows\System32
2010-07-14 19:36:49 ----D---- C:\Program Files
2010-07-14 19:36:43 ----D---- C:\Users\Alastair\AppData\Roaming\uTorrent
2010-07-14 18:58:30 ----D---- C:\Windows\system32\LogFiles
2010-07-14 18:58:30 ----D---- C:\Users\Alastair\AppData\Roaming\Media Player Classic
2010-07-14 18:58:29 ----D---- C:\Windows\Minidump
2010-07-14 18:58:29 ----D---- C:\Windows\Debug
2010-07-14 18:58:29 ----D---- C:\Windows
2010-07-14 18:39:21 ----D---- C:\Windows\system32\catroot
2010-07-14 18:20:37 ----D---- C:\Windows\system32\Tasks
2010-07-14 13:29:54 ----D---- C:\Program Files\Common Files
2010-07-14 08:51:10 ----D---- C:\Users\Alastair\AppData\Roaming\Spotify
2010-07-14 04:48:00 ----SHD---- C:\System Volume Information
2010-07-13 17:32:59 ----D---- C:\Program Files\JDownloader
2010-07-13 17:32:50 ----AD---- C:\ProgramData\TEMP
2010-07-13 10:35:17 ----D---- C:\Program Files\BitComet
2010-07-13 00:39:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-13 00:39:12 ----D---- C:\Windows\inf
2010-07-10 18:00:32 ----D---- C:\Windows\system32\drivers
2010-07-10 17:58:01 ----D---- C:\Windows\SoftwareDistribution
2010-07-10 17:57:44 ----D---- C:\Windows\system
2010-07-09 18:06:46 ----HD---- C:\ProgramData
2010-07-09 18:06:39 ----D---- C:\Program Files\CCleaner
2010-06-30 12:28:55 ----D---- C:\Users\Alastair\AppData\Roaming\Audacity
2010-06-29 23:48:02 ----D---- C:\Users\Alastair\AppData\Roaming\Icevc
2010-06-27 10:51:57 ----D---- C:\Windows\Microsoft.NET
2010-06-27 10:51:56 ----RSD---- C:\Windows\assembly
2010-06-25 03:02:40 ----D---- C:\Windows\system32\en-US
2010-06-25 03:02:34 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 03:19:34 ----D---- C:\Windows\AppPatch
2010-06-23 10:15:27 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 08:32:36 ----D---- C:\Windows\system32\catroot2
2010-06-21 17:09:07 ----D---- C:\Users\Alastair\AppData\Roaming\FileZilla
2010-06-20 01:22:56 ----D---- C:\Program Files\Flickr Uploadr

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-11 40560]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-06-04 43872]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2006-08-01 72160]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-11-19 29520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-01-18 233136]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\Windows\system32\drivers\PCTAppEvent.sys [2010-01-18 88040]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-14 2152344]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-18 70664]
R3 pctNDIS;PC Tools Driver; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-01-18 58816]
R3 pctplfw;pctplfw; \??\C:\Windows\System32\drivers\pctplfw.sys [2010-01-18 115216]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-08-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-04 25704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\C:\Program Files\MAGIX\Samplitude_SE_No9\mxasio.sys [2002-04-16 4899]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\Windows\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 PCTFW-DNS;PCTools Firewall - DNS driver; \??\C:\Windows\system32\drivers\pctNdis-DNS.sys [2010-01-18 32680]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2010-04-10 138968]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-08-27 73088]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-03-26 12800]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-03-26 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-03-26 24832]
S3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM106.sys [2008-10-14 1501696]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-19 723632]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-10-21 3068352]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2009-11-09 818432]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-03-10 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-04-10 214592]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 Paragon System Backup Service;Paragon System Backup Service; C:\Program Files\Paragon Software\System Backup 2010\program\dbhservice.exe [2010-01-11 109072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]
S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2009-09-06 729088]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-16 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-16 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-12 316664]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

and info.txt

info.txt logfile of random's system information tool 1.08 2010-07-14 19:44:55

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
1-Click YouTube To MP3 Converter 2.2-->"C:\Program Files\1-Click YouTube To MP3 Converter\unins000.exe"
3D Waterfall Screensaver 1.0-->"C:\Program Files\3D Waterfall Screensaver\unins000.exe"
5.1CH USB Audio-->C:\Windows\System32\Cmeau106.exe /rm /pusb106
7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Lightroom 2.4-->MsiExec.exe /I{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Aimersoft Media Converter(Build 1.3.1.0)-->"C:\Program Files\Aimersoft\Media Converter\unins000.exe"
Air Mouse Server-->MsiExec.exe /I{EE18E5E3-9929-4A7C-AA08-E0AEC2FEA75C}
AmpliTube X-GEAR-->C:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Aston 2.0.0-->C:\Program Files\Aston2\uninst.exe
Astro Gemini Screensaver Manager 2.0-->"C:\Program Files\Astro Gemini Software\Screensaver Manager 2.0\unins000.exe"
Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audio Creator LE 1.5-->"C:\Program Files\Cakewalk\Audio Creator LE\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.4-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
BHODemon 2.0.0.23-->"C:\Program Files\BHODemon 2\unins000.exe"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
BitComet 1.17-->C:\Program Files\BitComet\uninst.exe
blinkbox Download Manager-->MsiExec.exe /I{E151EE9D-2A4E-4DDB-90EA-F40F8DAFDCD5}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BpmChecker-->c:\program files\BpmChecker\Uninstal.exe
Cakewalk Sound Center 1.0.0-->"C:\Program Files\Cakewalk\Cakewalk Sound Center\unins000.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Christmas 3D Screensaver 1.0-->"C:\Program Files\Christmas 3D Screensaver\unins000.exe"
Christmas Eve Scene 3D Screensaver 3.0-->C:\Program Files\ScenicReflections\Christmas Eve Scene 3D Screensaver\uninst.exe
CoffeeCup Visual Site Designer Software-->C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\uninstall.exe
Cucusoft iPhone Ringtone Maker 2.4.4-->"C:\Program Files\Cucusoft\iPhoneRingtoneMaker\unins000.exe"
Cucusoft YouTube Mate 7.17-->"C:\Program Files\Cucusoft\YouTube-Mate\unins000.exe"
Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
Dorgem 2.1.0-->"C:\Program Files\Dorgem\unins000.exe"
Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
DubIt-->C:\Program Files\TechSmith\DubIt\DIuninst.EXE
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Rebuilder-->"D:\Program Files\DVD-RB\unins000.exe"
EA SPORTS(TM) FIFA Online-->MsiExec.exe /X{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}
EASEUS Data Recovery Wizard 5.0.1-->"C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.0.1\unins000.exe"
Edirol HQ Orchestral v1.01-->C:\PROGRA~1\Edirol\ORCHES~1\UNWISE.EXE C:\PROGRA~1\Edirol\ORCHES~1\INSTALL.LOG
eLicenser Control-->C:\PROGRA~1\ELICEN~1\UNWISE.EXE C:\PROGRA~1\ELICEN~1\INSTALL.LOG
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
ExifCleaner 1.2-->C:\Program Files\SuperUtils.com\ExifCleaner\uninst.exe
EZBack-it-up 2.0.1-->"C:\Program Files\EZBackitup\unins000.exe"
FFmpeg for Audacity on Windows-->"C:\Program Files\FFmpeg for Audacity\unins000.exe"
FILEminimizer Pictures-->"C:\Program Files\FILEminimizer Pictures\unins000.exe"
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
Flickr Uploadr 3.2.1-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
Football Manager 2010 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/34110
Forest Life 3D Screensaver 1.2-->"D:\Program Files\Forest Life 3D Screensaver\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Freecorder 4.0 Application-->"C:\Windows\Freecorder\uninstall.exe" "/U:C:\Program Files\Freecorder\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\PROGRA~1\FREECO~1\UNWISE.EXE /U C:\PROGRA~1\FREECO~1\INSTALL.LOG
Garritan Personal Orchestra-->D:\PROGRA~1\GARRIT~1\UNWISE.EXE D:\PROGRA~1\GARRIT~1\INSTALL.LOG
GigaPan Upload 1.0.0825-->MsiExec.exe /I{5DF6DF2C-455C-4AB6-A288-71CFD42FA952}
GIMP 2.6.8-->"D:\Program Files\GIMP-2.0\setup\unins000.exe"
Gold Fish Animated Wallpaper version 1.0-->"C:\Program Files\Gold Fish Animated Wallpaper\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iCare Data Recovery Software3.5-->"G:\Program Files\iCare Data Recovery Software\unins000.exe"
Icepine Video Converter Pro 2-->"C:\Program Files\Icevc\unins000.exe"
ImageMagick 6.5.9-5 Q16 (2010-02-15)-->"C:\Program Files\ImageMagick-6.5.9-Q16\unins000.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Inpaint 2.4-->"D:\Program Files\Inpaint\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
InterLok Driver Kit-->MsiExec.exe /X{DA710550-08C4-4845-A151-21D6DC9ED6D1}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Jalbum-->MsiExec.exe /I{CDADBC57-1ED9-4D50-BFA9-315EAC04A2FE}
James Bond 007: Nightfire Demo-->C:\PROGRA~1\EAGAME~1\NIGHTF~1\UNWISE.EXE C:\PROGRA~1\EAGAME~1\NIGHTF~1\INSTALL.LOG
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
Jodix Video MP3 Extractor 1.12-->"C:\Program Files\Jodix Video MP3 Extractor\unins000.exe"
K-Lite Codec Pack 5.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
LG MC USB U330 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}\setup.exe" -l0x9 -removeonly
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Linux MultiMedia Studio (LMMS)-->C:\Program Files\LMMS 0.4.6\Uninstall.exe
Lockerz_Wave_Updater Toolbar-->C:\PROGRA~1\LOCKER~1\UNWISE.EXE /U C:\PROGRA~1\LOCKER~1\INSTALL.LOG
MagicScore-->"C:\Program Files\MagicScore Music Software\MagicScore School 6.x\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft GIF Animator-->C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3MyMP3 3.0-->"C:\Program Files\MP3MyMP3 3.0\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Creator 5-->"C:\Program Files\Cakewalk\Music Creator 5\unins000.exe"
Musicnotes Player-->C:\PROGRA~1\MUSICN~1\Player\musnotes.exe /u
Musicnotes Software Suite 1.1-->"C:\Program Files\Musicnotes\unins000.exe"
My Webcam Broadcaster-->MsiExec.exe /I{EBBFFDAB-A7D8-478A-B4A1-722744E883F0}
Native Instruments Battery 3-->D:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Notation Player 2.5.2-->C:\Program Files\Notation\Uninst_Notation Player 2.5.2.exe /U "C:\Program Files\Notation\Uninst_Notation Player 2.5.2.log"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409
Open Video Joiner version 3.3.0.0-->"C:\Program Files\VideoJoiner\unins000.exe"
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
PC Tools Firewall Plus 6.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
PCHand Screen Capture (GOTD Version) 1.8.0.2-->"C:\Program Files\PCHand Screen Capture\unins000.exe"
PCHand Screen Recorder (GOTD Version) 1.8.5.2-->"C:\Program Files\PCHand Screen Recorder\unins000.exe"
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Perfect Macro Recorder 2.00-->"C:\Program Files\Perfect Macro Recorder 2.0\unins000.exe"
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
picture-shark 1.0-->C:\Program Files\picture-shark\UnGins.exe "C:\Program Files\picture-shark\install.log"
PipPlus-->MsiExec.exe /I{28706B95-C23E-4949-A01A-64626724F43F}
Pixifex-->C:\Program Files\Goldshell\pxxuninst.exe
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PPTV V2.4.2.0013-->C:\Program Files\PPLive\PPTV\uninst.exe
Process Lasso-->"C:\Program Files\Process Lasso\uninstall.exe"
PTLens-->MsiExec.exe /I{EAFD442F-7DB8-4839-8D21-F761E8421B9F}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Race Driver 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A137D52E-FA96-4815-85F5-E7B8F66837DB}\setup.exe" -l0x9 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
RehanFX Shader Transitions and Effects (ShaderTFX)-->MsiExec.exe /I{F1D85517-6EAC-496A-965A-FA349036E74E}
Replay Music-->"C:\Windows\Replay Music\uninstall.exe" "/U:C:\Program Files\Replay Music 3\Uninstall\uninstall.xml"
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\setup.exe" -l0x9
Samplitude SE No.9 9.1.1.1 (US)-->C:\Program Files\MAGIX\Samplitude_SE_No9\instslct.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Serif WebPlus SE-->MsiExec.exe /X{6A5FE305-1147-400D-9795-8B80E693476A}
Sibelius 6 Demo-->MsiExec.exe /X{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}
Sky Player-->MsiExec.exe /X{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Sothink Logo Maker-->"C:\Program Files\SourceTec\Sothink Logo Maker\unins000.exe"
Sothink SWF Quicker-->"C:\Program Files\SourceTec\Sothink SWF Quicker\unins000.exe"
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Cubase 5-->MsiExec.exe /I{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}
Steinberg HALionOne Expression Set-->MsiExec.exe /I{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}
Steinberg HALionOne GM Drum Set-->MsiExec.exe /I{AC997F93-0757-4ED4-A701-F40C2D654D09}
Stellarium 0.10.2-->"C:\Program Files\Stellarium\unins000.exe"
StreamTorrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe"
Studio Instruments 1.0-->"C:\Program Files\Cakewalk\Studio Instruments\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tag&Rename 3.5.5-->"C:\Program Files\TagRename\unins000.exe"
Transmute v2.04-->MsiExec.exe /X{9A228FF0-552C-462E-8A57-DEC77421FC0E}
TubeHunter Media Center-->MsiExec.exe /X{CF4B1B79-AE4E-4C6C-8099-28F358063EDA}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
UltraSlideshow Flash Creator 1.22-->C:\Program Files\UltraSlideshow\uninst.exe
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Universal UVI Player 1.0.2.-->C:\Windows\unvise32.exe d:\cubase\Universal\uninstal.log
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18-->C:\Program Files\Common Files\uusee\uninst.exe
UUSee ÍøÂçµçÊÓ [4.8.307.11]-->C:\Program Files\uusee\uninstuusee.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Vegas Pro 9.0-->MsiExec.exe /X{56415658-366E-4E28-A6BD-68EC63E560E0}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Visual LightBox-->C:\Program Files\Visual LightBox\uninstall.exe
Wii Video 9 5.04-->D:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Winter Night 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Winter Night 3D Screensaver\unins000.exe"
WMV Joiner version 1.1-->"C:\Program Files\WMVJoiner\unins000.exe"
XBList-->MsiExec.exe /X{4E72E41A-A83A-447A-98AC-5AE16AFBD81C}
XnView 1.97-->"C:\Program Files\XnView\unins000.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YAMAHA Musicsoft Downloader 5-->C:\Program Files\InstallShield Installation Information\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}\setup.exe -runfromtemp -l0x0009 -removeonly
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"
YouTube Playlist Converter-->MsiExec.exe /I{6F62E665-AC12-4DE0-88AA-C6EE7F5DBAAB}
Zoner Photo Studio 12-->"C:\Program Files\Zoner\Photo Studio 12\unins000.exe" /SILENT
?????-->"C:\Program Files\Baidu\Toolbar\BaiduService.exe" /UninstallToolbar

======Hosts File======

127.0.0.1 www.cpalead.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: AlastairsLaptop
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0017C4600A38. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 43337
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091213231518.000000-000
Event Type: Warning
User:

Computer Name: AlastairsLaptop
Event Code: 6008
Message: The previous system shutdown at 00:19:17 on 14/12/2009 was unexpected.
Record Number: 43357
Source Name: EventLog
Time Written: 20091214081036.000000-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 126

Record Number: 43362
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091214081039.285371-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: AlastairsLaptop
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 43366
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091214081045.499375-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 43407
Source Name: Service Control Manager
Time Written: 20091214081105.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: AlastairsLaptop
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 8509
Source Name: Microsoft-Windows-WMI
Time Written: 20100712233317.000000-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 1000
Message: Faulting application dbhagent.exe, version 10.0.10.10685, time stamp 0x4b340c6b, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c, exception code 0xc0000005, fault offset 0x00038a2a, process id 0xf84, application start time 0x01cb221a947b42ce.
Record Number: 8519
Source Name: Application Error
Time Written: 20100712233445.000000-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 508
Message: Windows (3840) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 53780480 (0x000000000334a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (9794 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 8540
Source Name: ESENT
Time Written: 20100714152734.000000-000
Event Type: Warning
User:

Computer Name: AlastairsLaptop
Event Code: 10010
Message: Application 'C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe' (pid 5892) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 8543
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100714184006.249000-000
Event Type: Warning
User: AlastairsLaptop\Alastair

Computer Name: AlastairsLaptop
Event Code: 10010
Message: Application 'C:\Windows\explorer.exe' (pid 2152) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 8544
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100714184006.277000-000
Event Type: Warning
User: AlastairsLaptop\Alastair

=====Security event log=====

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714184443.498000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28524
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714184443.688000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28525
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714184443.883000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28526
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714184444.023000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28527
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100714184444.173000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\ImageMagick-6.5.9-Q16;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

CKScanner

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\download direct\byebye_by_gr\byebye_by_gr\crack\dld.exe
c:\users\alastair\documents\azureus downloads\sibelius 6.0.1 upgrade and crack.zip
c:\windows\prefetch\gpo_keygen.exe-0ffb5906.pf
scanner sequence 3.AB.11
----- EOF -----

I am keeping PC Tools Firewall Plus and Avast!, which are the only two I have running anyway.

My system is running smoothly, and the issues with the explorer.exe seem to have solved temporarily.

[turtledove]

Hi psychopiano,

Thanks for the logs. These will take some time to research, please be patient. I will be back as soon as possible.

Thank you

turtledove

[psychopiano]

Just thought you might want to see the Malwarebytes log, which detected the Trojan:

Malwarebytes' Anti-Malware 1.41
Database version: 3206
Windows 6.0.6001 Service Pack 1

09/07/2010 17:09:52
mbam-log-2010-07-09 (17-09-52).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 155787
Time elapsed: 48 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 45
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\baidubar.tool (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d12f94fa-fc9a-41f7-b808-7fbb419dd7a6} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{05d8df21-d546-4434-a289-dfaddb94ab19} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{29880c3b-f5d4-4018-b1c3-390d705663ae} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3050dfa4-790f-4620-9151-426389b6ebe4} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3299e5d3-9e45-4d79-88be-1853d16f78cf} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3b197b06-06c2-4065-ba7f-648be27fae4c} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{40680a28-1182-4753-b3d1-c99dfa993d01} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4c2bfec9-f03c-4f74-932e-5723e603b4ac} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d4de006-d38c-4d86-8383-a25304d006e7} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{52ce55d8-c53c-427d-8f67-c402e4249cd8} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5910207e-ee57-47b4-b68c-1d07e569c6ac} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{61daabb3-4458-416f-8bbd-0e35a2adc079} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741f4144-2899-4b31-a8cc-2a0efd9eaa51} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{75595d2a-a5ab-4480-bdd6-1157e4baee31} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d9bfc8a-3b7d-4352-8c22-cf7a5b09b206} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7ef05eff-0e62-4040-8d81-73a10d8de60f} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8261d28b-1d3a-4e72-90fd-e1fdb9badbfb} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{942d9e02-8384-452e-ac65-bf9bf50da254} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ada3d8a-7238-4aa2-b342-28be3a278ea0} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b602a534-b878-463a-9dd9-0b76ff3233bd} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b80b8410-85e5-46b9-b1bf-ac20ce5c8bf3} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b84b71a0-ebb8-4d1d-adcf-b6355dea8aea} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bc921b84-66b1-40f7-b15f-28578cce6249} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c3df940c-b88a-4866-bc6d-4419d048a68b} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c78b9769-51ff-4e6c-bcb7-5db8db5e84e3} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d158174c-004b-4a2e-9410-5442c10c60d2} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e413a618-b6b3-42da-ab8c-3740304bf0f2} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5807d19-db8c-41a1-963c-f7eb97d51ef7} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f92873a7-68bf-4e24-aee1-7575ca6a8e91} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc73df84-d242-41ef-b9cf-e99a8a4b17ad} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77fef28e-eb96-44ff-b511-3185dea48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e5d5d4a1-17f0-41d7-b1c6-0979f91e6f46} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubar.tool.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.bandie (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.bandie.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.toolband (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\baidubarx.toolband.1 (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b580cf65-e151-49c3-b73f-70b13fca8e86} (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Baidu\Toolbar\BaiduBarX.dll (Trojan.Cinmus) -> Quarantined and deleted successfully.

Just to add, the Trojan still appears as being present despite it saying it quarantined it.

[turtledove]

Hello psychopiano,

Thank you for the MBAM log. I would have asked to see that eventually. It is helpfull. Currently reviewing the three logs.
Be back asap.
In the meantime, please take care of the following:

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

c:\program files\download direct\byebye_by_gr\byebye_by_gr\crack\dld.exe
c:\users\alastair\documents\azureus downloads\sibelius 6.0.1 upgrade and crack.zip -->Delete Folder Azureus<--
c:\windows\prefetch\gpo_keygen.exe-0ffb5906.pf

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.

Thank you

turtledove

[psychopiano]

Hello psychopiano,

Thank you for the MBAM log. I would have asked to see that eventually. It is helpfull. Currently reviewing the three logs.
Be back asap.
In the meantime, please take care of the following:

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software and that you are actively using it.

c:\program files\download direct\byebye_by_gr\byebye_by_gr\crack\dld.exe
c:\users\alastair\documents\azureus downloads\sibelius 6.0.1 upgrade and crack.zip -->Delete Folder Azureus<--
c:\windows\prefetch\gpo_keygen.exe-0ffb5906.pf

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.
Please decide what you are going to do & let me know.

Thank you

turtledove

I've fully removed all the things you said above, and I've completely deleted Download Direct.

[turtledove]

Hello psychopiano,

Thank you for doing that.
Let's get a better look and see if we can eliminate anything remaining.

Please copy or print out these instructions for reference as you will not have internet during part of the fix.


Step 1

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  A guide to do this can be found here
  
• Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



** Enable your Antivirus and Firewall, before connecting to the Internet again! **



Step 2

RSIT (Random's System Information Tool)
Using /info switch

1. Ensure rsit.exe is on your desktop <--- Important!
2. Click the Windows Start > All programs > Accessories then Run
3. Copy/paste the following into the run box... then click OK
   "%userprofile%\desktop\rsit.exe" /info
4. Click Continue at the disclaimer screen
5. Once it has finished, two logs will open, log.txt <<will be maximized and info.txt <<will be minimized.
6. Copy & paste the contents of both logs in your next reply

Post
C:\ComboFix.txt
New C:\RSIT log.txt
New C:\RSIT info.txt

How is your system now? Still have the same slowness or any other new symptoms?


Thank you

turtledove

[psychopiano]

Hello psychopiano,

Thank you for doing that.
Let's get a better look and see if we can eliminate anything remaining.

Here is the ComboFix log:

ComboFix 10-07-15.01 - Alastair 15/07/2010 23:53:49.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.3000.1731 [GMT 1:00]
Running from: c:\users\Alastair\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alastair\AppData\Roaming\Microsoft\~DFK1d5545ef.tmp
c:\users\Alastair\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Alastair\AppData\Roaming\Microsoft\bass.dll
c:\users\Alastair\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Alastair\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Alastair\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Alastair\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Alastair\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\struct~.ini
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.

2010-07-15 23:05 . 2010-07-15 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-14 18:44 . 2010-07-14 18:44 -------- d-----w- C:\rsit
2010-07-14 12:29 . 2010-07-14 12:29 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-07-14 12:29 . 2006-10-04 13:13 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2010-07-14 12:29 . 2006-10-04 13:13 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2010-07-14 12:29 . 2006-10-04 13:13 1870336 ----a-w- c:\windows\system32\bconvert.dll
2010-07-13 08:12 . 2010-07-13 09:10 -------- d-----w- c:\users\Alastair\AppData\Roaming\XBList
2010-07-13 08:12 . 2010-07-13 08:12 -------- d-----w- c:\users\Alastair\AppData\Local\XBList
2010-07-10 16:58 . 2008-08-27 01:26 73088 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-10 16:57 . 2007-10-22 12:01 139264 ------w- c:\windows\Vmix106.dll
2010-07-10 16:57 . 2008-05-20 10:18 221184 ------w- c:\windows\system\cm106eye.exe
2010-07-10 16:57 . 2006-09-13 05:08 491520 ------w- c:\windows\system\cmau106.dll
2010-07-10 16:57 . 2009-12-21 17:57 557056 ------w- c:\windows\system32\Cmeau106.exe
2010-07-10 16:56 . 2008-10-14 02:17 1501696 ----a-w- c:\windows\system32\drivers\CM106.sys
2010-07-10 16:56 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\fltr106.dll
2010-07-10 16:56 . 2009-12-21 17:57 303104 ------w- c:\windows\system32\CmiInstallResAll.dll
2010-07-09 17:06 . 2010-07-13 08:16 -------- d-----w- c:\programdata\Yahoo! Companion
2010-07-09 17:06 . 2010-07-09 17:06 -------- d-----w- c:\users\Alastair\AppData\Roaming\Yahoo!
2010-07-09 17:06 . 2010-07-09 17:06 -------- d-----w- c:\program files\Yahoo!
2010-07-09 16:30 . 2010-07-09 16:30 388096 ----a-r- c:\users\Alastair\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 16:30 . 2010-07-14 18:44 -------- d-----w- c:\program files\Trend Micro
2010-07-09 16:19 . 2010-07-09 16:19 -------- d-----w- c:\program files\BHODemon 2
2010-07-09 14:01 . 2002-12-01 12:57 593920 ----a-w- c:\windows\system32\libeay32.dll
2010-07-08 21:51 . 2010-07-08 21:51 -------- d-----w- c:\programdata\WindowsSearch
2010-07-03 12:43 . 2005-05-23 11:59 3645440 ----a-w- c:\windows\system32\Forest Life 3D Screensaver.scr
2010-06-29 10:32 . 2010-06-29 10:33 21 ---h--w- c:\users\Alastair\AppData\Local\xftredahs.dat
2010-06-28 23:02 . 2010-06-28 23:06 -------- d-----w- c:\program files\RehanFX
2010-06-24 02:02 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 02:02 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 02:02 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 02:02 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 02:02 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 07:34 . 2010-04-16 16:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 07:34 . 2010-04-16 14:17 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-21 09:58 . 2010-06-21 09:58 -------- d-----w- c:\users\Alastair\AppData\Roaming\gtk-2.0
2010-06-21 09:58 . 2010-06-21 09:58 -------- d-----w- c:\users\Alastair\.thumbnails
2010-06-20 22:24 . 2010-06-21 10:01 -------- d-----w- c:\users\Alastair\.gimp-2.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 23:05 . 2009-12-19 15:47 -------- d-----w- c:\programdata\Kontiki
2010-07-15 02:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 21:33 . 2009-11-20 22:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 18:41 . 2008-05-14 12:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 18:36 . 2009-09-18 16:43 -------- d-----w- c:\users\Alastair\AppData\Roaming\uTorrent
2010-07-14 17:58 . 2010-05-09 00:57 -------- d-----w- c:\users\Alastair\AppData\Roaming\Media Player Classic
2010-07-14 07:51 . 2009-09-17 16:39 -------- d-----w- c:\users\Alastair\AppData\Roaming\Spotify
2010-07-13 16:32 . 2010-01-12 19:44 -------- d-----w- c:\program files\JDownloader
2010-07-13 09:35 . 2010-01-01 17:01 -------- d-----w- c:\program files\BitComet
2010-07-11 22:30 . 2009-09-16 19:40 5972 ----a-w- c:\users\Alastair\AppData\Local\d3d9caps.dat
2010-07-10 17:00 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-09 17:06 . 2009-12-11 23:43 -------- d-----w- c:\program files\CCleaner
2010-06-30 11:28 . 2009-09-23 17:11 -------- d-----w- c:\users\Alastair\AppData\Roaming\Audacity
2010-06-29 22:48 . 2009-12-27 00:42 -------- d-----w- c:\users\Alastair\AppData\Roaming\Icevc
2010-06-27 09:47 . 2010-03-14 22:15 13450256 ----a-w- c:\users\Alastair\AppData\Roaming\PPLive\PPTV\Update\PPTV_Update.exe
2010-06-25 02:02 . 2008-05-15 05:33 -------- d-----w- c:\program files\Microsoft.NET
2010-06-21 16:09 . 2009-09-21 21:19 -------- d-----w- c:\users\Alastair\AppData\Roaming\FileZilla
2010-06-20 00:22 . 2009-10-23 19:52 -------- d-----w- c:\program files\Flickr Uploadr
2010-06-14 10:18 . 2010-06-14 10:17 -------- d-----w- c:\program files\Video to Picture
2010-06-12 01:18 . 2010-06-12 01:18 -------- d-----w- c:\program files\FFmpeg for Audacity
2010-06-10 02:38 . 2009-12-22 10:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-10 02:18 . 2008-05-15 05:32 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 16:44 . 2010-06-07 16:44 -------- d-----w- c:\program files\blinkbox
2010-06-06 16:29 . 2010-01-05 20:46 -------- d-----w- c:\users\Alastair\AppData\Roaming\Publish Providers
2010-06-06 16:19 . 2010-06-06 16:19 -------- d-----w- c:\program files\Jodix Video MP3 Extractor
2010-06-01 15:49 . 2010-06-01 15:49 -------- d-----w- c:\users\Alastair\AppData\Roaming\Red Kawa
2010-06-01 15:30 . 2010-06-01 15:30 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-01 13:34 . 2010-01-13 18:35 16 ----a-w- c:\windows\msocreg32.dat
2010-06-01 13:28 . 2010-06-01 13:18 -------- d-----w- c:\users\Alastair\AppData\Roaming\InfraRecorder
2010-06-01 13:19 . 2010-06-01 13:18 -------- d-----w- c:\program files\InfraRecorder
2010-06-01 13:17 . 2010-05-31 14:28 -------- d-----w- c:\users\Alastair\AppData\Roaming\DVD Flick
2010-06-01 13:16 . 2010-06-01 13:16 -------- d-----w- c:\program files\DVD Decrypter
2010-06-01 10:52 . 2010-06-01 10:44 -------- d-----w- c:\users\Alastair\AppData\Roaming\ImgBurn
2010-06-01 10:46 . 2010-06-01 10:46 -------- d-----w- c:\programdata\LightScribe
2010-06-01 10:33 . 2010-06-01 10:33 -------- d-----w- c:\program files\ImgBurn
2010-06-01 09:35 . 2010-06-01 09:35 -------- d-----w- c:\program files\vso
2010-05-31 14:28 . 2010-05-31 14:27 -------- d-----w- c:\program files\DVD Flick
2010-05-31 14:18 . 2010-05-31 14:18 -------- d-----w- c:\program files\WMVJoiner
2010-05-31 14:15 . 2010-05-31 14:15 -------- d-----w- c:\program files\VideoJoiner
2010-05-31 14:10 . 2010-05-31 14:10 -------- d-----w- c:\users\Alastair\AppData\Roaming\Canneverbe Limited
2010-05-31 14:10 . 2010-05-31 14:10 -------- d-----w- c:\programdata\Canneverbe Limited
2010-05-31 14:10 . 2010-05-31 14:10 -------- d-----w- c:\program files\CDBurnerXP
2010-05-31 12:50 . 2008-05-15 05:52 -------- d-----w- c:\programdata\CyberLink
2010-05-31 12:50 . 2010-05-31 12:50 -------- d-----w- c:\users\Alastair\AppData\Roaming\CyberLink
2010-05-31 12:42 . 2010-05-31 12:42 -------- d-----w- c:\users\Alastair\AppData\Roaming\AVS4YOU
2010-05-31 12:42 . 2010-05-31 12:39 -------- d-----w- c:\programdata\AVS4YOU
2010-05-31 12:42 . 2010-05-31 12:39 -------- d-----w- c:\program files\AVS4YOU
2010-05-31 12:41 . 2010-05-31 12:40 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-05-27 09:12 . 2010-05-27 09:12 -------- d-----w- c:\program files\TechSmith
2010-05-27 08:55 . 2010-05-27 08:54 -------- d-----w- c:\program files\Freecorder
2010-05-26 16:16 . 2010-06-09 22:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-09 22:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 09:53 . 2010-05-26 09:45 -------- d-----w- c:\users\Alastair\AppData\Roaming\Aston2
2010-05-26 09:45 . 2010-05-26 09:45 -------- d-----r- c:\program files\Aston2
2010-05-23 18:47 . 2010-05-23 18:47 -------- d-----w- c:\program files\3D Waterfall Screensaver
2010-05-21 21:44 . 2010-05-21 21:43 -------- d-----w- c:\users\Alastair\AppData\Roaming\ProcessLasso
2010-05-21 21:44 . 2010-05-21 21:43 -------- d-----w- c:\program files\Process Lasso
2010-05-21 13:14 . 2009-11-21 11:57 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 16:39 . 2010-05-19 16:39 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-19 16:39 . 2010-05-19 16:39 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-19 16:39 . 2010-05-19 16:39 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-19 16:39 . 2010-05-19 16:39 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-19 16:39 . 2010-05-19 16:39 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-19 16:39 . 2010-05-19 16:39 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-19 16:39 . 2010-05-19 16:39 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-19 16:39 . 2010-05-19 16:39 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-19 16:39 . 2010-05-19 16:39 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-19 16:39 . 2010-05-19 16:37 -------- d-----w- c:\program files\Common Files\Real
2010-05-19 16:39 . 2010-05-19 16:38 -------- d-----w- c:\program files\Real
2010-05-19 16:38 . 2010-05-19 16:38 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-04 05:59 . 2010-06-09 22:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 22:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 22:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 22:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-09 22:46 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2009-11-21 12:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-11-21 12:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 22:43 . 2010-04-28 22:43 90126 ----a-r- c:\users\Alastair\AppData\Roaming\Microsoft\Installer\{CF4B1B79-AE4E-4C6C-8099-28F358063EDA}\ARPPRODUCTICON.exe
2010-04-28 22:43 . 2010-04-28 22:43 131072 ----a-r- c:\users\Alastair\AppData\Roaming\Microsoft\Installer\{CF4B1B79-AE4E-4C6C-8099-28F358063EDA}\NewShortcut11_CF4B1B79AE4E4C6C809928F358063EDA_1.exe
2010-04-28 22:43 . 2010-04-28 22:43 131072 ----a-r- c:\users\Alastair\AppData\Roaming\Microsoft\Installer\{CF4B1B79-AE4E-4C6C-8099-28F358063EDA}\NewShortcut1_CF4B1B79AE4E4C6C809928F358063EDA_1.exe
2010-04-28 22:16 . 2010-04-28 22:16 655360 ----a-w- c:\users\Alastair\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-04-28 22:16 . 2010-04-28 22:16 282624 ----a-w- c:\users\Alastair\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-04-28 22:16 . 2010-04-28 22:16 208896 ----a-w- c:\users\Alastair\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-04-23 13:55 . 2010-05-26 09:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-15 23:19 . 2009-12-15 23:20 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2002-07-31 18:55 . 2010-01-28 19:25 106 --sh--w- c:\windows\WSYS049.SYS
2009-07-09 19:41 . 2009-07-09 19:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0d6451b1-a91e-435e-ba58-134ec4797456}"= "c:\program files\Lockerz_Wave_Updater\tbLock.dll" [2010-03-17 2355224]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{0d6451b1-a91e-435e-ba58-134ec4797456}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d6451b1-a91e-435e-ba58-134ec4797456}]
2010-03-17 15:45 2355224 ----a-w- c:\program files\Lockerz_Wave_Updater\tbLock.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0d6451b1-a91e-435e-ba58-134ec4797456}"= "c:\program files\Lockerz_Wave_Updater\tbLock.dll" [2010-03-17 2355224]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{0d6451b1-a91e-435e-ba58-134ec4797456}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0D6451B1-A91E-435E-BA58-134EC4797456}"= "c:\program files\Lockerz_Wave_Updater\tbLock.dll" [2010-03-17 2355224]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{0d6451b1-a91e-435e-ba58-134ec4797456}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 68856]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-02-04 173512]
"PPLiveVA"="c:\program files\PPLive\PPVA\PPLiveVA.exe" [2009-12-30 71152]
"Aston2"="c:\program files\Aston2\Aston2.exe" [2010-05-24 211968]
"XBList"="d:\program files\XBList\XBList.exe" [2009-09-20 425984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-18 3168216]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"DBHAgent"="c:\program files\Paragon Software\System Backup 2010\program\dbhagent.exe" [2010-01-11 68112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-19 202256]
"ProcessLassoManagementConsole"="c:\program files\Process Lasso\processlasso.exe" [2010-05-19 414736]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2010-05-19 252944]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2009-11-15 158752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\users\Alastair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BHODemon 2.0.lnk - c:\program files\BHODemon 2\BHODemon.exe [2005-6-19 946176]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-2-11 504832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2009-12-28 09:24 2940664 ----a-w- c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 05:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-15 23:19 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 20:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
2007-06-02 15:59 1457152 ----a-w- c:\program files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-29 12:01 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-16 17:11 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-12-23 19:18 2642168 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-06-17 11:44 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-15 30192]
R3 MagixASIODrv;MAGIX_ASIO_BoostDriver;c:\program files\MAGIX\Samplitude_SE_No9\mxasio.sys [2002-04-16 4899]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-01-18 32680]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2008-10-14 1501696]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-11 40560]
S1 aswSP;avast! Self Protection; [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-11-18 29520]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-01-18 233136]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-01-18 88040]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
S3 Paragon System Backup Service;Paragon System Backup Service;c:\program files\Paragon Software\System Backup 2010\program\dbhservice.exe [2010-01-11 109072]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-18 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-01-18 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-01-18 115216]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-04 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-04 25704]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:32]

2010-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 20:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1060933
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: live.com\login
Trusted Zone: xbox.com\live
FF - ProfilePath - c:\users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\wu1xds8y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT10609 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 1060933&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\wu1xds8y.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll
FF - component: c:\users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\wu1xds8y.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll
FF - component: c:\users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\wu1xds8y.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\wu1xds8y.default\extensions\{a76cf383-7263-4a74-acdb-5610b6024f92}\components\FFExternalAlert.dll
FF - component: c:\users\Alastair\AppData\Roaming\Mozilla\Firefox\Profiles\wu1xds8y.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Cm106Sound - cm106.cpl
MSConfigStartUp-DLD - c:\program files\Download Direct\DLD.exe
AddRemove-{30F8B542-330F-4B99-9813-7A6C5283D212}_is1 - g:\program files\iCare Data Recovery Software\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-16 00:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-16 00:10:13
ComboFix-quarantined-files.txt 2010-07-15 23:10

Pre-Run: 4,985,741,312 bytes free
Post-Run: 4,832,690,176 bytes free

- - End Of File - - 6A575D8FE9094EBDD7244E781D00D91D

[psychopiano]

And now RSIT:

info.txt

info.txt logfile of random's system information tool 1.08 2010-07-16 00:38:19

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
1-Click YouTube To MP3 Converter 2.2-->"C:\Program Files\1-Click YouTube To MP3 Converter\unins000.exe"
3D Waterfall Screensaver 1.0-->"C:\Program Files\3D Waterfall Screensaver\unins000.exe"
5.1CH USB Audio-->C:\Windows\System32\Cmeau106.exe /rm /pusb106
7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Arcade Deluxe-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Lightroom 2.4-->MsiExec.exe /I{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Agere Systems HDA Modem-->agrsmdel
Aimersoft Media Converter(Build 1.3.1.0)-->"C:\Program Files\Aimersoft\Media Converter\unins000.exe"
Air Mouse Server-->MsiExec.exe /I{EE18E5E3-9929-4A7C-AA08-E0AEC2FEA75C}
AmpliTube X-GEAR-->C:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Aston 2.0.0-->C:\Program Files\Aston2\uninst.exe
Astro Gemini Screensaver Manager 2.0-->"C:\Program Files\Astro Gemini Software\Screensaver Manager 2.0\unins000.exe"
Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Audio Creator LE 1.5-->"C:\Program Files\Cakewalk\Audio Creator LE\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.4-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Backspin Billiards-->"C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log"
BHODemon 2.0.0.23-->"C:\Program Files\BHODemon 2\unins000.exe"
Big Kahuna Reef-->"C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log"
BitComet 1.17-->C:\Program Files\BitComet\uninst.exe
blinkbox Download Manager-->MsiExec.exe /I{E151EE9D-2A4E-4DDB-90EA-F40F8DAFDCD5}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BpmChecker-->c:\program files\BpmChecker\Uninstal.exe
Cakewalk Sound Center 1.0.0-->"C:\Program Files\Cakewalk\Cakewalk Sound Center\unins000.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Christmas 3D Screensaver 1.0-->"C:\Program Files\Christmas 3D Screensaver\unins000.exe"
Christmas Eve Scene 3D Screensaver 3.0-->C:\Program Files\ScenicReflections\Christmas Eve Scene 3D Screensaver\uninst.exe
CoffeeCup Visual Site Designer Software-->C:\Program Files\CoffeeCup Software\CoffeeCup Visual Site Designer\uninstall.exe
Cucusoft iPhone Ringtone Maker 2.4.4-->"C:\Program Files\Cucusoft\iPhoneRingtoneMaker\unins000.exe"
Cucusoft YouTube Mate 7.17-->"C:\Program Files\Cucusoft\YouTube-Mate\unins000.exe"
Debut Video Capture Software-->C:\Program Files\NCH Software\Debut\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
Dorgem 2.1.0-->"C:\Program Files\Dorgem\unins000.exe"
Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
DubIt-->C:\Program Files\TechSmith\DubIt\DIuninst.EXE
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Rebuilder-->"D:\Program Files\DVD-RB\unins000.exe"
EA SPORTS(TM) FIFA Online-->MsiExec.exe /X{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}
EASEUS Data Recovery Wizard 5.0.1-->"C:\Program Files\EASEUS\EASEUS Data Recovery Wizard 5.0.1\unins000.exe"
Edirol HQ Orchestral v1.01-->C:\PROGRA~1\Edirol\ORCHES~1\UNWISE.EXE C:\PROGRA~1\Edirol\ORCHES~1\INSTALL.LOG
eLicenser Control-->C:\PROGRA~1\ELICEN~1\UNWISE.EXE C:\PROGRA~1\ELICEN~1\INSTALL.LOG
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
ExifCleaner 1.2-->C:\Program Files\SuperUtils.com\ExifCleaner\uninst.exe
EZBack-it-up 2.0.1-->"C:\Program Files\EZBackitup\unins000.exe"
FFmpeg for Audacity on Windows-->"C:\Program Files\FFmpeg for Audacity\unins000.exe"
FILEminimizer Pictures-->"C:\Program Files\FILEminimizer Pictures\unins000.exe"
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
Flickr Uploadr 3.2.1-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
Flip Words 2-->"C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log"
Football Manager 2010 Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/34110
Forest Life 3D Screensaver 1.2-->"D:\Program Files\Forest Life 3D Screensaver\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Freecorder 4.0 Application-->"C:\Windows\Freecorder\uninstall.exe" "/U:C:\Program Files\Freecorder\Uninstall\uninstall.xml"
Freecorder Toolbar-->C:\PROGRA~1\FREECO~1\UNWISE.EXE /U C:\PROGRA~1\FREECO~1\INSTALL.LOG
Garritan Personal Orchestra-->D:\PROGRA~1\GARRIT~1\UNWISE.EXE D:\PROGRA~1\GARRIT~1\INSTALL.LOG
GigaPan Upload 1.0.0825-->MsiExec.exe /I{5DF6DF2C-455C-4AB6-A288-71CFD42FA952}
GIMP 2.6.8-->"D:\Program Files\GIMP-2.0\setup\unins000.exe"
Gold Fish Animated Wallpaper version 1.0-->"C:\Program Files\Gold Fish Animated Wallpaper\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.99\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Icepine Video Converter Pro 2-->"C:\Program Files\Icevc\unins000.exe"
ImageMagick 6.5.9-5 Q16 (2010-02-15)-->"C:\Program Files\ImageMagick-6.5.9-Q16\unins000.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Inpaint 2.4-->"D:\Program Files\Inpaint\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
InterLok Driver Kit-->MsiExec.exe /X{DA710550-08C4-4845-A151-21D6DC9ED6D1}
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Jalbum-->MsiExec.exe /I{CDADBC57-1ED9-4D50-BFA9-315EAC04A2FE}
James Bond 007: Nightfire Demo-->C:\PROGRA~1\EAGAME~1\NIGHTF~1\UNWISE.EXE C:\PROGRA~1\EAGAME~1\NIGHTF~1\INSTALL.LOG
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
Jodix Video MP3 Extractor 1.12-->"C:\Program Files\Jodix Video MP3 Extractor\unins000.exe"
K-Lite Codec Pack 5.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
LG MC USB U330 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}\setup.exe" -l0x9 -removeonly
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Linux MultiMedia Studio (LMMS)-->C:\Program Files\LMMS 0.4.6\Uninstall.exe
Lockerz_Wave_Updater Toolbar-->C:\PROGRA~1\LOCKER~1\UNWISE.EXE /U C:\PROGRA~1\LOCKER~1\INSTALL.LOG
MagicScore-->"C:\Program Files\MagicScore Music Software\MagicScore School 6.x\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft GIF Animator-->C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3MyMP3 3.0-->"C:\Program Files\MP3MyMP3 3.0\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music Creator 5-->"C:\Program Files\Cakewalk\Music Creator 5\unins000.exe"
Musicnotes Player-->C:\PROGRA~1\MUSICN~1\Player\musnotes.exe /u
Musicnotes Software Suite 1.1-->"C:\Program Files\Musicnotes\unins000.exe"
My Webcam Broadcaster-->MsiExec.exe /I{EBBFFDAB-A7D8-478A-B4A1-722744E883F0}
Native Instruments Battery 3-->D:\PROGRA~1\NATIVE~1\BATTER~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\BATTER~1\INSTALL.LOG
Notation Player 2.5.2-->C:\Program Files\Notation\Uninst_Notation Player 2.5.2.exe /U "C:\Program Files\Notation\Uninst_Notation Player 2.5.2.log"
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0409
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0409
Open Video Joiner version 3.3.0.0-->"C:\Program Files\VideoJoiner\unins000.exe"
Orion-->MsiExec.exe /X{5B63A470-9334-44D1-AF61-6CE2DB565AE9}
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
PC Tools Firewall Plus 6.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
PCHand Screen Capture (GOTD Version) 1.8.0.2-->"C:\Program Files\PCHand Screen Capture\unins000.exe"
PCHand Screen Recorder (GOTD Version) 1.8.5.2-->"C:\Program Files\PCHand Screen Recorder\unins000.exe"
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Perfect Macro Recorder 2.00-->"C:\Program Files\Perfect Macro Recorder 2.0\unins000.exe"
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
picture-shark 1.0-->C:\Program Files\picture-shark\UnGins.exe "C:\Program Files\picture-shark\install.log"
PipPlus-->MsiExec.exe /I{28706B95-C23E-4949-A01A-64626724F43F}
Pixifex-->C:\Program Files\Goldshell\pxxuninst.exe
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PPTV V2.4.2.0013-->C:\Program Files\PPLive\PPTV\uninst.exe
Process Lasso-->"C:\Program Files\Process Lasso\uninstall.exe"
PTLens-->MsiExec.exe /I{EAFD442F-7DB8-4839-8D21-F761E8421B9F}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Race Driver 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A137D52E-FA96-4815-85F5-E7B8F66837DB}\setup.exe" -l0x9 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0009 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
RehanFX Shader Transitions and Effects (ShaderTFX)-->MsiExec.exe /I{F1D85517-6EAC-496A-965A-FA349036E74E}
Replay Music-->"C:\Windows\Replay Music\uninstall.exe" "/U:C:\Program Files\Replay Music 3\Uninstall\uninstall.xml"
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\setup.exe" -l0x9
Samplitude SE No.9 9.1.1.1 (US)-->C:\Program Files\MAGIX\Samplitude_SE_No9\instslct.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Serif WebPlus SE-->MsiExec.exe /X{6A5FE305-1147-400D-9795-8B80E693476A}
Sibelius 6 Demo-->MsiExec.exe /X{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}
Sky Player-->MsiExec.exe /X{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Sothink Logo Maker-->"C:\Program Files\SourceTec\Sothink Logo Maker\unins000.exe"
Sothink SWF Quicker-->"C:\Program Files\SourceTec\Sothink SWF Quicker\unins000.exe"
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Cubase 5-->MsiExec.exe /I{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}
Steinberg HALionOne Expression Set-->MsiExec.exe /I{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}
Steinberg HALionOne GM Drum Set-->MsiExec.exe /I{AC997F93-0757-4ED4-A701-F40C2D654D09}
Stellarium 0.10.2-->"C:\Program Files\Stellarium\unins000.exe"
StreamTorrent 1.0-->"C:\Program Files\StreamTorrent 1.0\uninstall.exe"
Studio Instruments 1.0-->"C:\Program Files\Cakewalk\Studio Instruments\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tag&Rename 3.5.5-->"C:\Program Files\TagRename\unins000.exe"
Transmute v2.04-->MsiExec.exe /X{9A228FF0-552C-462E-8A57-DEC77421FC0E}
TubeHunter Media Center-->MsiExec.exe /X{CF4B1B79-AE4E-4C6C-8099-28F358063EDA}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
UltraSlideshow Flash Creator 1.22-->C:\Program Files\UltraSlideshow\uninst.exe
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Universal UVI Player 1.0.2.-->C:\Windows\unvise32.exe d:\cubase\Universal\uninstal.log
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
UUSee ²¥·Å²å¼þ»ù´¡°ü 4.8.306.18-->C:\Program Files\Common Files\uusee\uninst.exe
UUSee ÍøÂçµçÊÓ [4.8.307.11]-->C:\Program Files\uusee\uninstuusee.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
Vegas Pro 9.0-->MsiExec.exe /X{56415658-366E-4E28-A6BD-68EC63E560E0}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Visual LightBox-->C:\Program Files\Visual LightBox\uninstall.exe
Wii Video 9 5.04-->D:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Winter Night 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Winter Night 3D Screensaver\unins000.exe"
WMV Joiner version 1.1-->"C:\Program Files\WMVJoiner\unins000.exe"
XBList-->MsiExec.exe /X{4E72E41A-A83A-447A-98AC-5AE16AFBD81C}
XnView 1.97-->"C:\Program Files\XnView\unins000.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YAMAHA Musicsoft Downloader 5-->C:\Program Files\InstallShield Installation Information\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}\setup.exe -runfromtemp -l0x0009 -removeonly
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"
YouTube Playlist Converter-->MsiExec.exe /I{6F62E665-AC12-4DE0-88AA-C6EE7F5DBAAB}
Zoner Photo Studio 12-->"C:\Program Files\Zoner\Photo Studio 12\unins000.exe" /SILENT
?????-->"C:\Program Files\Baidu\Toolbar\BaiduService.exe" /UninstallToolbar

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: AlastairsLaptop
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0017C4600A38. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 43337
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091213231518.000000-000
Event Type: Warning
User:

Computer Name: AlastairsLaptop
Event Code: 6008
Message: The previous system shutdown at 00:19:17 on 14/12/2009 was unexpected.
Record Number: 43357
Source Name: EventLog
Time Written: 20091214081036.000000-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 10000
Message: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 126

Record Number: 43362
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091214081039.285371-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: AlastairsLaptop
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 43366
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091214081045.499375-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 43407
Source Name: Service Control Manager
Time Written: 20091214081105.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: AlastairsLaptop
Event Code: 10010
Message: Application 'C:\Windows\explorer.exe' (pid 2152) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 8544
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100714184006.277000-000
Event Type: Warning
User: AlastairsLaptop\Alastair

Computer Name: AlastairsLaptop
Event Code: 1002
Message: The program CKScanner.exe version 1.6.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2480 Start Time: 01cb2385d86d85f0 Termination Time: 4
Record Number: 8558
Source Name: Application Hang
Time Written: 20100714185409.000000-000
Event Type: Error
User:

Computer Name: AlastairsLaptop
Event Code: 508
Message: Windows (5616) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 34816000 (0x0000000002134000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (13197 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 8572
Source Name: ESENT
Time Written: 20100715161436.000000-000
Event Type: Warning
User:

Computer Name: AlastairsLaptop
Event Code: 507
Message: wlcomm (6636) C:\Users\Alastair\AppData\Local\Microsoft\Windows Live Contacts\{59d02db5-1571-4982-a040-42ecef87153f}\: A request to read from the file "C:\Users\Alastair\AppData\Local\Microsoft\Windows Live Contacts\{59d02db5-1571-4982-a040-42ecef87153f}\DBStore\contacts.edb" at offset 3899392 (0x00000000003b8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (13197 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 8573
Source Name: ESENT
Time Written: 20100715161437.000000-000
Event Type: Warning
User:

Computer Name: AlastairsLaptop
Event Code: 1000
Message: Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6, faulting module MSVCR71.dll, version 7.10.3052.4, time stamp 0x3e561eac, exception code 0xc00000fd, fault offset 0x00009638, process id 0x9fc, application start time 0x01cb23799a5a1140.
Record Number: 8579
Source Name: Application Error
Time Written: 20100715224512.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28630
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100715233814.159000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28631
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100715233814.300000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28632
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100715233814.444000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28633
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100715233814.591000-000
Event Type: Audit Failure
User:

Computer Name: AlastairsLaptop
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 28634
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100715233814.732000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ImageMagick-6.5.9-Q16;C:\Program Files\Acer\Empowering Technology\eDataSecurity;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

and log.txt

Logfile of random's system information tool 1.08 (written by random/random)
Run by Alastair at 2010-07-16 00:38:03
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 5 GB (7%) free of 71 GB
Total RAM: 3000 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:38:15, on 16/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alastair\Desktop\RSIT.exe
C:\Program Files\trend micro\Alastair.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1060933
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5735
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Lockerz Wave Updater Toolbar - {0d6451b1-a91e-435e-ba58-134ec4797456} - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010\program\dbhagent.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PPAP] "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" -background
O4 - HKCU\..\Run: [PPLiveVA] C:\Program Files\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [Aston2] "C:\Program Files\Aston2\Aston2.exe"
O4 - HKCU\..\Run: [XBList] D:\Program Files\XBList\XBList.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: Air Mouse.lnk = C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O15 - Trusted Zone: login.live.com
O15 - Trusted Zone: live.xbox.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Paragon System Backup Service - Paragon Software Group - C:\Program Files\Paragon Software\System Backup 2010\program\dbhservice.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 15379 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d6451b1-a91e-435e-ba58-134ec4797456}]
Lockerz Wave Updater Toolbar - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-05-19 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll [2009-07-16 664888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-01 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-16 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
{0d6451b1-a91e-435e-ba58-134ec4797456} - Lockerz Wave Updater Toolbar - C:\Program Files\Lockerz_Wave_Updater\tbLock.dll [2010-03-17 2355224]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2009-11-09 2331672]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"ArcadeDeluxeAgent"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-04-11 147456]
"CLMLServer"=C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-04-11 167936]
"PlayMovie"=C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-04-18 167936]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-17 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-17 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-17 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-09-10 809480]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-11 409600]
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2010-01-18 3168216]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-10-21 1032640]
"DBHAgent"=C:\Program Files\Paragon Software\System Backup 2010\program\dbhagent.exe [2010-01-11 68112]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-05-19 202256]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-05-19 414736]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-05-19 252944]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2009-11-15 158752]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-10-21 1032640]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-16 68856]
"PPAP"=C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe [2010-02-04 173512]
"PPLiveVA"=C:\Program Files\PPLive\PPVA\PPLiveVA.exe [2009-12-30 71152]
"Aston2"=C:\Program Files\Aston2\Aston2.exe [2010-05-24 211968]
"XBList"=D:\Program Files\XBList\XBList.exe [2009-09-20 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2009-12-28 2940664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-07 34040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-16 30192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-10-29 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-09-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-12-23 2642168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

C:\Users\Alastair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BHODemon 2.0.lnk - C:\Program Files\BHODemon 2\BHODemon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr"
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-16 00:10:20 ----SHD---- C:\$RECYCLE.BIN
2010-07-16 00:10:16 ----D---- C:\Windows\temp
2010-07-16 00:10:14 ----A---- C:\ComboFix.txt
2010-07-15 23:50:58 ----A---- C:\Windows\zip.exe
2010-07-15 23:50:58 ----A---- C:\Windows\SWSC.exe
2010-07-15 23:50:58 ----A---- C:\Windows\SWREG.exe
2010-07-15 23:50:58 ----A---- C:\Windows\sed.exe
2010-07-15 23:50:58 ----A---- C:\Windows\PEV.exe
2010-07-15 23:50:58 ----A---- C:\Windows\NIRCMD.exe
2010-07-15 23:50:58 ----A---- C:\Windows\MBR.exe
2010-07-15 23:50:58 ----A---- C:\Windows\grep.exe
2010-07-15 23:50:50 ----D---- C:\Windows\ERDNT
2010-07-15 23:50:48 ----D---- C:\ComboFix
2010-07-15 23:49:01 ----D---- C:\Qoobox
2010-07-15 23:48:28 ----A---- C:\Windows\SWXCACLS.exe
2010-07-15 23:48:24 ----D---- C:\32788R22FWJFW
2010-07-14 22:33:45 ----A---- C:\mbam-error.txt
2010-07-14 19:44:11 ----D---- C:\rsit
2010-07-14 13:29:54 ----D---- C:\Program Files\Common Files\Native Instruments
2010-07-14 13:29:26 ----A---- C:\Windows\system32\NI_IRC_1_2.dll
2010-07-14 13:29:26 ----A---- C:\Windows\system32\NI_DFD_1_5.dll
2010-07-14 13:29:25 ----A---- C:\Windows\system32\bconvert.dll
2010-07-13 09:12:30 ----D---- C:\Users\Alastair\AppData\Roaming\XBList
2010-07-10 17:58:51 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2010-07-10 17:57:45 ----N---- C:\Windows\Vmix106.dll
2010-07-10 17:57:38 ----A---- C:\Windows\Cm106.ini.cfl
2010-07-10 17:57:33 ----N---- C:\Windows\system32\Cmeau106.exe
2010-07-10 17:56:37 ----A---- C:\Windows\system32\drivers\CM106.sys
2010-07-10 17:56:33 ----N---- C:\Windows\system32\CmiInstallResAll.dll
2010-07-10 17:56:33 ----N---- C:\Windows\Cm106.ini.cfg
2010-07-10 17:56:33 ----A---- C:\Windows\Cm106.ini.imi
2010-07-09 18:06:46 ----D---- C:\Users\Alastair\AppData\Roaming\Yahoo!
2010-07-09 18:06:46 ----D---- C:\ProgramData\Yahoo! Companion
2010-07-09 18:06:44 ----D---- C:\Program Files\Yahoo!
2010-07-09 17:30:15 ----D---- C:\Program Files\Trend Micro
2010-07-09 17:19:12 ----D---- C:\Program Files\BHODemon 2
2010-07-09 15:01:07 ----A---- C:\Windows\system32\libeay32.dll
2010-07-08 22:51:17 ----D---- C:\ProgramData\WindowsSearch
2010-06-29 00:02:31 ----D---- C:\Program Files\RehanFX
2010-06-28 23:58:49 ----A---- C:\Rebuilder.ini
2010-06-28 23:58:49 ----A---- C:\Installer.txt
2010-06-24 03:02:08 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 03:02:08 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 03:02:08 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 03:02:07 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 03:02:07 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 08:34:21 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 08:34:20 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-21 10:58:44 ----D---- C:\Users\Alastair\AppData\Roaming\gtk-2.0

======List of files/folders modified in the last 1 months======

2010-07-16 00:38:02 ----D---- C:\ProgramData\Kontiki
2010-07-16 00:10:16 ----D---- C:\Windows
2010-07-16 00:05:21 ----A---- C:\Windows\system.ini
2010-07-16 00:05:09 ----D---- C:\Windows\system32\drivers\etc
2010-07-16 00:04:12 ----SD---- C:\Users\Alastair\AppData\Roaming\Microsoft
2010-07-16 00:04:12 ----D---- C:\Windows\System32
2010-07-15 23:59:18 ----D---- C:\Windows\system32\drivers
2010-07-15 23:59:18 ----D---- C:\Windows\AppPatch
2010-07-15 23:59:16 ----D---- C:\Program Files\Common Files
2010-07-15 23:45:18 ----D---- C:\Windows\system32\Tasks
2010-07-15 17:27:43 ----SHD---- C:\System Volume Information
2010-07-15 17:15:40 ----D---- C:\Windows\winsxs
2010-07-15 13:33:01 ----D---- C:\Windows\Prefetch
2010-07-15 13:32:14 ----D---- C:\Program Files
2010-07-15 03:08:01 ----SHD---- C:\Windows\Installer
2010-07-15 03:08:01 ----D---- C:\Config.Msi
2010-07-15 03:07:42 ----D---- C:\Windows\system32\catroot
2010-07-15 03:07:41 ----D---- C:\Windows\system32\catroot2
2010-07-15 03:07:35 ----D---- C:\Program Files\Windows Mail
2010-07-15 03:05:24 ----AD---- C:\ProgramData\TEMP
2010-07-15 03:02:08 ----D---- C:\Windows\Debug
2010-07-14 22:33:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-14 19:41:40 ----D---- C:\Program Files\Common Files\Adobe
2010-07-14 19:41:35 ----D---- C:\ProgramData\Adobe
2010-07-14 19:41:25 ----D---- C:\Program Files\Adobe
2010-07-14 19:36:43 ----D---- C:\Users\Alastair\AppData\Roaming\uTorrent
2010-07-14 18:58:30 ----D---- C:\Windows\system32\LogFiles
2010-07-14 18:58:30 ----D---- C:\Users\Alastair\AppData\Roaming\Media Player Classic
2010-07-14 18:58:29 ----D---- C:\Windows\Minidump
2010-07-14 08:51:10 ----D---- C:\Users\Alastair\AppData\Roaming\Spotify
2010-07-13 17:32:59 ----D---- C:\Program Files\JDownloader
2010-07-13 10:35:17 ----D---- C:\Program Files\BitComet
2010-07-13 00:39:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-13 00:39:12 ----D---- C:\Windows\inf
2010-07-10 17:58:01 ----D---- C:\Windows\SoftwareDistribution
2010-07-10 17:57:44 ----D---- C:\Windows\system
2010-07-09 18:06:46 ----D---- C:\ProgramData
2010-07-09 18:06:39 ----D---- C:\Program Files\CCleaner
2010-07-02 20:39:05 ----A---- C:\Windows\system32\mrt.exe
2010-06-30 12:28:55 ----D---- C:\Users\Alastair\AppData\Roaming\Audacity
2010-06-29 23:48:02 ----D---- C:\Users\Alastair\AppData\Roaming\Icevc
2010-06-27 10:51:57 ----D---- C:\Windows\Microsoft.NET
2010-06-27 10:51:56 ----RSD---- C:\Windows\assembly
2010-06-25 03:02:40 ----D---- C:\Windows\system32\en-US
2010-06-25 03:02:34 ----D---- C:\Program Files\Microsoft.NET
2010-06-23 10:15:27 ----D---- C:\Program Files\Mozilla Firefox
2010-06-21 17:09:07 ----D---- C:\Users\Alastair\AppData\Roaming\FileZilla
2010-06-20 01:22:56 ----D---- C:\Program Files\Flickr Uploadr

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-11 40560]
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-06-04 43872]
R0 TPkd;TPkd; C:\Windows\system32\drivers\TPkd.sys [2006-08-01 72160]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-11-19 29520]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-01-18 233136]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 NTIPPKernel;NTIPPKernel; \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\Windows\system32\drivers\PCTAppEvent.sys [2010-01-18 88040]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-14 2152344]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-18 70664]
R3 pctNDIS;PC Tools Driver; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-01-18 58816]
R3 pctplfw;pctplfw; \??\C:\Windows\System32\drivers\pctplfw.sys [2010-01-18 115216]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-08-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1); C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2); C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3); C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4); C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [2009-12-04 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5); C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [2009-12-04 25704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 catchme;catchme; \??\C:\Users\Alastair\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MagixASIODrv;MAGIX_ASIO_BoostDriver; \??\C:\Program Files\MAGIX\Samplitude_SE_No9\mxasio.sys [2002-04-16 4899]
S3 mbr;mbr; \??\C:\Users\Alastair\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\Windows\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 PCTFW-DNS;PCTools Firewall - DNS driver; \??\C:\Windows\system32\drivers\pctNdis-DNS.sys [2010-01-18 32680]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys [2007-06-02 8192]
S3 PnkBstrK;PnkBstrK; \??\C:\Windows\system32\drivers\PnkBstrK.sys [2010-04-10 138968]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-08-27 73088]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-03-26 12800]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-03-26 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-03-26 24832]
S3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM106.sys [2008-10-14 1501696]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-19 723632]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-10-21 3068352]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2009-11-09 818432]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-03-10 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2010-04-10 214592]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-09 272024]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 Paragon System Backup Service;Paragon System Backup Service; C:\Program Files\Paragon Software\System Backup 2010\program\dbhservice.exe [2010-01-11 109072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2009-09-06 729088]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-16 30192]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-16 182768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-12 316664]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Thanks for the help. The system appears to be running perfectly now, no slowing down or problems of any kind

Not completely sure why Download Direct is still appearing in the list, as I have removed it.

[turtledove]

Hello psychopiano,

Thank you.

Your RSIT log indicates your C: Drive has 5 GB (7%) free of 71 GB.

Hard-Drive Free Space Advice:

[quote][/quote]
This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

I advise you read this article: What to do if your Computer's running slowly and choose to uninstall some software you do not need, this is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

As these will take time to research: To give you time to move some personal files/pictures to DVD/CD, I will research and prepare a fix, by Saturday evening at the latest.

To check amount of free space: Open Computer- In right pane you should see Drives on you computer.- In that window, Right Click and Select Properties. This should open another smaller window with a graph and list Used and Free space. Try to get up to15% - to get closer to25 % free would be best.

Please let me know this can be done, and how long you need.

Thank you,

turtledove.

[psychopiano]

Hello psychopiano,

Thank you.

Your RSIT log indicates your C: Drive has 5 GB (7%) free of 71 GB.

Hard-Drive Free Space Advice:

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my opinion.

I advise you read this article: What to do if your Computer's running slowly and choose to uninstall some software you do not need, this is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

As these will take time to research: To give you time to move some personal files/pictures to DVD/CD, I will research and prepare a fix, by Saturday evening at the latest.

To check amount of free space: Open Computer- In right pane you should see Drives on you computer.- In that window, Right Click and Select Properties. This should open another smaller window with a graph and list Used and Free space. Try to get up to15% - to get closer to25 % free would be best.

Please let me know this can be done, and how long you need.

Thank you,

turtledove.

I've got the C: Drive up to the following:



The D: Drive aso has 55GB of 70GB free, so I'm fine on that front.

[psychopiano]

The problem just occured again though. When I open a folder from another folder window, it begins to open in a window - then the entire system will just freeze up and the CPU will be at 100%.

[turtledove]

Hello psychopiano,

Thank you for the additional information.
If you can move any pictures/documents/music/video to D:, that would be great. Your performance of C: should then improve. We'll take care of leftovers and temp files: that will help also as well as we go from here.


I'll have more for you by Saturday night.

Thank you

turtledove

[turtledove]

Hello psychopiano,

I'm writing to let you know I'm going to be another day checking your logs as my internet is having trouble. I should be back within another day.
My apologies for the delay.

Will be back as soon as they finish fixing the issue.

Thanks for your patience

turtledove