Results 1 to 10 of 16

Thread: win32.tdss and hijacking problems

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default win32.tdss and hijacking problems

    Hi, I have a problem with my google searches being redirected on firefox. After scanning with Spybot, it finds win32.tdss.rtk and win32.tdss.reg. I have removed them several times, but they don't seem to go away permanently. Also, this malware is changing my default browser to IE even though I never use it.

    Here is my most recent HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:21:30 AM, on 1/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1237] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6857] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8494] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5303] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7901] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4021] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9899] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4504] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9702] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2705] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1806] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC152] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9025] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2842] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1001] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4942] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9156] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9210] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9642] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5340] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1837] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2376] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2950] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5337] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4473] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4344] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5689] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6793] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1730] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9929] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8129] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6711] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2563] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1707] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3078] command.com /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1897] cmd.exe /c del "C:\WINDOWS\system32\drivers\H8SRTkvscdriutj.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6167] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4329] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3525] command.com /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9531] cmd.exe /c del "C:\WINDOWS\system32\H8SRTbavhonkdqv.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2891] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7847] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1077] command.com /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1209] cmd.exe /c del "C:\WINDOWS\system32\H8SRTfmpfmitrrp.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4992] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5261] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2511] command.com /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7322] cmd.exe /c del "C:\WINDOWS\system32\h8srtkrl32mainweq.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1546] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3096] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4385] command.com /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2884] cmd.exe /c del "C:\WINDOWS\system32\h8srtshsyst.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6637] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1408] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6069] command.com /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2604] cmd.exe /c del "C:\WINDOWS\system32\H8SRTtoewqnmujr.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7425] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8878] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3500] command.com /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4459] cmd.exe /c del "C:\WINDOWS\system32\H8SRTyirwafpbwe.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7050] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2937] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3663] command.com /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6035] cmd.exe /c del "C:\WINDOWS\system32\H8SRTrdlxrqecqj.dat"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
    O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
    O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
    O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1207527428232
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207528360327
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
    O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

    --
    End of file - 14685 bytes

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
    Hi smcaba and welcome to Safer Networking.

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!.
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Download/run Rkill:

    Please download Rkill from one of the following links and save to your Desktop:

    One, Two,Three or Four

    • Double click on Rkill.
    • A command window will open then disappear upon completion, this is normal.
    • Please leave Rkill on the Desktop until otherwise advised.
    Note: If your security software warns about Rkill, please ignore and allow the download to continue.

    Next:

    Please uninstall Spybot S&D, you may reinstall this when I give the all clear.

    Scan with Rooter:

    Please download Rooter to your desktop.
    • Double click on Rooter.exe to start the application.
    • Now click on the Scan button.
    • When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
    • Now click on Close button to exit Rooter.
    Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$


    Scan with RSIT:
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    Make sure that RSIT.exe is on the your Desktop before running the application!
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
    Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

    When completed the above, please post back the following in the order asked for:
    • How is your computer performing now, any further symptoms and or problems encountered?
    • Rooter Log.
    • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default

    As of now, my computer sometimes stalls on startup after the windows logo screen. Sometimes the desktop icons appear, other times it only displays the wallpaper and mouse pointer. Also, there is a process called iexplore.exe that runs on startup that occasionally plays ads that can be heard (for tv shows, cleaning products, etc.). When I end that process, the sound terminates, but the process starts up again almost immediately.

    Some sites are also blocked, such as bleepingcomputer.com, so i had to download rkill on another computer and upload to a filesharing site to use it on this computer.

    Thank you for your time in trying to solve this issue.

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 3
    [32_bits] - x86 Family 15 Model 35 Stepping 2, AuthenticAMD
    .
    [wscsvc] STOPPED (state:1) : Security Center -> Disabled !
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Enabled
    .
    Internet Explorer 7.0.5730.13
    .
    A:\ [Removable]
    C:\ [Fixed-NTFS] .. ( Total:76 Go - Free:9 Go )
    D:\ [CD_Rom]
    F:\ [Fixed-NTFS] .. ( Total:279 Go - Free:52 Go )
    G:\ [CD_Rom]
    .
    Scan : 14:41.44
    Path : C:\Documents and Settings\Shawn\My Documents\Downloads\Rooter.exe
    User : Shawn ( Administrator -> YES )
    .
    ----------------------\\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (936)
    ______ \??\C:\WINDOWS\system32\csrss.exe (992)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (1024)
    ______ C:\WINDOWS\system32\services.exe (1072)
    ______ C:\WINDOWS\system32\lsass.exe (1084)
    ______ C:\WINDOWS\system32\svchost.exe (1268)
    ______ C:\WINDOWS\system32\svchost.exe (1356)
    ______ C:\WINDOWS\System32\svchost.exe (1712)
    ______ C:\WINDOWS\System32\svchost.exe (1840)
    ______ C:\WINDOWS\system32\svchost.exe (2008)
    ______ C:\WINDOWS\system32\spoolsv.exe (360)
    ______ C:\WINDOWS\Explorer.EXE (772)
    ______ C:\WINDOWS\system32\ctfmon.exe (864)
    ______ C:\Program Files\Razer\Diamondback\razerhid.exe (1536)
    ______ C:\WINDOWS\CTHELPER.EXE (1544)
    ______ C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (1568)
    ______ C:\Program Files\Microsoft IntelliType Pro\itype.exe (1576)
    ______ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (1612)
    ______ C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (1620)
    ______ C:\Program Files\Java\jre6\bin\jusched.exe (1632)
    ______ C:\Program Files\iTunes\iTunesHelper.exe (1664)
    ______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (1776)
    ______ C:\WINDOWS\System32\svchost.exe (584)
    ______ C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (616)
    ______ C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (252)
    ______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (648)
    ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (692)
    ______ C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (696)
    ______ C:\Program Files\Bonjour\mDNSResponder.exe (736)
    ______ C:\Program Files\Java\jre6\bin\jqs.exe (132)
    ______ C:\WINDOWS\System32\svchost.exe (1144)
    ______ C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (1532)
    ______ C:\WINDOWS\system32\wuauclt.exe (2184)
    ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (2276)
    ______ C:\Program Files\iPod\bin\iPodService.exe (2372)
    ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2448)
    ______ C:\Program Files\Razer\Diamondback\razertra.exe (2788)
    ______ C:\Program Files\Razer\Diamondback\razerofa.exe (2872)
    ______ C:\Program Files\Mozilla Firefox\firefox.exe (2884)
    ______ C:\WINDOWS\System32\alg.exe (3928)
    ______ C:\Documents and Settings\Shawn\My Documents\Downloads\Rooter.exe (3572)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (304)
    .
    ----------------------\\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:82335020544)
    .
    ----------------------\\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At12.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At16.job
    C:\WINDOWS\Tasks\At17.job
    C:\WINDOWS\Tasks\At18.job
    C:\WINDOWS\Tasks\At19.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At20.job
    C:\WINDOWS\Tasks\At21.job
    C:\WINDOWS\Tasks\At22.job
    C:\WINDOWS\Tasks\At23.job
    C:\WINDOWS\Tasks\At24.job
    C:\WINDOWS\Tasks\At25.job
    C:\WINDOWS\Tasks\At26.job
    C:\WINDOWS\Tasks\At27.job
    C:\WINDOWS\Tasks\At28.job
    C:\WINDOWS\Tasks\At29.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At30.job
    C:\WINDOWS\Tasks\At31.job
    C:\WINDOWS\Tasks\At32.job
    C:\WINDOWS\Tasks\At33.job
    C:\WINDOWS\Tasks\At34.job
    C:\WINDOWS\Tasks\At35.job
    C:\WINDOWS\Tasks\At36.job
    C:\WINDOWS\Tasks\At37.job
    C:\WINDOWS\Tasks\At38.job
    C:\WINDOWS\Tasks\At39.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At40.job
    C:\WINDOWS\Tasks\At41.job
    C:\WINDOWS\Tasks\At42.job
    C:\WINDOWS\Tasks\At43.job
    C:\WINDOWS\Tasks\At44.job
    C:\WINDOWS\Tasks\At45.job
    C:\WINDOWS\Tasks\At46.job
    C:\WINDOWS\Tasks\At47.job
    C:\WINDOWS\Tasks\At48.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\SA.DAT
    .
    ----------------------\\ Registry
    .
    .
    ----------------------\\ Files & Folders
    .
    ----------------------\\ Scan completed at 14:42.47
    .
    C:\Rooter$\Rooter_1.txt - (21/01/2010 | 14:42.47)

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default info.txt

    info.txt logfile of random's system information tool 1.06 2010-01-21 14:45:42

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Amazing Slow Downer (remove only)-->"C:\Program Files\Roni Music\Amazing Slow Downer PA\uninstall.exe"
    AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
    AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
    AOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
    AOL Uninstaller-->C:\Program Files\Common Files\AOL\uninstaller.exe
    Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
    Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
    Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
    BioShock-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7670
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Bulk Image Downloader v1.38.0.3-->"C:\Program Files\Bulk Image Downloader\unins000.exe"
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
    Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
    Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
    Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
    DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
    DotA Client Build 2.2 Beta-->"C:\Program Files\DotA Gaming Network\unins000.exe"
    DotA Client Build 2.31 Beta-->"C:\Program Files\DotA Gaming Network\unins001.exe"
    DotA Client Build 2.4 Beta-->"C:\Program Files\DotA Gaming Network\unins002.exe"
    Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
    DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
    DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2-->"C:\Program Files\DVDFab 5\unins000.exe"
    ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
    ffdshow [rev 1685] [2007-12-06]-->"C:\Program Files\ffdshow\unins000.exe"
    FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
    Garena-->C:\Program Files\Garena\uninst.exe
    GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
    Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Heroes of Newerth-->C:\Program Files\Heroes of Newerth\uninstall.exe
    HijackThis 2.0.2-->"C:\Documents and Settings\Shawn\My Documents\Downloads\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
    iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
    Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    MixMeister Fusion 7.3.5-->"C:\Program Files\MixMeister Fusion\unins000.exe"
    MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
    Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    Nero 7 Ultra Edition-->MsiExec.exe /X{293C9DF5-7669-4826-BBB2-E1F182D71033}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
    PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
    Portal: The First Slice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/410
    PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
    Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
    QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
    Razer Diamondback-->C:\Program Files\InstallShield Installation Information\{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}\setup.exe -runfromtemp -l0x0009 -removeonly
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
    Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Street Fighter IV-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21660
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    TigerGame PS/PS2 Game Controller Adapter-->C:\PROGRA~1\SUPERJ~1\UNWISE.EXE C:\PROGRA~1\SUPERJ~1\INSTALL.LOG
    Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    Warkeys 1.13.1.0b-->C:\Program Files\Warkeys\uninst.exe
    WD Drive Manager (x86)-->MsiExec.exe /X{1C504B59-FFBF-4A65-9E0E-FE06159CAB9B}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Zoom Player (remove only)-->"C:\Program Files\Zoom Player\uninstall.exe"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: Malware Defense (outdated)

    ======System event log======

    Computer Name: SHAWNSKEET
    Event Code: 7901
    Message: The At24.job command failed to start due to the following error:
    %%2147942402

    Record Number: 43076
    Source Name: Schedule
    Time Written: 20091216230000.000000-480
    Event Type: error
    User:

    Computer Name: SHAWNSKEET
    Event Code: 7901
    Message: The At47.job command failed to start due to the following error:
    %%2147942402

    Record Number: 43075
    Source Name: Schedule
    Time Written: 20091216220000.000000-480
    Event Type: error
    User:

    Computer Name: SHAWNSKEET
    Event Code: 7901
    Message: The At23.job command failed to start due to the following error:
    %%2147942402

    Record Number: 43074
    Source Name: Schedule
    Time Written: 20091216220000.000000-480
    Event Type: error
    User:

    Computer Name: SHAWNSKEET
    Event Code: 7901
    Message: The At46.job command failed to start due to the following error:
    %%2147942402

    Record Number: 43073
    Source Name: Schedule
    Time Written: 20091216210000.000000-480
    Event Type: error
    User:

    Computer Name: SHAWNSKEET
    Event Code: 7901
    Message: The At22.job command failed to start due to the following error:
    %%2147942402

    Record Number: 43072
    Source Name: Schedule
    Time Written: 20091216210000.000000-480
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: SHAWNSKEET
    Event Code: 1517
    Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 5565
    Source Name: Userenv
    Time Written: 20090531032617.000000-420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: SHAWNSKEET
    Event Code: 1517
    Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 5560
    Source Name: Userenv
    Time Written: 20090530160717.000000-420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: SHAWNSKEET
    Event Code: 1517
    Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 5558
    Source Name: Userenv
    Time Written: 20090529185236.000000-420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: SHAWNSKEET
    Event Code: 1517
    Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 5552
    Source Name: Userenv
    Time Written: 20090529174925.000000-420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: SHAWNSKEET
    Event Code: 1517
    Message: Windows saved user SHAWNSKEET\Shawn registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Record Number: 5546
    Source Name: Userenv
    Time Written: 20090528233938.000000-420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2302
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Shawn at 2010-01-21 14:45:34
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 10 GB (13%) free of 79 GB
    Total RAM: 1023 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:45:39 PM, on 1/21/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16945)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Razer\Diamondback\razerhid.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Razer\Diamondback\razertra.exe
    C:\Program Files\Razer\Diamondback\razerofa.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Shawn\Desktop\RSIT.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\Shawn.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
    O8 - Extra context menu item: Enqueue link target with Bulk Ima&ge Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
    O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
    O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1207527428232
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207528360327
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
    O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

    --
    End of file - 7802 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At25.job
    C:\WINDOWS\tasks\At26.job
    C:\WINDOWS\tasks\At27.job
    C:\WINDOWS\tasks\At28.job
    C:\WINDOWS\tasks\At29.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At30.job
    C:\WINDOWS\tasks\At31.job
    C:\WINDOWS\tasks\At32.job
    C:\WINDOWS\tasks\At33.job
    C:\WINDOWS\tasks\At34.job
    C:\WINDOWS\tasks\At35.job
    C:\WINDOWS\tasks\At36.job
    C:\WINDOWS\tasks\At37.job
    C:\WINDOWS\tasks\At38.job
    C:\WINDOWS\tasks\At39.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At40.job
    C:\WINDOWS\tasks\At41.job
    C:\WINDOWS\tasks\At42.job
    C:\WINDOWS\tasks\At43.job
    C:\WINDOWS\tasks\At44.job
    C:\WINDOWS\tasks\At45.job
    C:\WINDOWS\tasks\At46.job
    C:\WINDOWS\tasks\At47.job
    C:\WINDOWS\tasks\At48.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Diamondback"=C:\Program Files\Razer\Diamondback\razerhid.exe [2007-02-14 147456]
    "CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
    "CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
    "Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-08-08 148760]
    "itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-07-07 576320]
    "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
    "WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2009-05-27 450560]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
    "Aim6"= []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-10-20 34904]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1209320322\EE\AOLHostManager.exe [2006-03-10 13416]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-07-07 600896]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
    C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-04-05 99480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    realsched.exe -osboot []

    C:\Documents and Settings\Shawn\Start Menu\Programs\Startup
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2009-11-24 155648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableTaskmgr"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
    "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
    "C:\Program Files\Common Files\AOL\1209320322\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1209320322\EE\AOLServiceHost.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
    "C:\Program Files\Common Files\AOL\1209320322\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1209320322\EE\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
    "C:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe"="C:\Program Files\Steam\steamapps\common\street fighter iv\SF4Launcher.exe:*:Enabled:Street Fighter IV"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\steamapps\common\bioshock\Builds\Release\Bioshock.exe:*:Enabled:BioShock"
    "C:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe"="C:\Program Files\Steam\steamapps\common\street fighter iv\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fc2d3aa-4311-11de-8439-00038a000015}]
    shell\AutoRun\command - E:\Autorun.exe /run
    shell\Shell00\command - E:\Autorun.exe /run
    shell\Shell01\command - E:\Autorun.exe /action
    shell\Shell02\command - E:\Autorun.exe /uninstall

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5305eeae-dc7b-11dd-8363-00038a000015}]
    shell\AutoRun\command - H:\LaunchU3.exe -a


    ======List of files/folders created in the last 1 months======

    2010-01-21 14:45:34 ----D---- C:\rsit
    2010-01-21 14:42:47 ----D---- C:\Rooter$
    2010-01-21 13:07:37 ----A---- C:\WINDOWS\ntbtlog.txt
    2010-01-21 12:20:47 ----SHD---- C:\Config.Msi
    2010-01-18 05:23:36 ----N---- C:\WINDOWS\{00000005-00000000-00000006-00001102-00000004-20021102}.BAK
    2010-01-18 02:10:07 ----D---- C:\Program Files\Trend Micro
    2010-01-18 02:00:29 ----D---- C:\Program Files\ERUNT
    2010-01-18 01:00:05 ----D---- C:\Program Files\CCleaner
    2010-01-18 00:42:47 ----D---- C:\Program Files\Viewpoint
    2010-01-16 04:45:48 ----A---- C:\WINDOWS\wininit.ini
    2010-01-15 00:14:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2010-01-14 23:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-01-14 23:40:37 ----D---- C:\Program Files\SUPERAntiSpyware
    2010-01-14 23:40:37 ----D---- C:\Documents and Settings\Shawn\Application Data\SUPERAntiSpyware.com
    2010-01-14 17:33:12 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
    2010-01-13 12:24:45 ----D---- C:\Documents and Settings\Shawn\Application Data\ATI
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\Oemdspif.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ativcoxx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atitvo32.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atipdlxx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atiok3x2.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atioglxx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIODE.exe
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atimpc32.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atikvmag.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atiiiexx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\aticalrt.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\aticaldd.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\aticalcl.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atibtmon.exe
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\atiadlxx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ati2evxx.exe
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ati2evxx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\ati2edxx.dll
    2010-01-13 12:20:56 ----A---- C:\WINDOWS\system32\amdpcom32.dll
    2010-01-13 12:20:44 ----D---- C:\Program Files\ATI
    2010-01-13 12:19:42 ----D---- C:\ATI
    2010-01-12 23:46:36 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
    2010-01-12 17:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
    2009-12-30 22:02:28 ----D---- C:\Documents and Settings\Shawn\Application Data\Bioshock

    ======List of files/folders modified in the last 1 months======

    2010-01-21 14:41:40 ----D---- C:\WINDOWS\Prefetch
    2010-01-21 14:40:55 ----D---- C:\Program Files\Spybot - Search & Destroy
    2010-01-21 14:40:54 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2010-01-21 14:37:32 ----D---- C:\WINDOWS\Temp
    2010-01-21 14:37:32 ----D---- C:\WINDOWS\system32
    2010-01-21 14:37:19 ----D---- C:\Program Files\Mozilla Firefox
    2010-01-21 14:36:43 ----D---- C:\WINDOWS
    2010-01-21 13:06:38 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-01-21 12:20:51 ----SHD---- C:\WINDOWS\Installer
    2010-01-21 12:20:49 ----D---- C:\Program Files
    2010-01-21 12:20:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-01-21 12:20:41 ----D---- C:\WINDOWS\system32\drivers
    2010-01-21 12:20:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2010-01-21 12:16:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-01-21 12:15:17 ----HD---- C:\WINDOWS\inf
    2010-01-21 12:14:36 ----HD---- C:\WINDOWS\$hf_mig$
    2010-01-18 23:53:32 ----D---- C:\Program Files\Steam
    2010-01-18 20:00:00 ----A---- C:\WINDOWS\win.ini
    2010-01-18 16:22:12 ----A---- C:\WINDOWS\NeroDigital.ini
    2010-01-18 16:22:09 ----D---- C:\Program Files\Zoom Player
    2010-01-18 05:12:16 ----D---- C:\WINDOWS\ERDNT
    2010-01-18 01:02:24 ----D---- C:\WINDOWS\Debug
    2010-01-18 01:02:23 ----D---- C:\WINDOWS\Minidump
    2010-01-18 00:42:49 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2010-01-17 17:19:11 ----D---- C:\Program Files\iPod
    2010-01-16 16:25:30 ----D---- C:\Program Files\Heroes of Newerth
    2010-01-15 04:54:45 ----D---- C:\Program Files\Common Files
    2010-01-15 03:21:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-01-15 00:14:25 ----D---- C:\WINDOWS\WinSxS
    2010-01-14 23:40:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2010-01-14 21:09:02 ----SD---- C:\WINDOWS\Tasks
    2010-01-14 20:36:55 ----ASH---- C:\boot.ini
    2010-01-14 20:36:55 ----A---- C:\WINDOWS\system.ini
    2010-01-14 18:40:49 ----RSD---- C:\WINDOWS\assembly
    2010-01-14 18:29:48 ----D---- C:\Program Files\RealMedia
    2010-01-13 12:24:47 ----D---- C:\WINDOWS\system32\config
    2010-01-13 12:23:51 ----D---- C:\WINDOWS\Help
    2010-01-13 12:20:58 ----D---- C:\WINDOWS\system32\CatRoot
    2010-01-13 12:19:06 ----D---- C:\WINDOWS\nvidia icons
    2010-01-13 12:16:27 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-01-12 17:32:58 ----D---- C:\WINDOWS\AppPatch
    2010-01-04 16:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-12-30 21:50:05 ----D---- C:\WINDOWS\system32\DirectX
    2009-12-29 01:37:51 ----D---- C:\Documents and Settings\Shawn\Application Data\utorrent

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
    R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-08-23 12160]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-06 56108]
    R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-04-27 8552]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-24 4463104]
    R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
    R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
    R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
    R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
    R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
    R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
    R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
    R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-23 25280]
    R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 MayPro;TigerGame SuperJoy Box Pro Filter Service; C:\WINDOWS\System32\Drivers\MayPro.sys [2006-05-05 12160]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
    R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-06 47360]
    R3 Razerlow;Razerlow USB Filter Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-04-24 13225]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-08-19 189568]
    S3 abqfdoar;abqfdoar; C:\WINDOWS\system32\drivers\abqfdoar.sys []
    S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
    S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
    S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Shawn\LOCALS~1\Temp\UWD9.tmp []
    S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
    S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-08-08 410904]
    R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
    R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
    R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-05-27 102400]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
    S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-24 602112]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •