please any one ..help a.s.a.p (Inactive)

**tfm_master** · 2009-07-17, 07:48

first of all i have two BIG problems the first is ....

i was playing an online game on my big brothers computer "halo "
then i found that "c:" the system partition wich i installed the windows xp on it is infected with some virus and when i reboot the computer it takes too many time to load after that infection, idk it's type but after alot of work i found two files
"runupdater.exe" the size was about 12 kb i guess

and the other was "runupdater.htm" and it was ((10.4 gigabytes)) and both files was hidden ,they are located at "C:\Documents and Settings\XPPRESP3\Local Settings"

and when i try to delete any of them the computer hangs up ....i even tried scaning it with anti virus program called "nod 32" but when he scan the files the program stop responding and the computer hangs up "AGAIN" ,so any kind of interferince with this files ends with hang ups like usual..
so the conclusion is i want to get rid of this virus "or what ever it is" without formating the harddrive because i have alot of important data that i cant do a backup for it rightnow and if my bro knew he will kick my butt

and then came the second problem ,my pc got infected after i pluged my new mp4 player in the computer ,it was autorun.inf virus "that what i knew at the end"

i have 4 partitions in my pc
c:"which have the os files" ,e:"the films" ,f:"the application,like 3d modeling progrms and stuff like that" and g:" games partition" and d:"cd rom drive"

here's the report:
all partition open in new window when i double click on it ,but not drive e:
i have to right-click on it and then choose explore to open it but if i opened it with double click the computer hangs up, so i launched cmd from start menu/run and here's the autorun.inf for every partition

f:
[AutoRun]
open=sv8c2bjw.bat
shell\open\Command=sv8c2bjw.bat
===
e:
[AutoRun]
open=sv8c2bjw.bat
shell\open\Command=sv8c2bjw.bat
=====
d:
[AutoRun]
open=sv8c2bjw.bat
shell\open\Command=sv8c2bjw.bat
==

c: was having about 5000 command lines on it i'll send it in the reply post under this post

=========
so please help as soon as posible

i can't send the c: autorun.inf partiton lines
it's too many the page hangs up when i try to send it its about 5000 lines

**katana** · 2009-07-20, 13:06

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Only post logs from one computer in this thread, you will need to start a new thread for the second machine when this one is finished.

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

**tfm_master** · 2009-07-22, 14:48

info.txt logfile of random's system information tool 1.06 2009-07-22 21:51:43

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
-->MsiExec.exe /X{7B4AB13C-1A5C-4BC5-ABA6-762F8198444C}
3D Flash Animator 4.9.8.7-->C:\WINDOWS\unvise32.exe g:\برامج\فلاش\uninstal.log
3Planesoft Screensaver Manager 1.2-->"C:\Program Files\3Planesoft Screensaver Manager\unins000.exe"
A Fairy Tale-->"C:\WINDOWS\A Fairy Tale\uninstall.exe" "/U:f:\Program Files\A Fairy Tale\Uninstall\uninstall.xml"
AC3Filter (remove only)-->F:\source\كوديكات\AC3Filter\uninstall.exe
ACDSee 8-->MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Acoustica MP3 Audio Mixer 2.13-->F:\source\ACOUST~1\UNWISE.EXE F:\source\ACOUST~1\INSTALL.LOG
Adobe After Effects CS3 Presets-->MsiExec.exe /I{4B215C29-1A3E-4736-92AA-10C83FA56EB9}
Adobe After Effects CS3-->C:\Program Files\Common Files\Adobe\Installers\b7dd24a87e82dcf8af8876fd727b7cf\Setup.exe
Adobe After Effects CS3-->MsiExec.exe /I{8AF3FB06-BDA3-42A3-995C-308812D2F094}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0 ME-->C:\WINDOWS\IsUninst.exe -f"F:\source\photoshop arabic\Uninst.isu"
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Photoshop-->"C:\Program Files\Adobe Photoshop Setup\unins000.exe"
Adobe Reader 7.0.8-->MsiExec.exe /X{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup-->MsiExec.exe /I{2C294A0B-DF22-4023-B168-8C7645B10019}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AdVantage (Powering DAEMON Tools)-->"C:\Program Files\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"
AGEIA PhysX v6.10.25-->MsiExec.exe /X{7104189A-C592-4A56-AC9E-7C0CA135DA3C}
Alawar Games Gourmania FINAL 1.00-->g:\Program Files\Games\Alawar Games Gourmania FINAL\Uninstall.exe
American Civil War - Gettysburg (remove only)-->"f:\Program Files\American Civil War - Gettysburg\Uninstall.exe"
AMS Photo Effects 1.87-->"F:\source\AMS Photo Effects\unins000.exe"
Ancient Weapon Sounds-->MsiExec.exe /I{03C5A850-1827-48FF-8A03-63EB217DB260}
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:G:\AntiArp\flv play\Uninstall\uninstall.xml"
Aquabble Avalanche ver. 1.3-->"G:\Program Files\absolutist.com\Aquabble Avalanche\unins000.exe"
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AtomixMP3 v2.3 Trial-->C:\PROGRA~1\ATOMIX~2\UNWISE.EXE C:\PROGRA~1\ATOMIX~2\INSTALL.LOG
AVS Audio Editor version 4.2-->"C:\Program Files\AtomixMP3رمكسات\AVSAudioEditor\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Baby Luv-->MsiExec.exe /I{281ACB92-5C99-449E-8B37-1BC786821C43}
Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
Beer Tycoon-->G:\games\beer tycoon\Uninstal.exe
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Bubble Town-->"C:\WINDOWS\Bubble Town\uninstall.exe" "/U:G:\GameHouse Games Collection\bubble\Uninstall\uninstall.xml"
Build-a-lot 3 - Passport to Europe-->MsiExec.exe /I{37E8675C-C0C2-46C4-83F9-26154502BF1F}
Burger Shop-->"C:\WINDOWS\Burger Shop\uninstall.exe" "/U:G:\Program Files\بورجر\Uninstall\uninstall.xml"
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Carbide.ui Theme Edition 3.2-->C:\Program Files\InstallShield Installation Information\{E403FAFB-4E7D-4ADC-A668-C07C6D981785}\setup.exe -runfromtemp -l0x0009 -removeonly
Carrara 5 Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD48471E-87BC-4311-8E32-B81F6969D446}\setup.exe" -l0x9
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cinema tycoon 2 Movie Mania-->"C:\WINDOWS\Cinema tycoon 2 Movie Mania\uninstall.exe" "/U:G:\games\سينيما\Uninstall\uninstall.xml"
Conga Bugs-->"C:\WINDOWS\Conga Bugs\uninstall.exe" "/U:F:\Program Files\Uninstall\uninstall.xml"
Cooking Academy-->MsiExec.exe /X{591C113C-8D3B-4FEC-AF5E-36F0DFEEA8C0}
Cooking Dash-->"C:\WINDOWS\Cooking Dash\uninstall.exe" "/U:G:\Program Files\New Folder\Uninstall\uninstall.xml"
Cooking Dash-->"G:\games\diner dash\Cooking Dash\Uninstall.exe"
County Fair-->"C:\WINDOWS\County Fair\uninstall.exe" "/U:G:\games\الملاهى\Uninstall\uninstall.xml"
Crazy Birds-->"G:\GameHouse Games Collection\unins001.exe"
Creatures of Darkness-->MsiExec.exe /I{5B616A3F-43D9-4F0B-9F49-D39342A98592}
Custom Skin Clock version 1.3-->"f:\Program Files\Custom Skin Clock-jony\unins000.exe"
Dairy Dash - Back To Basics-->MsiExec.exe /I{E9564377-8302-419D-A09C-4B7BD58F72F6}
DFX for Winamp-->F:\source\Winamp new player\Plugins\uninstall_Winamp.exe
DISNEY'S EXTREMELY GOOFY SKATEBOARDING (C) DISNEY INTERACTIVE-->G:\Neo\DISNEY~1\UNWISE.EXE G:\Neo\DISNEY~1\INSTALL.LOG
DJ Music Mixer-->"C:\WINDOWS\DJ Music Mixer Uninstaller.exe"
Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
Easy phone 4.5-->"G:\بوشكاش\Samehsoft\Easy phone 2008\unins000.exe"
EasyCall 2008-->"F:\source\EasyCall2008\دليل التليفون\unins000.exe"
Emerald City Confidential-->"f:\Program Files\Emerald City Confidential\ReflexiveArcade\unins000.exe"
Eng2000-->C:\WINDOWS\ST5UNST.EXE -n "f:\ والامتحان تعلم انجليوى 2009\ST5UNST.LOG"
Facebook Desktop-->C:\Documents and Settings\XPPRESP3\Application Data\Facebook\uninstall.exe
FaceSwapper v1.0-->"f:\Program Files\Luxand\FaceSwapperاللعب بالصور\unins000.exe"
Fairy Godmother Tycoon-->"G:\games\diner dash\Fairy Godmother Tycoon\Uninstall.exe"
Fantasy Voice Pack-->MsiExec.exe /I{8061C2C9-C2A3-4550-A3FC-585B646840CB}
Farm Animal Sounds-->MsiExec.exe /I{6D78B729-198B-4940-B6D9-5F4CADB34908}
Farm Frenzy 2-->"G:\games\diner dash\Farm Frenzy 2\Uninstall.exe"
Farm Frenzy 2-->f:\Program Files\Alawar\FarmFrenzy2\Uninstall.exe
Farm Frenzy Pizza Party 1.00-->G:\Program Files\Farm Frenzy Pizza Party\Uninstall.exe
Farm Mania-->"C:\WINDOWS\Farm Mania\uninstall.exe" "/U:G:\Program Files\الســــوق\Uninstall\uninstall.xml"
Farm Vet-->"C:\Documents and Settings\XPPRESP3\My Documents\Uninstall_Farm Vet\Uninstall Farm Vet.exe"
Fishdom H2O - Hidden Odyssey 1.0-->"f:\Program Files\Playrix Entertainment\Fishdom H2O - Hidden Odyssey\unins000.exe"
Fishing Craze-->"G:\games\صيد الهبل\Fishing Craze\ReflexiveArcade\unins000.exe"
FLVPlayer4Free Free FLV Player 3.2.0.0-->"F:\source\FLVPlayer4Free\unins000.exe"
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Folder Size Shell Extension v3.2-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\system32\Shellext\dfolder.inf
Forewave FLV to 3GP Converter 2.0-->"G:\AntiArp\FLV to 3GP Converter\unins000.exe"
Freewire Television-->C:\Program Files\InstallShield Installation Information\{0AAAAF26-C38A-4C7D-8ECE-1E15ECB34747}\setup.exe -runfromtemp -l0x0409
FreeZ Online TV v1.10-->"f:\Program Files\الدشFreeZ Online TV\unins000.exe"
Freez_Online_TV Toolbar-->C:\PROGRA~1\FREEZ_~1\UNWISE.EXE /U C:\PROGRA~1\FREEZ_~1\INSTALL.LOG
GameHouse Games Collection: Academy of Magic-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ACADEM~1\Install.log
GameHouse Games Collection: Adventure Inlay - Safari Edition-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ADVENT~2\Install.log
GameHouse Games Collection: Adventure Inlay-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ADVENT~1\Install.log
GameHouse Games Collection: Air Strike 3D-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\AIRSTR~1\Install.log
GameHouse Games Collection: Alien Sky-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ALIENS~1\Install.log
GameHouse Games Collection: Aloha Solitaire-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ALOHAS~1\Install.log
GameHouse Games Collection: Aloha TriPeaks-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ALOHAT~1\Install.log
GameHouse Games Collection: Ancient Tri-Jong-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ANCIEN~1\Install.log
GameHouse Games Collection: Ancient Tripeaks-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ANCIEN~2\Install.log
GameHouse Games Collection: Astrobatics-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ASTROB~1\Install.log
GameHouse Games Collection: Atlantis-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Atlantis\Install.log
GameHouse Games Collection: Atomaders-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ATOMAD~1\Install.log
GameHouse Games Collection: Bejeweled 2-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\BEJEWE~1\Install.log
GameHouse Games Collection: Bewitched-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\BEWITC~1\Install.log
GameHouse Games Collection: Big Kahuna Reef-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\BIGKAH~1\Install.log
GameHouse Games Collection: Boggle Supreme-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\BOGGLE~1\Install.log
GameHouse Games Collection: Bounce Out Blitz-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\BOUNCE~1\Install.log
GameHouse Games Collection: Casino Island To Go-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CASINO~1\Install.log
GameHouse Games Collection: Chainz 2 - Relinked-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CHAINZ~1\Install.log
GameHouse Games Collection: Chainz-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Chainz\Install.log
GameHouse Games Collection: Charm Solitaire-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CHARMS~1\Install.log
GameHouse Games Collection: Charm Tale-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CHARMT~1\Install.log
GameHouse Games Collection: Chicktionary-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CHICKT~1\Install.log
GameHouse Games Collection: Chuzzle Deluxe-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CHUZZL~1\Install.log
GameHouse Games Collection: Collapse! Crunch-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\COLLAP~1\Install.log
GameHouse Games Collection: Combo Chaos!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\COMBOC~1\Install.log
GameHouse Games Collection: Crystal Path-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CRYSTA~1\Install.log
GameHouse Games Collection: Cubis Gold 2-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\CUBISG~1\Install.log
GameHouse Games Collection: Digby's Donuts-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\DIGBY'~1\Install.log
GameHouse Games Collection: Diner Dash-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\DINERD~1\Install.log
GameHouse Games Collection: Feeding Frenzy-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FEEDIN~1\Install.log
GameHouse Games Collection: Fiber Twig-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FIBERT~1\Install.log
GameHouse Games Collection: Five Card Deluxe-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FIVECA~1\Install.log
GameHouse Games Collection: Flip Words-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FLIPWO~1\Install.log
GameHouse Games Collection: Flying Leo-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FLYING~1\Install.log
GameHouse Games Collection: Fortune Tiles Gold-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FORTUN~1\Install.log
GameHouse Games Collection: Fresco Wizard-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\FRESCO~1\Install.log
GameHouse Games Collection: GameHouse Sudoku-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\GAMEHO~1\Install.log
GameHouse Games Collection: Gearz-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Gearz\Install.log
GameHouse Games Collection: Granny in Paradise-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\GRANNY~1\Install.log
GameHouse Games Collection: Gutterball 2-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\GUTTER~2\Install.log
GameHouse Games Collection: Gutterball-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\GUTTER~1\Install.log
GameHouse Games Collection: Hamsterball-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\HAMSTE~1\Install.log
GameHouse Games Collection: Hello!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Hello!\Install.log
GameHouse Games Collection: Holiday Express-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\HOLIDA~1\Install.log
GameHouse Games Collection: Iggle Pop!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\IGGLEP~1\Install.log
GameHouse Games Collection: Incadia-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Incadia\Install.log
GameHouse Games Collection: Incredible Ink-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\INCRED~1\Install.log
GameHouse Games Collection: Insaniquarium Deluxe-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\INSANI~1\Install.log
GameHouse Games Collection: Inspector Parker-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\INSPEC~1\Install.log
GameHouse Games Collection: Invadazoid-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\INVADA~1\Install.log
GameHouse Games Collection: Jewel Quest-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\JEWELQ~1\Install.log
GameHouse Games Collection: Lemonade Tycoon-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\LEMONA~1\Install.log
GameHouse Games Collection: Luxor-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Luxor\Install.log
GameHouse Games Collection: Mad Caps-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MADCAP~1\Install.log
GameHouse Games Collection: Magic Ball 2 - New Worlds-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAGICB~3\Install.log
GameHouse Games Collection: Magic Ball 2-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAGICB~2\Install.log
GameHouse Games Collection: Magic Ball-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAGICB~1\Install.log
GameHouse Games Collection: Magic Inlay-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAGICI~1\Install.log
GameHouse Games Collection: Magic Vines-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAGICV~1\Install.log
GameHouse Games Collection: Mah Jong Adventures-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAHJON~1\Install.log
GameHouse Games Collection: Mah Jong Medley-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAHJON~2\Install.log
GameHouse Games Collection: Mah Jong Quest-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAHJON~3\Install.log
GameHouse Games Collection: Mahjong Garden To Go-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAHJON~4\Install.log
GameHouse Games Collection: Mahjong Towers Eternity-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MA32CC~1\Install.log
GameHouse Games Collection: Maui Wowee-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\MAUIWO~1\Install.log
GameHouse Games Collection: Phlinx To Go-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\PHLINX~1\Install.log
GameHouse Games Collection: Pin High Country Club Golf-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\PINHIG~1\Install.log
GameHouse Games Collection: Pizza Frenzy-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\PIZZAF~1\Install.log
GameHouse Games Collection: Platypus-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Platypus\Install.log
GameHouse Games Collection: Poker Superstars-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\POKERS~1\Install.log
GameHouse Games Collection: Puzzle Express-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\PUZZLE~2\Install.log
GameHouse Games Collection: Puzzle Inlay-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\PUZZLE~1\Install.log
GameHouse Games Collection: Puzzle Solitaire-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\PUZZLE~3\Install.log
GameHouse Games Collection: QBz-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\QBz\Install.log
GameHouse Games Collection: Reader's Digest Super Word Power-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\READER~1\Install.log
GameHouse Games Collection: Ricochet Lost Worlds - Recharged-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\RICOCH~2\Install.log
GameHouse Games Collection: Ricochet Lost Worlds-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\RICOCH~1\Install.log
GameHouse Games Collection: Ricochet-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Ricochet\Install.log
GameHouse Games Collection: Roller Rush-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ROLLER~1\Install.log
GameHouse Games Collection: Saints & Sinners Bingo-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SAINTS~1\Install.log
GameHouse Games Collection: SCRABBLE-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SCRABBLE\Install.log
GameHouse Games Collection: Shape Shifter-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SHAPES~1\Install.log
GameHouse Games Collection: Slingo Deluxe-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SLINGO~1\Install.log
GameHouse Games Collection: Spelvin-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Spelvin\Install.log
GameHouse Games Collection: Splash-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\Splash\Install.log
GameHouse Games Collection: Spring Sprang Sprung-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SPRING~1\Install.log
GameHouse Games Collection: Super 5-Line Slots-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPER5~1\Install.log
GameHouse Games Collection: Super Blackjack!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERB~1\Install.log
GameHouse Games Collection: Super Bounce Out!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERB~2\Install.log
GameHouse Games Collection: Super Candy Cruncher-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERC~1\Install.log
GameHouse Games Collection: Super Collapse! II Platinum-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERC~4\Install.log
GameHouse Games Collection: Super Collapse! II-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERC~3\Install.log
GameHouse Games Collection: Super Collapse!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERC~2\Install.log
GameHouse Games Collection: Super Fruit Frolic-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERF~1\Install.log
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERG~1.1\Install.log
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERG~1.2\Install.log
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERG~1.3\Install.log
GameHouse Games Collection: Super Gem Drop-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERG~1\Install.log
GameHouse Games Collection: Super Glinx!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERG~2\Install.log
GameHouse Games Collection: Super Letter Linker-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERL~1\Install.log
GameHouse Games Collection: Super Mah Jong Solitaire-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERM~1\Install.log
GameHouse Games Collection: Super Nisqually-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERN~1\Install.log
GameHouse Games Collection: Super PileUp!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERP~1\Install.log
GameHouse Games Collection: Super Pool-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERP~2\Install.log
GameHouse Games Collection: Super Pop & Drop!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERP~3\Install.log
GameHouse Games Collection: Super Rumble Cube-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERR~1\Install.log
GameHouse Games Collection: Super SpongeBob Collapse!-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERS~1\Install.log
GameHouse Games Collection: Super TextTwist-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERT~1\Install.log
GameHouse Games Collection: Super WHATword-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERW~1\Install.log
GameHouse Games Collection: Super Wild Wild Words-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\SUPERW~2\Install.log
GameHouse Games Collection: Tap a Jam-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TAPAJA~1\Install.log
GameHouse Games Collection: Ten Pin Championship Bowling Pro-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TENPIN~1\Install.log
GameHouse Games Collection: Tennis Titans-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TENNIS~1\Install.log
GameHouse Games Collection: Tradewinds 2-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TRADEW~1\Install.log
GameHouse Games Collection: Trivia Machine-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TRIVIA~1\Install.log
GameHouse Games Collection: Tropical Swaps-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TROPIC~1\Install.log
GameHouse Games Collection: Tumblebugs-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TUMBLE~1\Install.log
GameHouse Games Collection: Turtle Bay-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TURTLE~1\Install.log
GameHouse Games Collection: Twistingo-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\TWISTI~1\Install.log
GameHouse Games Collection: Ultimate Dominoes-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ULTIMA~1\Install.log
GameHouse Games Collection: Varmintz Deluxe-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\VARMIN~1\Install.log
GameHouse Games Collection: Walls of Jericho, The-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\WALLSO~1\Install.log
GameHouse Games Collection: Wheel of Fortune-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\WHEELO~1\Install.log
GameHouse Games Collection: Word Jolt-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\WORDJO~1\Install.log
GameHouse Games Collection: Word Slinger-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\WORDSL~1\Install.log
GameHouse Games Collection: WordJong To Go-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\WORDJO~2\Install.log
GameHouse Games Collection: Zuma Deluxe-->g:\GAMEHO~1\unwise.exe /U g:\GAMEHO~1\ZUMADE~1\Install.log
gamesfree Toolbar-->C:\PROGRA~1\GAMESF~1\UNWISE.EXE /U C:\PROGRA~1\GAMESF~1\INSTALL.LOG
Golden Al-Wafi Translator-->C:\WINDOWS\st6unst.exe -n "F:\source\al wafi\ST6UNST.LOG"
Golden Path-->"G:\GameHouse Games Collection\كور\unins000.exe"
GoldWave v5.13-->"F:\source\GoldWave\unstall.exe" "GoldWave v5.13" "F:\source\GoldWave\unstall.log"
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gossiper Toolbar-->C:\PROGRA~1\Gossiper\UNWISE.EXE C:\PROGRA~1\Gossiper\INSTALL.LOG
Green Valley Fun on the Farm-->"C:\WINDOWS\Green Valley Fun on the Farm\uninstall.exe" "/U:e:\Program Files\Green Valley Fun on the Farm\Uninstall\uninstall.xml"
Hexagon-->"C:\WINDOWS\Hexagon\uninstall.exe" "/U:F:\source\new graphic\carrera\hexagon\Uninstall\uninstall.xml"
Hexagon-->"C:\WINDOWS\Hexagon\uninstall.exe" "/U:F:\source\new graphic\carrera\hexagon\Uninstall\uninstall.xml"
Hexagon-->"C:\WINDOWS\Hexagon\uninstall.exe" "/U:F:\source\new graphic\carrera\hexagon\Uninstall\uninstall.xml"
HieroGlyph Library-->f:\Program Files\HieroGlyph Libraryهلوغريفى\Uninstal.exe
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hometown Hero-->G:\games\diner dash 4\Uninstal.exe
Hospital Tycoon-->G:\Virtual Villagers 3 - The Secret City Full and Playable!-1\Hospital Tycoon\uninstall.exe
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{03E66394-42F0-4745-85F7-0A2F8F35C09F}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Ice Cream Craze-->"C:\WINDOWS\Ice Cream Craze\uninstall.exe" "/U:G:\games\ICE CRAZA\Uninstall\uninstall.xml"
Ice Cream Mania-->"C:\WINDOWS\Ice Cream Mania\uninstall.exe" "/U:G:\games\ ICE CREAM\Uninstall\uninstall.xml"
Ice Cream Tycoon-->"G:\games\ايس كريم زفت\Ice Cream Tycoon\ReflexiveArcade\unins000.exe"
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Jenny's Fish Shop-->"C:\WINDOWS\Jenny's Fish Shop\uninstall.exe" "/U:G:\games\ الحقل\Uninstall\uninstall.xml"
Karaoke 5 ver. 35.9-->"f:\Program Files\Karaoke5\unins000.exe"
K-Lite Mega Codec Pack 1.53-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Lambs of Dreams-->"C:\WINDOWS\Lambs of Dreams\uninstall.exe" "/U:G:\games\uuuuuuuuu\Uninstall\uninstall.xml"
Learn To Speak French V3.1-->"G:\برامج\تعليم الفرنساوى\unins000.exe"
Luxor Quest for the Afterlife-->"C:\WINDOWS\Luxor Quest for the Afterlife\uninstall.exe" "/U:f:\Program Files\Luxor Quest for the Afterlife\Uninstall\uninstall.xml"
Magic ISO Maker v5.5 (build 0276)-->F:\source\MagicISO\UNWISE.EXE F:\source\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"F:\source\Malwarebytes' Anti-Malware\unins000.exe"
Manual video for trueSpace7.6-->"F:\source\trueSpace\d\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MetaProducts Mass Downloader-->g:\Program Files\Mass Downloader\massdown.exe /UnInstall
Microsoft .NET Framework 2.0-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Morph Man v.4 Trial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5C5D70E-33DC-4A04-92F9-63964ECC30E1}\Setup.exe"
MorphVOX Pro-->MsiExec.exe /I{C541EEFC-49B0-4976-80DB-4D5B78B50114}
Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MultiTranse 5.4.4-->"F:\Downloads\ترجمه\MultiTranse\unins000.exe"
Nanny Mania 2 Hollywood-->"C:\Program Files\iWinGames\Nanny Mania 2 Hollywood\unins000.exe"
Nature 3D Screensaver 1.1-->"F:\Downloads\Nature 3D Screensaver\unins000.exe"
Nature Illusion Studio-->C:\Program Files\Nufsoft\NatureStudio\Uninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{BD49141C-188C-4B75-9F46-C2C42F2D1033}
Nero 7.2.0.3-->"C:\Program Files\Nero\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1-->"C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 10.00-->MsiExec.exe /X{C67F74DC-11CC-4171-9C47-00E72B4F79FC}
Operation Mania-->"G:\games\Operation Mania\ReflexiveArcade\unins000.exe"
Orbit Downloader-->"F:\source\Orbitdownloader youtube\unins000.exe"
Party Down-->"C:\WINDOWS\Party Down\uninstall.exe" "/U:F:\Program Files\Party Down\Uninstall\uninstall.xml"
Pet Show Craze 1.00-->G:\games\ الحقل\Pet Show Craze\Uninstall.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhotoLine, Version 14.51-->"G:\برامج\PhotoLine\unins000.exe"
Pokemon PC 2.0-->G:\AntiArp\Pokemon_PC_2.0_PesMaster_OyunCehennemi\1\unins000.exe
Presentation Wizard-->C:\WINDOWS\ALCHUNIN.EXE f:\ثمزات\INSTALLD.TXT
Prison Tycoon 4: SuperMax-->"G:\Program Files\سجن\unins000.exe"
Ranch Rush 1.00-->g:\Program Files\Ranch Rush\Uninstall.exe
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Restaurant Empire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C0A9803-4592-11D7-B796-0050BFE4DB80}\setup.exe" -l0x9 -uninst
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
School Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CFFE053-748A-44DC-A248-06EA38E4BC03}\Setup.exe"
Sci-Fi Voice Pack-->MsiExec.exe /I{216E21F4-0489-4311-92D6-20D1FB950FCE}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shopping Centre Tycoon-->C:\WINDOWS\SCTUninstaller.exe
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0-->MsiExec.exe /X{4AEA9A23-D627-4699-8A0F-FC474308C2E6}
Spooky Sounds-->MsiExec.exe /I{FF88307C-AEA0-4978-AB94-D5C5BF902B5C}
Sprill-->"G:\games\Sprill\ReflexiveArcade\unins000.exe"
Stand O Food 2-->"C:\WINDOWS\Stand O Food 2\uninstall.exe" "/U:G:\games\Uninstall\uninstall.xml"
Storm Codec-->F:\source\كوديكات\Storm Codec\uninst6.10.00.exe
Sunage-->"G:\AntiArp\89ar\sunage\unins000.exe"
Sunshine Acres-->"C:\WINDOWS\Sunshine Acres\uninstall.exe" "/U:G:\games\sunshine acers\Uninstall\uninstall.xml"
Supermarket Mania-->"C:\WINDOWS\Supermarket Mania\uninstall.exe" "/U:G:\games\store mania\Uninstall\uninstall.xml"
SweetIM for Messenger 2.7-->MsiExec.exe /X{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}
SweetIM Toolbar for Internet Explorer 3.4-->MsiExec.exe /X{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe
The Awakened-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}\setup.exe" -l0x9 -removeonly
The Guild 2 Venice-->MsiExec.exe /I{91077588-AC04-4886-B20B-C8CF1A122F27}
The Rosetta Stone-->C:\WINDOWS\unvise32.exe g:\antiarp\dictionary\TRS Support\uninstal.log
The Water Horse: Legend Of The Deep-->G:\AntiArp\Blast! Entertainment Limited\The Water Horse - Legend Of The Deep\Uninstall.exe
Tomb Raider II Gold-->C:\WINDOWS\IsUninst.exe -f"g:\antiarp\tomb 2\Uninst.isu"
Tomb Raider II-->C:\WINDOWS\IsUninst.exe -f"g:\antiarp\tomb raider 2 gold\Uninst.isu"
Tony Hawks Pro Skater 4-->MsiExec.exe /X{E0F07676-2C60-4465-A727-20DE3BFCABAC}
Total Video Converter 2.50-->"F:\source\Total Video Converter\unins000.exe"
Trophy Bass 2007-->"G:\games\Trophy Bass 2007\uninstall.exe"
Tweak UI-->MsiExec.exe /I{64649281-4B5D-4425-A0F7-E79F6756FFC8}
Twins Visions-->"f:\Program Files\برنامج لللعب بالصور\unins000.exe"
Uninstall trueSpace7.6-->"F:\source\trueSpace76\unins000.exe"
Urban Chaos-->C:\WINDOWS\IsUninst.exe -f"g:\games\urban chaos origin\Uninst.isu" -c"g:\games\urban chaos origin\uninst.dll"
Video Edit Magic 4.4-->"C:\Program Files\Deskshare\Video Edit Magic 4.4\unins000.exe"
Video Edit Magic 4-->"G:\AntiArp\Video Edit Magic 4.4\unins000.exe"
VIP Torrent-->F:\source\VIP Torrent\Uninstall.exe
Vuze-->F:\source\Vuze\uninstall.exe
Winamp-->"F:\source\Winamp new player\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZix-->G:\games\جديد\WinZix\uninstall.exe
WordBanker Multilanguage (Evaluation Version)-->MsiExec.exe /I{DEB6D9F2-0472-4078-9DBD-6D96DB5A1F31}
WWE RAW - Total Edition-->MsiExec.exe /I{BECD7781-1BA0-461B-8389-237B3142868B}
Xara Xtreme Pro 4 Trial-->F:\source\xara\unwise.exe
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe
XPize 4.4 Lite-->C:\WINDOWS\XPize\uninst.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZModeler2 v2.2.1 (Build 957)-->"C:\Program Files\ZModeler3D\unins000.exe"
Zoo Tycoon 2 - Marine Mania-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B406605B-45FE-4D8F-8250-1E77479583AE}

Hosts File Missing
Securitycenter WMI appears to be broken

======System event log======

Computer Name: MOON
Event Code: 7034
Message: The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s).

Record Number: 27
Source Name: Service Control Manager
Time Written: 20090718092320.000000+180
Event Type: error
User:

Computer Name: MOON
Event Code: 7000
Message: The Contrl Center of Storm Media service failed to start due to the following error:
The system cannot find the file specified.

Record Number: 9
Source Name: Service Control Manager
Time Written: 20090718092320.000000+180
Event Type: error
User:

Computer Name: MOON
Event Code: 4198
Message: The system detected an address conflict for IP address 10.0.0.107 with the system
having network hardware address 00:01:02:D0:D2:07. The local interface has been disabled.

Record Number: 6
Source Name: Tcpip
Time Written: 20090718092259.000000+180
Event Type: error
User:

Computer Name: MOON
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 4
Source Name: DCOM
Time Written: 20090718092213.000000+180
Event Type: error
User: MOON\XPPRESP3

Computer Name: MOON
Event Code: 1005
Message: Your computer has detected that the IP address 10.0.0.107 for the Network Card
with network address 0005001914FC is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Record Number: 3
Source Name: Dhcp
Time Written: 20090718092137.000000+180
Event Type: warning
User:

=====Application event log=====

Computer Name: MOON
Event Code: 1000
Message: Faulting application gta_sa.exe, version 0.0.0.0, faulting module gta_sa.exe, version 0.0.0.0, fault address 0x0032fdba.

Record Number: 1318
Source Name: Application Error
Time Written: 20090512100314.000000+180
Event Type: error
User:

Computer Name: MOON
Event Code: 1000
Message: Faulting application cxsrrs.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Record Number: 1316
Source Name: Application Error
Time Written: 20090512084901.000000+180
Event Type: error
User:

Computer Name: MOON
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 1310
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090512084827.000000+180
Event Type:
User:

Computer Name: MOON
Event Code: 1000
Message: Faulting application cxsrrs.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.

Record Number: 1308
Source Name: Application Error
Time Written: 20090512050458.000000+180
Event Type: error
User:

Computer Name: MOON
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 1302
Source Name: Adobe Active File Monitor 6.0
Time Written: 20090512050426.000000+180
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%USERPROFILE%\Local Settings\Temp
"TMP"=%USERPROFILE%\Local Settings\Temp
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"VLIGHT_ROOT"=F:\source\trueSpace76\tS\VirtuaLight

-----------------EOF-----------------

**tfm_master** · 2009-07-22, 14:50

Logfile of random's system information tool 1.06 (written by random/random)
Run by XPPRESP3 at 2009-07-22 21:51:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 9 GB (30%) free of 30 GB
Total RAM: 959 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:42 PM, on 7/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\source\فلاشه\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
F:\source\DAEMON Tools Lite\daemon.exe
F:\source\فلاشه\BlueSoleil.exe
F:\source\Orbitdownloader youtube\orbitdm.exe
F:\source\Orbitdownloader youtube\orbitnet.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\source\Winamp new player\winamp.exe
C:\Documents and Settings\XPPRESP3\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\XPPRESP3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: gamesfree Toolbar - {7ac1cacf-43d3-4b2b-861c-219bda77ecf1} - C:\Program Files\gamesfree\tbgame.dll
R3 - URLSearchHook: Freez Online TV Toolbar - {a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - C:\Program Files\Freez_Online_TV\tbFree.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - F:\source\Orbitdownloader youtube\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: XBTP02799 - {45CE3BD4-4C94-4c17-8067-769902BDE550} - C:\PROGRA~1\COMMON~1\System\xp\xp.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: gamesfree Toolbar - {7ac1cacf-43d3-4b2b-861c-219bda77ecf1} - C:\Program Files\gamesfree\tbgame.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Freez Online TV Toolbar - {a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - C:\Program Files\Freez_Online_TV\tbFree.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - F:\source\Orbitdownloader youtube\GrabPro.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: xp - {2367DE4F-065D-4638-8C41-4682D7969BAD} - C:\Program Files\Common Files\System\xp\xp.dll
O3 - Toolbar: gamesfree Toolbar - {7ac1cacf-43d3-4b2b-861c-219bda77ecf1} - C:\Program Files\gamesfree\tbgame.dll
O3 - Toolbar: Freez Online TV Toolbar - {a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - C:\Program Files\Freez_Online_TV\tbFree.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [mvload32] C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "F:\source\??I??CE\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [3c550a27] rundll32.exe "C:\WINDOWS\system32\dgaxbxps.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\source\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\source\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Orbit.lnk = F:\source\Orbitdownloader youtube\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://F:\source\Orbitdownloader youtube\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://F:\source\Orbitdownloader youtube\orbitmxt.dll/204
O8 - Extra context menu item: + &Mass Downloader: تحميل هذا الملف - g:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: تحميل &كافة الملفات - g:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://F:\source\Orbitdownloader youtube\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://F:\source\Orbitdownloader youtube\orbitmxt.dll/202
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\bin\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\bin\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\bin\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - g:\Program Files\Mass Downloader\massdown.exe (file missing)
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - g:\Program Files\Mass Downloader\massdown.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{609E47E4-8026-43CD-827B-A5D15FCF92A9}: NameServer = 163.121.128.134 163.121.128.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F97A107-5036-4717-9BF7-A2F6BE5436A7}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{8654ABC6-CFFA-42BC-83B2-AA8717D1FD3A}: NameServer = 163.121.128.134,163.121.128.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCE1487-7F06-4D61-9936-A6C99EE92E20}: NameServer = 163.121.128.134,163.121.128.135
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\source\??CO?\BTNtService.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - F:\source\??I??CE\Storm Codec\stormliv.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - F:\source\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 14054 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\gwmvtjws.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - F:\source\Orbitdownloader youtube\orbitcth.dll [2009-06-09 179400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-13 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
Gossiper Toolbar - C:\Program Files\Gossiper\tbGoss.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45CE3BD4-4C94-4c17-8067-769902BDE550}]
XBTP02799 Class - C:\PROGRA~1\COMMON~1\System\xp\xp.dll [2006-07-11 544768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 434279]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ac1cacf-43d3-4b2b-861c-219bda77ecf1}]
gamesfree Toolbar - C:\Program Files\gamesfree\tbgame.dll [2009-04-01 2086936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4d09ede-8a9c-4090-a54d-5ada4f7fff35}]
Freez Online TV Toolbar - C:\Program Files\Freez_Online_TV\tbFree.dll [2009-05-20 2085400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-28 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-30 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - F:\source\Orbitdownloader youtube\GrabPro.dll [2009-06-09 658552]
{0a452a47-c5a8-4854-a237-4b9b06b376f0} - Gossiper Toolbar - C:\Program Files\Gossiper\tbGoss.dll [2008-09-15 1784856]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-10-30 262144]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{2367DE4F-065D-4638-8C41-4682D7969BAD} - xp - C:\Program Files\Common Files\System\xp\xp.dll [2006-07-11 544768]
{7ac1cacf-43d3-4b2b-861c-219bda77ecf1} - gamesfree Toolbar - C:\Program Files\gamesfree\tbgame.dll [2009-04-01 2086936]
{a4d09ede-8a9c-4090-a54d-5ada4f7fff35} - Freez Online TV Toolbar - C:\Program Files\Freez_Online_TV\tbFree.dll [2009-05-20 2085400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-10-20 921600]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-25 8491008]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-25 81920]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [2006-05-03 36975]
"3PMmUpdate"=rundll32 C:\WINDOWS\Update.dll,Main []
"Babylon Client"=C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"mvload32"=C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe [2008-11-16 80896]
"Microsoft WinUpdate"=C:\WINDOWS\system32\msupdte.exe []
"StormCodec_Helper"=F:\source\كوديكات\Storm Codec\StormSet.exe [2006-09-30 96984]
"Adobe Photo Downloader"=F:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]
"3c550a27"=C:\WINDOWS\system32\dgaxbxps.dll,b []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-05-20 111928]
"Malwarebytes' Anti-Malware"=F:\source\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"DAEMON Tools Lite"=F:\source\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"AdVantage"=C:\Program Files\AdVantage\AdVantage.exe [2008-07-14 884176]
"Messenger (Yahoo!)"=~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2009-05-15 102664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BlueSoleil.lnk - F:\source\فلاشه\BlueSoleil.exe
Orbit.lnk - F:\source\Orbitdownloader youtube\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2006-05-31 52224]
msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DE02F764-C51A-4788-9597-D78ECC2AC08F}"=DE02F764.dll []
"{43ACDCC5-9009-4AF4-B80A-93BC656EF298}"=43ACDCC5.dll []
"{58FF3024-8A83-4B1A-88E9-302F47646EEE}"=58FF3024.dll []
"{D91BC61E-7D78-4A2A-A336-7B97E8E52F0B}"=D91BC61E.dll []
"{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}"=A8FC611B.dll []
"{4D023DE9-F4B5-4BE0-99C6-7C7AD0CF5426}"=4D023DE9.dll []
"{DA63E650-537C-4042-87BB-9D19D844680B}"=DA63E650.dll []
"{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}"=08223B03.dll []
"{9F684DE8-3E87-4174-9033-E02A3DFD8B61}"=9F684DE8.dll []
"{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}"=4BF9CBA3.dll []
"{12B02216-AC3F-42A7-8313-449771237061}"=12B02216.dll []
"{9CA963CA-107C-4089-B0AB-31380F90D7E3}"=9CA963CA.dll []
"{CABA599D-5089-4865-9420-E41FA3C1F55F}"=CABA599D.dll []
"{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}"=495271CA.dll []
"{3474A8C2-BEF9-46C8-983A-A26A0030EC30}"=3474A8C2.dll []
"{E3367679-4775-4244-A62E-4CFE58FC850B}"=E3367679.dll []
"{4F34C688-FD49-42FC-97F7-87D2F5791612}"=4F34C688.dll []
"{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}"=B3721C07.dll []
"{E0D39066-96D7-4891-8527-488ADAFCD60F}"=E0D39066.dll []
"{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}"=122B901E.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqOIaaW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceClassicControlPanel"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe"="C:\Program Files\Internet Explorer\PLUGINS\cxsrrs.exe:*:Enabled:IE updater"
"C:\WINDOWS\jsgjhfekis.exe"="C:\WINDOWS\jsgjhfekis.exe:*:Enabled:utorrent7"
"F:\source\F056~1\STORMC~1\Stormser.exe"="F:\source\F056~1\STORMC~1\Stormser.exe:*:Enabled:@xpsp2res.dll,-22008"
"F:\source\كوديكات\Storm Codec\Storm.exe"="F:\source\كوديكات\Storm Codec\Storm.exe:*:Enabled:±©·çس°زô"
"F:\source\كوديكات\Storm Codec\stormliv.exe"="F:\source\كوديكات\Storm Codec\stormliv.exe:*:Enabled:±©·çس°زôأ½جه؟طضئضذذؤ"
"F:\source\كوديكات\Storm Codec\Stormser.exe"="F:\source\كوديكات\Storm Codec\Stormser.exe:*:Enabled:@xpsp2res.dll,-22008"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"G:\games\zootycoon\zt2\zt.exe"="G:\games\zootycoon\zt2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"G:\games\zootycoon\zoo2\zt.exe"="G:\games\zootycoon\zoo2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"F:\source\Orbitdownloader youtube\orbitdm.exe"="F:\source\Orbitdownloader youtube\orbitdm.exe:*:Enabled:Orbit"
"F:\source\Orbitdownloader youtube\orbitnet.exe"="F:\source\Orbitdownloader youtube\orbitnet.exe:*:Enabled:Orbit"
"C:\Documents and Settings\XPPRESP3\Application Data\Facebook\facebook.exe"="C:\Documents and Settings\XPPRESP3\Application Data\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ce0787f-f340-11dd-95f7-101111111111}]
shell\AutoRun\command - J:\sv8c2bjw.bat
shell\open\command - J:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b0224f-9e6c-11dd-b6f6-806d6172696f}]
shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b02251-9e6c-11dd-b6f6-806d6172696f}]
shell\AutoRun\command - C:\sv8c2bjw.bat
shell\open\command - C:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b02252-9e6c-11dd-b6f6-806d6172696f}]
shell\AutoRun\command - E:\sv8c2bjw.bat
shell\open\command - E:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b02253-9e6c-11dd-b6f6-806d6172696f}]
shell\AutoRun\command - F:\sv8c2bjw.bat
shell\open\command - F:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54b02254-9e6c-11dd-b6f6-806d6172696f}]
shell\AutoRun\command - G:\sv8c2bjw.bat
shell\open\command - G:\sv8c2bjw.bat

======List of files/folders created in the last 1 months======

2009-07-22 21:51:10 ----D---- C:\rsit
2009-07-22 21:51:10 ----D---- C:\Program Files\trend micro
2009-07-16 20:38:21 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Facebook
2009-07-16 08:48:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-16 08:34:08 ----RSH---- C:\sv8c2bjw.bat
2009-07-16 08:25:32 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Malwarebytes
2009-07-16 08:25:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-15 13:39:56 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-07-15 13:39:55 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
2009-07-15 12:37:30 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Winamp
2009-07-15 12:37:29 ----D---- C:\Documents and Settings\All Users\Application Data\DFX
2009-07-15 12:37:27 ----D---- C:\Program Files\Common Files\DFX
2009-07-11 00:10:01 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-07-11 00:07:58 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\InstallShield
2009-07-07 07:21:23 ----A---- C:\WINDOWS\WaterIllusion.ini
2009-07-07 07:19:18 ----D---- C:\Program Files\Nufsoft
2009-06-27 12:24:46 ----D---- C:\tmp

======List of files/folders modified in the last 1 months======

2009-07-22 21:51:10 ----RD---- C:\Program Files
2009-07-22 21:04:32 ----D---- C:\Program Files\Mozilla Firefox
2009-07-22 21:03:55 ----D---- C:\WINDOWS\system32\drivers
2009-07-22 21:03:41 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Orbit
2009-07-22 21:02:55 ----D---- C:\WINDOWS\system32
2009-07-22 21:02:36 ----SD---- C:\WINDOWS\Tasks
2009-07-22 21:02:19 ----SHD---- C:\WINDOWS\CSC
2009-07-22 02:58:06 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Azureus
2009-07-22 02:21:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-22 00:08:22 ----D---- C:\WINDOWS\Prefetch
2009-07-21 23:40:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-21 21:05:51 ----D---- C:\Program Files\AdVantage
2009-07-20 17:31:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-19 17:31:25 ----D---- C:\WINDOWS
2009-07-16 19:29:56 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\Winamp new player
2009-07-16 09:05:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-16 00:18:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-15 13:45:07 ----D---- C:\WINDOWS\system32\temp
2009-07-15 12:37:30 ----D---- C:\Documents and Settings
2009-07-15 12:37:27 ----D---- C:\Program Files\Common Files
2009-07-15 08:48:58 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-07-14 12:45:04 ----D---- C:\WINDOWS\Temp
2009-07-14 12:44:54 ----HD---- C:\WINDOWS\inf
2009-07-11 00:08:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-11 00:08:16 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-11 00:08:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-07 07:02:05 ----RSD---- C:\WINDOWS\Fonts
2009-06-30 00:36:20 ----SHD---- C:\WINDOWS\Installer
2009-06-30 00:36:20 ----HD---- C:\Config.Msi
2009-06-30 00:36:19 ----D---- C:\Program Files\SweetIM
2009-06-23 06:53:13 ----D---- C:\Documents and Settings\XPPRESP3\Application Data\PlayFirst

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-23 271360]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-23 18048]
R2 Vcs;Vcs support; \??\C:\WINDOWS\system32\Drivers\Vcs.sys []
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-10-14 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 ip100Avista;Realtek RTL8139 Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2007-09-04 29824]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-25 6867360]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-01-29 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-02-15 14336]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-27 21920]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-17 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-05 57984]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-06-17 17152]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
S3 4901228;4901228; \??\C:\WINDOWS\system32\4901228.sys []
S3 5102a80;5102a80; \??\C:\WINDOWS\system32\5102a80.sys []
S3 9fd8db;9fd8db; \??\C:\WINDOWS\system32\9fd8db.sys []
S3 aqgfn408;aqgfn408; C:\WINDOWS\system32\drivers\aqgfn408.sys []
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 eth8023;eth8023; C:\WINDOWS\system32\drivers\eth8023.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ISODrive;ISO CD-ROM Device Driver; \??\F:\source\UltraISO\UltraISO\drivers\ISODrive.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;nm; C:\WINDOWS\system32\drivers\nm.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-01-29 54016]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-16 31744]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,57,00,75,00,64,00,66,00,50,00,66,00,2e,00,73,00,79,00,73,00,00,00 []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,00,49,00,56,00,45,00,52,00,53,00,5c,00,77,00,75,00,64,00,66,00,72,00,64,00,2e,00,73,00,79,00,73,00,00,00 []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BlueSoleil Hid Service;BlueSoleil Hid Service; F:\source\فلاشه\BTNtService.exe [2005-04-06 110592]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2006-03-25 98304]
R2 hpqddsvc;خدمة HP CUE DeviceDiscovery (الكشف على أجهزة CUE لـ HP); C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-10-20 507904]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-25 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-22 66872]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; F:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 ccosm;Contrl Center of Storm Media; F:\source\كوديكات\Storm Codec\stormliv.exe /asservice []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280]
S2 MBAMService;MBAMService; F:\source\Malwarebytes' Anti-Malware\mbamservice.exe [2009-07-13 211216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-05 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-07-25 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 []

-----------------EOF-----------------

**tfm_master** · 2009-07-22, 14:53

i wish if u can help me

thank you......

**katana** · 2009-07-22, 15:03

Do you know anything about NOD32 FiX v2.1 ?
It appears to be a program to bypass NOD32 activation

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

**katana** · 2009-07-28, 11:03

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: please any one ..help a.s.a.p (Inactive)

Thread Tools

Display

please any one ..help a.s.a.p (Inactive)

info log

log file

Posting Permissions