View Full Version : Really Slow PC
aderynmawr
2009-11-06, 23:53
I don't know whether this is an infection or my squillions of files that's causing the problem, but it's ridiculously slow - in booting up and loading web pages. I ran Spybot S&D and it found nothing more than tracking cookies - which I fixed. I've tried everything I can think of, and I'm really at a loss now...desperately hoping now that you clever folk can help! As per the instructions on the "Before you post" page, here is my HJT log:
Logfile of Trend Micro v2.0.2
Scan saved at 21:44:31, on 06/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
C:\Program Files\OrangeBS\BEWInternetUK\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeBS\BEWInternetUK\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternetUK\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternetUK\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternetUK\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternetUK\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: iebho Class - {296AE49F-E195-4835-895C-91788B938DF8} - C:\WINDOWS\ieiebho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: 1Click ImageExtractor - {5DE4E98D-DE09-4BC3-8A70-A6D9A24F4EC9} - C:\WINDOWS\1cie.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-UKSessionManager] "C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3811] command.com /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierEN.lng"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7656] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierEN.lng"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6310] command.com /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierFR.lng"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6639] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierFR.lng"
O4 - HKCU\..\Run: [NOD32 Kernel Service] C:\Program Files\Eset\nod32krn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5558] command.com /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierEN.lng"
O4 - HKCU\..\RunOnce: [SpybotDeletingD806] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierEN.lng"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6119] command.com /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierFR.lng"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3380] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierFR.lng"
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Open in &new window - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47382CA4-4BCD-47C0-B922-593A46E2437B}: NameServer = 193.36.79.100 193.36.79.101
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 8706 bytes
Hi aderynmawr
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
aderynmawr
2009-11-09, 17:43
Logfile of random's system information tool 1.06 (written by random/random)
Run by Karen at 2009-11-09 16:38:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 66 GB (28%) free of 238 GB
Total RAM: 766 MB (15% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:53, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
C:\Program Files\OrangeBS\BEWInternetUK\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeBS\BEWInternetUK\systray\systrayapp.exe
C:\Program Files\OrangeBS\BEWInternetUK\connectivity\connectivitymanager.exe
C:\Program Files\OrangeBS\BEWInternetUK\PhoneTools\TextMessaging.exe
C:\Program Files\OrangeBS\BEWInternetUK\Deskboard\deskboard.exe
C:\Program Files\OrangeBS\BEWInternetUK\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Downloads\RSIT.exe
C:\Program Files\Hijack This\Karen.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: iebho Class - {296AE49F-E195-4835-895C-91788B938DF8} - C:\WINDOWS\ieiebho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: 1Click ImageExtractor - {5DE4E98D-DE09-4BC3-8A70-A6D9A24F4EC9} - C:\WINDOWS\1cie.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [CardDetectorZTEMF636] C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-UKSessionManager] "C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe"
O4 - HKCU\..\Run: [NOD32 Kernel Service] C:\Program Files\Eset\nod32krn.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Open in &new window - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{47382CA4-4BCD-47C0-B922-593A46E2437B}: NameServer = 193.36.79.100 193.36.79.101
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 7286 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\HP Usg Daily FY04.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-01-22 68936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296AE49F-E195-4835-895C-91788B938DF8}]
iebho Class - C:\WINDOWS\ieiebho.dll [2003-09-19 126976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-19 5804872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54}]
NitroPDFBHO Class - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll [2008-12-22 451928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - []
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-02-19 5804872]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-01-22 211272]
{5DE4E98D-DE09-4BC3-8A70-A6D9A24F4EC9} - 1Click ImageExtractor - C:\WINDOWS\1cie.dll [2003-09-19 139264]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-03-25 949376]
"UMonit"=C:\WINDOWS\system32\umonit.exe [2003-08-21 49152]
"CardDetectorZTEMF636"=C:\Program Files\CardDetector\ZTEMF636\CardDetector.exe [2008-09-25 274432]
"BEWINTERNET-UKSessionManager"=C:\Program Files\OrangeBS\BEWInternetUK\SessionManager\SessionManager.exe [2008-10-24 131824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NOD32 Kernel Service"=C:\Program Files\Eset\nod32krn.exe [2009-03-25 552064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
C:\WINDOWS\system32\S3trayp.exe [2008-09-02 200704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XeroxScannerDaemon]
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe [2001-08-17 27648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
C:\Program Files\Zecter\ZumoDrive\ZumoDrive.lnk [2009-09-28 1595]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Karen^Start Menu^Programs^Startup^KingJackpot Downloader.lnk]
C:\DOWNLO~1\KINGJA~1.EXE -Icon []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDrives"=03FCFF03
"MaxRecentDocs"=29
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Internet Explorer\IEPro\MiniDM.exe"="C:\Program Files\Internet Explorer\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\xerox\nwwia\XrxFTPLt.exe"="C:\Program Files\xerox\nwwia\XrxFTPLt.exe:*:Enabled:XrxFTPLt"
"C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeBS\BEWInternetUK\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0815f978-9347-11de-a4b4-0011b107a396}]
shell\AutoRun\command - F:\PortableRoboForm.exe
shell\RoboForm2Go\command - F:\PortableRoboForm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bdb956c-7e8b-11de-a4a0-0011b107a396}]
shell\AutoRun\command - E:\AutoRunCardDetector.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e406310-040f-11de-a3fb-001d9242e5f0}]
shell\AutoRun\command - E:\.\Start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c252b42-3d4b-11de-a460-0011b107a396}]
shell\AutoRun\command - F:\PortableRoboForm.exe
shell\RoboForm2Go\command - F:\PortableRoboForm.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afb7a804-b5d9-11dd-a38a-001d9242e5f0}]
shell\AutoRun\command - E:\PortableRoboForm.exe
shell\RoboForm2Go\command - E:\PortableRoboForm.exe
======File associations======
.txt - open - "C:\Program Files\DocPad\docpad.exe" "%1"
======List of files/folders created in the last 1 months======
2009-11-09 16:38:04 ----D---- C:\rsit
2009-11-07 17:26:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-06 23:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-06 23:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-06 23:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-06 23:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-06 23:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-06 23:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-06 21:09:31 ----D---- C:\WINDOWS\ERDNT
2009-11-06 21:07:00 ----D---- C:\Program Files\ERUNT
2009-11-06 20:06:41 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-06 15:44:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-06 15:44:48 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 16:46:35 ----D---- C:\Program Files\Appdata
2009-10-28 16:46:13 ----A---- C:\Program Files\AVS Video Converter 6.2.3.314 (Portable).exe
======List of files/folders modified in the last 1 months======
2009-11-09 16:38:41 ----A---- C:\WINDOWS\ModemLog_ZTE Proprietary HS-USB Modem.txt
2009-11-09 16:38:15 ----D---- C:\Program Files\Hijack This
2009-11-09 16:30:25 ----D---- C:\WINDOWS\Temp
2009-11-09 16:11:18 ----D---- C:\Downloads
2009-11-09 12:08:50 ----D---- C:\Program Files\Mozilla Firefox
2009-11-09 12:05:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-09 06:06:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-08 15:32:29 ----D---- C:\Program Files\Ricochet Infinity
2009-11-08 14:28:57 ----D---- C:\WINDOWS
2009-11-07 17:27:08 ----HD---- C:\WINDOWS\inf
2009-11-07 17:27:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-07 17:26:59 ----D---- C:\WINDOWS\system32
2009-11-07 00:30:05 ----D---- C:\WINDOWS\Prefetch
2009-11-06 23:55:43 ----A---- C:\WINDOWS\imsins.BAK
2009-11-06 23:31:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-06 21:07:00 ----D---- C:\Program Files
2009-11-06 20:08:58 ----D---- C:\Program Files\SolSuite
2009-11-06 20:06:41 ----SHD---- C:\WINDOWS\Installer
2009-11-06 20:06:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-06 20:06:40 ----HD---- C:\Config.Msi
2009-11-06 20:06:34 ----D---- C:\WINDOWS\system32\drivers
2009-11-06 20:06:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-06 19:47:56 ----A---- C:\WINDOWS\WININIT.INI
2009-11-06 18:39:43 ----SD---- C:\WINDOWS\Tasks
2009-11-05 01:07:56 ----RD---- C:\Temp DVD
2009-10-29 21:45:37 ----D---- C:\Program Files\Common Files\Adobe
2009-10-29 21:45:37 ----D---- C:\Documents and Settings\Karen\Application Data\Adobe
2009-10-29 05:00:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-19 18:34:26 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CbFs;CbFs; \??\C:\WINDOWS\system32\drivers\cbfs.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MUsbFltr;WayTechUSBFilterDriver; C:\WINDOWS\system32\drivers\MUsbFltr.sys [2006-06-27 9088]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-03-25 15424]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-03-25 512096]
R2 ppsio2;PPDevice; C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 23200]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-09-02 4751360]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 S3GIGP;S3GIGP; C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2008-09-02 604160]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2008-04-19 103936]
R3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2008-04-19 103936]
R3 ZTEusbnmeaext;ZTE NMEAExt Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-19 103936]
R3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2008-04-19 103936]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [2003-08-21 6016]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-07 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2008-10-24 69632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-09 152984]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-03-25 552064]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2006-02-14 155648]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-10 19456]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-24 604488]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2006-02-14 864256]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2006-02-14 233472]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2009-05-26 65536]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-24 361288]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
-----------------EOF-----------------
:thanks:
aderynmawr
2009-11-09, 17:44
info.txt logfile of random's system information tool 1.06 2009-11-09 16:38:58
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1ClickImageExtractor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9023F316-615A-4A89-BCFF-1E16107A88AB}\setup.exe"
Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Ashampoo ClipFinder 1.53-->"C:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe"
Ashampoo Movie Shrink & Burn 3 3.03-->"C:\Program Files\Ashampoo\Ashampoo Movie Shrink & Burn 3\unins000.exe"
Business Everywhere uninstall-->C:\Program Files\OrangeBS\BEWInternetUK\installation\core\Installgui.exe -u
Card Detector for ZTE MF636-->C:\Program Files\CardDetector\ZTEMF636\CardDetectorSetup.exe -u
DocPad-->C:\Program Files\DocPad\Uninstall\Uninstall.EXE /u:"DocPad"
Dragon NaturallySpeaking 10-->MsiExec.exe /I{E7712E53-7A7F-46EB-AA13-70D5987D30F2}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Gammadyne Spell Checking Module-->C:\Program Files\Common Files\System-G\Speller\Uninstall\Uninstall.EXE /u:"Gammadyne Spell Checking Module"
Genesys USB Mass Storage Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\Setup.exe"
HijackThis 2.0.2-->C:\Program Files\Hijack This\HijackThis.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IE7Pro-->C:\Program Files\Internet Explorer\IEPro\uninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.3.1 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Labtec Laser Mouse Software-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Labtec Laser Mouse Software\uninst.isu" -c"C:\Program Files\Labtec Laser Mouse Software\UnInst.dll"
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MOBILedit! Forensic 2.3-->RunDll32 C:\PROGRA~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PDF Download for Internet Explorer-->MsiExec.exe /X{B43A3C5D-7F74-4493-840E-D7B74520BC19}
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Rapidshare Downloader-->MsiExec.exe /I{EF19CEAD-4DD4-4170-8ED5-59FA3A5F347E}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
RM Converter 3-->C:\Program Files\Xilisoft\RM Converter 3\Uninstall.exe
Roxio PhotoSuite 8-->MsiExec.exe /I{56F62349-521A-44FD-A9E6-F8DF2B34F560}
SC Ver 2.69-->"C:\Program Files\SC\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Slingo Deluxe-->C:\Program Files\Slingo Deluxe\Uninstal.exe
Snagit 9.1.1-->MsiExec.exe /I{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}
SolSuite 2008 v8.1-->"C:\Program Files\SolSuite\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
UltraISO Premium V9.32-->"C:\Program Files\UltraISO\unins000.exe"
Universal Document Converter-->"C:\Program Files\Universal Document Converter\unins000.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VIA Chrome9 HC IGP Family Display 6.14.10.0137-->C:\PROGRA~1\S3\Chrome9HC\s3minset.exe /u Chrome9HC.uns
Visual C++ Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
Windows Driver Package - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZumoDrive-->"C:\Program Files\Zecter\ZumoDrive\uninstall.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Run: [CPMabc32531] Rundll32.exe "c:\windows\system32\rotirufe.dll",a [2008-12-12]
O2 - BHO: (no name) - {587faf18-2bbe-4c2a-bbf7-500ff23ae175} - C:\WINDOWS\system32\kiduruka.dll [2008-12-12]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2008-12-12]
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE [2008-12-12]
O4 - HKLM\..\Run: [norahutovo] Rundll32.exe "C:\WINDOWS\system32\wizunipo.dll",s [2008-12-12]
O2 - BHO: (no name) - {91a92af5-9c4e-4119-97fe-3d2211b2cf10} - C:\WINDOWS\system32\reguligu.dll [2008-12-12]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rotirufe.dll [2008-12-12]
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-12-12]
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) [2008-12-12]
O2 - BHO: (no name) - {587faf18-2bbe-4c2a-bbf7-500ff23ae175} - (no file) [2008-12-12]
O4 - HKLM\..\Run: [norahutovo] Rundll32.exe "C:\WINDOWS\system32\wizunipo.dll",s [2008-12-12]
O4 - HKLM\..\Run: [CPMabc32531] Rundll32.exe "c:\windows\system32\rotirufe.dll",a [2008-12-12]
O2 - BHO: (no name) - {587faf18-2bbe-4c2a-bbf7-500ff23ae175} - C:\WINDOWS\system32\kiduruka.dll [2008-12-12]
O4 - HKLM\..\Run: [CPMabc32531] Rundll32.exe "c:\windows\system32\rotirufe.dll",a [2008-12-12]
O4 - HKLM\..\Run: [norahutovo] Rundll32.exe "C:\WINDOWS\system32\wizunipo.dll",s [2008-12-12]
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rotirufe.dll [2008-12-12]
O2 - BHO: (no name) - {587faf18-2bbe-4c2a-bbf7-500ff23ae175} - C:\WINDOWS\system32\kiduruka.dll [2008-12-12]
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Internet Explorer\IEPro\iepro.dll [2009-03-18]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-18]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-03-18]
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') [2009-03-18]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-18]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-03-18]
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [2009-03-18]
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-18]
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE [2009-03-18]
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-03-18]
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') [2009-03-18]
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2009-03-18]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [2009-03-18]
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html [2009-03-18]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-18]
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2009-03-18]
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-03-18]
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-03-18]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-03-18]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [2009-03-18]
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html [2009-03-18]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-03-18]
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-03-18]
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Internet Explorer\IEPro\iepro.dll [2009-03-18]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 [2009-03-18]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL [2009-03-18]
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Internet Explorer\IEPro\iepro.dll [2009-03-18]
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-03-18]
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Internet Explorer\IEPro\iepro.dll [2009-03-18]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-03-18]
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html [2009-03-18]
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html [2009-03-18]
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Internet Explorer\IEPro\iepro.dll [2009-03-18]
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2009-03-18]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [2009-03-18]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-03-18]
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-18]
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2009-03-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18]
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-18]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-18]
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2009-03-18]
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2009-03-18]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-18]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com [2009-03-18]
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html [2009-03-18]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2009-03-18]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com [2009-03-18]
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2009-03-18]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://uk.search.yahoo.com [2009-03-18]
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [2009-03-18]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://uk.search.yahoo.com [2009-03-18]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-18]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-03-18]
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html [2009-03-18]
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-18]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-03-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-18]
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [2009-03-18]
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html [2009-03-18]
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [2009-03-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18]
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2009-03-18]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-03-18]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-18]
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html [2009-03-18]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-18]
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-18]
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2009-03-18]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-03-18]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-03-19]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-19]
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2009-03-19]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-03-19]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-03-19]
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2009-03-19]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL [2009-05-27]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: ESET NOD32 antivirus system 2.70
======System event log======
Computer Name: DELL-05D0573133
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 16572
Source Name: DCOM
Time Written: 20090914211044.000000+060
Event Type: error
User: DELL-05D0573133\Karen
Computer Name: DELL-05D0573133
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 16571
Source Name: DCOM
Time Written: 20090914211010.000000+060
Event Type: error
User: DELL-05D0573133\Karen
Computer Name: DELL-05D0573133
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 16538
Source Name: BTHUSB
Time Written: 20090914204005.000000+060
Event Type: warning
User:
Computer Name: DELL-05D0573133
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 16521
Source Name: W32Time
Time Written: 20090914163746.000000+060
Event Type: warning
User:
Computer Name: DELL-05D0573133
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 16494
Source Name: BTHUSB
Time Written: 20090914025314.000000+060
Event Type: warning
User:
=====Application event log=====
Computer Name: DELL-05D0573133
Event Code: 1002
Message: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 515
Source Name: Application Hang
Time Written: 20090213082843.000000+000
Event Type: error
User:
Computer Name: DELL-05D0573133
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 514
Source Name: Application Hang
Time Written: 20090213082705.000000+000
Event Type: error
User:
Computer Name: DELL-05D0573133
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Record Number: 509
Source Name: Application Error
Time Written: 20090212220530.000000+000
Event Type: error
User:
Computer Name: DELL-05D0573133
Event Code: 1000
Message: Faulting application megamanager.exe, version 3.2.0.3, faulting module megamanager.exe, version 3.2.0.3, fault address 0x0012edb0.
Record Number: 508
Source Name: Application Error
Time Written: 20090212220521.000000+000
Event Type: error
User:
Computer Name: DELL-05D0573133
Event Code: 11500
Message: Product: Java(TM) 6 Update 11 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Record Number: 467
Source Name: MsiInstaller
Time Written: 20090209143811.000000+000
Event Type: error
User: DELL-05D0573133\Karen
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 0, CentaurHauls
"PROCESSOR_REVISION"=0d00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
:thanks:
It appears that you NOD32 isn't legit.
That's why you need to uninstall these:
NOD32 antivirus system
NOD32 FiX v2.1
After that, please install one free antivirus from below and post back a fresh HijackThis log:
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.
You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.