My system runs very slow - Free Antivirus Forum

My system runs very slow

BullGuard Antivirus Forum > Virus > Alerts & New Threats > My system runs very slow

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-12-2009 3:52 (GMT +1)

please help my system runs very slow though I have a very good configuration. please help me

Below is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:01 PM, on 11/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BullGuardUpdate.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BsGaming.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\SearchIndexer.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\bullguard.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
F:\WINDOWS\system32\notepad.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
F:\Program Files\Windows Desktop Search\WindowsSearch.exe
F:\Program Files\Microsoft Office\Office12\EXCEL.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\SearchProtocolHost.exe
F:\Documents and Settings\Jonathan\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - F:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - F:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - F:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - F:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BullGuard] "F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\bullguard.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yodm3D] F:\Documents and Settings\Jonathan\My Documents\Downloads\Ubuntu_XP_by_ShamusHand\Yod'm 3D\Yodm3D.exe
O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BullGuard] "F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\bullguard.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] F:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.3)_Gecko/20090824_Firefox/3.5.3_(.NET_CLR_3.5.30729)" -"http://www.cricinfo.com/compaq/engine/current/match/403383.html?template=cricinfo3d"
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.bullhorn.com
O15 - Trusted Zone: *.bullhornstaffing.com
O16 - DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} (BullhornConfigTool.activeXComponent) - http://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{916D7F3D-FCC4-49DD-BB54-DC86058F0751}: NameServer = 202.71.156.176,202.71.156.177
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\support\bgrasvc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard Gaming Service (BsGaming) - BullGuard Software - F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BsGaming.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10727 bytes

Post Edited (Jonathan gudime) : 12-11-2009 17:03:14 GMT

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-13-2009 5:40 (GMT +1)

Welcome to BG forums Jonathan gudime,

The log shows at least one adware, with that SweetIM toolbar installed. And an unusual Registry policy setting. Let's get more details and then start some repairs.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-16-2009 2:30 (GMT +1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jonathan at 2009-11-16 08:28:50
WIN_XP Service Pack 3
System drive F: has 60 GB (67%) free of 89 GB
Total RAM: 1023 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:01 AM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Jonathan\My Documents\Downloads\RSIT.exe
F:\Program Files\trend micro\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - F:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - F:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - F:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] F:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.3)_Gecko/20090824_Firefox/3.5.3_(.NET_CLR_3.5.30729)" -"http://www.cricinfo.com/compaq/engine/current/match/403383.html?template=cricinfo3d"
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-21-1177238915-1417001333-1801674531-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1177238915-1417001333-1801674531-1004\..\RunOnce: [Shockwave Updater] F:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.3)_Gecko/20090824_Firefox/3.5.3_(.NET_CLR_3.5.30729)" -"http://www.cricinfo.com/compaq/engine/current/match/403383.html?template=cricinfo3d" (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.bullhorn.com
O15 - Trusted Zone: *.bullhornstaffing.com
O16 - DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} (BullhornConfigTool.activeXComponent) - http://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{916D7F3D-FCC4-49DD-BB54-DC86058F0751}: NameServer = 203.145.184.13,202.71.156.177
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

--
End of file - 7415 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\MP Scheduled Scan.job
F:\WINDOWS\tasks\User_Feed_Synchronization-{9838CD9C-3F6F-45A5-9F08-C714B47431DE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-10 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - F:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-10 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - F:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-10 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - F:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - F:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Copernic Desktop Search - Home Toolbar - F:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000311.dll [2009-02-26 2306448]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - F:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
Locked
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - F:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-10 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-10 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=F:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
F:\Program Files\Ares\Ares.exe [2009-11-05 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
F:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard]
F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\bullguard.exe [2009-11-11 304464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
F:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2009-03-19 1602048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
F:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
F:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
F:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-09-13 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
F:\Program Files\HP\HP UT\bin\hppusg.exe [2005-09-07 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
F:\Program Files\LogMeIn\x86\LogMeInSystray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
~F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
F:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
F:\Program Files\Analog Devices\SoundMAX\smax4.exe [2005-09-07 716800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre6\bin\jusched.exe [2009-02-16 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
F:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-10 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
F:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
F:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-30 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
F:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2006-10-06 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
F:\Program Files\uTorrent\uTorrent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
F:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
F:\Documents and Settings\Jonathan\My Documents\Downloads\Ubuntu_XP_by_ShamusHand\Yod'm 3D\Yodm3D.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
F:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
F:\PROGRA~1\WINDOW~4\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
F:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasMan"=3
"RDSessMgr"=3
"RasAuto"=3
"xmlprov"=3
"WZCSVC"=2
"WudfSvc"=2
"wuauserv"=2
"WSearch"=2
"wscsvc"=2
"WMPNetworkSvc"=3
"WmiApSrv"=3
"WmdmPmSN"=3
"winmgmt"=2
"WinDefend"=2
"WebClient"=2
"W32Time"=2
"VSS"=3
"UPS"=3
"upnphost"=3
"TrkWks"=2
"Themes"=2
"TermService"=3
"TapiSrv"=3
"SysmonLog"=3
"SwPrv"=3
"stisvc"=2
"SSDPSRV"=3
"srservice"=2
"Spooler"=2
"ShellHWDetection"=2
"SharedAccess"=2
"ServiceLayer"=3
"SENS"=2
"seclogon"=2
"Schedule"=2
"SCardSvr"=3
"SamSs"=2
"RSVP"=3
"ProtectedStorage"=2
"PolicyAgent"=2
"Pml Driver HPZ12"=2
"PlugPlay"=2
"ose"=3
"odserv"=3
"NtmsSvc"=3
"NtLmSsp"=3
"nSvcLog"=2
"nSvcIp"=2
"Nla"=3
"Netman"=3
"Netlogon"=3
"napagent"=3
"MSIServer"=3
"MSDTC"=3
"mnmsrvc"=3
"Microsoft Office Groove Audit Service"=3
"LmHosts"=2
"lanmanworkstation"=2
"lanmanserver"=2
"JavaQuickStarterService"=2
"ImapiService"=3
"idsvc"=3
"HTTPFilter"=3
"hkmsvc"=3
"HidServ"=2
"helpsvc"=2
"gusvc"=3
"ForcewareWebInterface"=2
"FontCache3.0.0.0"=3
"FastUserSwitchingCompatibility"=3
"EventSystem"=3
"Eventlog"=2
"ERSvc"=2
"EapHost"=3
"Dot3svc"=3
"Dnscache"=2
"dmserver"=3
"dmadmin"=3
"Dhcp"=2
"CryptSvc"=2
"COMSysApp"=3
"clr_optimization_v2.0.50727_32"=3
"CiSvc"=3
"BsGaming"=2
"BsFire"=2
"BsFileScan"=2
"Browser"=2
"Bonjour Service"=2
"BITS"=2
"BGRaSvc"=3
"BgMainSvc"=2
"BgLiveSvc"=2
"AudioSrv"=2
"ATI Smart"=2
"Ati HotKey Poller"=2
"aspnet_state"=3
"AppMgmt"=3
"ALG"=3
"Alerter"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
F:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
F:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=F:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=F:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BgLiveSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BgMainSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"F:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="F:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Program Files\Messenger\msmsgs.exe"="F:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\Program Files\Ares\Ares.exe"="F:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server"
"F:\WINDOWS\system32\sessmgr.exe"="F:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"F:\Program Files\Google\Google Talk\googletalk.exe"="F:\Program Files\Google\Google Talk\googletalk.exe:*:Disabled:Google Talk"
"F:\Program Files\Yahoo!\Messenger\YServer.exe"="F:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"E:\setup\HPZnet01.exe"="E:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\hppnicifs01.exe"="E:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe"
"E:\setup\hpntwkexe.exe"="E:\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{042cbda8-46d1-11de-bb26-001bfc220299}]
shell\Autoplay\command - G:\mfhy.exe
shell\AutoRun\command - G:\mfhy.exe
shell\eXplorE\command - G:\mfhy.exe
shell\oPeN\command - G:\mfhy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ae78ac4-0412-11de-badd-001bfc220299}]
shell\aUtoPlaY\command - H:\isifp.exe
shell\AutoRun\command - H:\isifp.exe
shell\eXplORe\command - H:\isifp.exe
shell\OpeN\command - H:\isifp.exe

======List of files/folders created in the last 1 months======

2009-11-16 08:28:50 ----D---- F:\rsit
2009-11-16 08:28:50 ----D---- F:\Program Files\trend micro
2009-11-13 15:22:10 ----D---- F:\Program Files\Ares
2009-11-12 17:41:00 ----HDC---- F:\WINDOWS\$NtUninstallKB969947$
2009-11-11 11:29:03 ----A---- F:\WINDOWS\system32\lccl.dll
2009-11-11 11:29:03 ----A---- F:\WINDOWS\system32\client_cc.dll
2009-11-11 11:28:57 ----A---- F:\WINDOWS\system32\BgOutlookHook.dll
2009-11-11 11:28:25 ----A---- F:\WINDOWS\system32\BGLsp.dll
2009-11-11 11:16:24 ----D---- F:\Documents and Settings\Jonathan\Application Data\BullGuard
2009-11-11 10:16:31 ----D---- F:\Documents and Settings\All Users\Application Data\BullGuard
2009-11-11 10:15:25 ----D---- F:\Program Files\BullGuard Ltd
2009-11-11 09:18:44 ----D---- F:\Documents and Settings\Jonathan\Application Data\Google
2009-11-10 17:38:24 ----HDC---- F:\WINDOWS\ie8
2009-11-10 17:37:29 ----D---- F:\Documents and Settings\All Users\Application Data\Google
2009-11-06 15:19:13 ----D---- F:\Documents and Settings\Jonathan\Application Data\InfraRecorder
2009-11-06 15:18:43 ----D---- F:\Program Files\InfraRecorder
2009-11-06 08:10:57 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-11-05 08:16:19 ----A---- F:\WINDOWS\wininit.ini
2009-10-21 15:47:22 ----D---- F:\Documents and Settings\Jonathan\Application Data\Styler
2009-10-21 15:26:03 ----D---- F:\Program Files\Styler
2009-10-21 14:38:09 ----A---- F:\WINDOWS\_MSRSTRT.EXE
2009-10-21 14:34:10 ----D---- F:\Program Files\Theme_XP
2009-10-21 14:28:01 ----D---- F:\Program Files\FileSubmit
2009-10-21 14:28:00 ----D---- F:\WINDOWS\Icons

======List of files/folders modified in the last 1 months======

2009-11-16 08:28:50 ----RD---- F:\Program Files
2009-11-16 08:26:51 ----D---- F:\Program Files\Mozilla Firefox
2009-11-16 08:26:07 ----A---- F:\WINDOWS\win.ini
2009-11-16 08:26:07 ----A---- F:\WINDOWS\system.ini
2009-11-16 08:09:25 ----D---- F:\WINDOWS
2009-11-16 07:59:18 ----D---- F:\WINDOWS\Prefetch
2009-11-16 07:51:24 ----SD---- F:\WINDOWS\Tasks
2009-11-16 07:50:06 ----D---- F:\WINDOWS\Temp
2009-11-13 17:02:22 ----HD---- F:\Config.Msi
2009-11-13 13:27:29 ----D---- F:\WINDOWS\system32\CatRoot2
2009-11-13 09:25:03 ----SHD---- F:\WINDOWS\Installer
2009-11-13 09:24:21 ----RSD---- F:\WINDOWS\assembly
2009-11-13 09:23:21 ----D---- F:\WINDOWS\system32
2009-11-13 09:21:58 ----D---- F:\WINDOWS\Registration
2009-11-13 09:21:48 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-11-13 09:13:21 ----D---- F:\Program Files\SweetIM
2009-11-12 17:44:18 ----D---- F:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-12 17:42:02 ----D---- F:\WINDOWS\system32\CatRoot
2009-11-12 17:41:51 ----HD---- F:\WINDOWS\inf
2009-11-12 17:41:38 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-11-12 17:41:31 ----A---- F:\WINDOWS\imsins.BAK
2009-11-12 17:41:19 ----D---- F:\WINDOWS\ie8updates
2009-11-12 09:45:08 ----HD---- F:\WINDOWS\$hf_mig$
2009-11-11 11:25:48 ----D---- F:\WINDOWS\network diagnostic
2009-11-11 11:16:05 ----D---- F:\WINDOWS\system32\drivers
2009-11-10 17:42:30 ----D---- F:\WINDOWS\system32\en-us
2009-11-10 17:42:29 ----D---- F:\WINDOWS\Media
2009-11-10 17:42:29 ----D---- F:\WINDOWS\Help
2009-11-10 17:42:29 ----D---- F:\Program Files\Internet Explorer
2009-11-10 17:38:06 ----D---- F:\Program Files\Google
2009-11-05 09:36:22 ----A---- F:\WINDOWS\system32\MRT.exe
2009-11-03 07:31:00 ----D---- F:\Documents and Settings\All Users\Application Data\Adobe
2009-11-02 20:42:06 ----N---- F:\WINDOWS\system32\MpSigStub.exe
2009-11-02 11:03:07 ----D---- F:\Program Files\Common Files\Adobe
2009-10-26 08:22:47 ----SD---- F:\Documents and Settings\Jonathan\Application Data\Microsoft
2009-10-22 09:11:11 ----D---- F:\Documents and Settings\Jonathan\Application Data\vlc
2009-10-22 04:19:04 ----A---- F:\WINDOWS\system32\mshtml.dll
2009-10-21 15:51:45 ----D---- F:\Program Files\Common Files
2009-10-21 14:44:03 ----D---- F:\WINDOWS\system32\Nagasoft
2009-10-21 14:43:35 ----D---- F:\Program Files\LogMeIn
2009-10-21 14:37:47 ----D---- F:\Program Files\Total Video Converter

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; F:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 eeCtrl;Symantec Eraser Control driver; \??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R2 BdFileSpy;BullGuard File Monitor Driver; \??\F:\WINDOWS\system32\drivers\BdFileSpy.sys []
R2 BdGaming;BullGuard Gaming Driver; \??\F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BdGaming.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\F:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 afw;Agnitum firewall driver; F:\WINDOWS\system32\DRIVERS\afw.sys [2009-03-23 31128]
R3 afwcore;afwcore; F:\WINDOWS\system32\DRIVERS\afwcore.sys [2009-03-23 257304]
R3 ati2mtag;ati2mtag; F:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; F:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; F:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; F:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; F:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-12 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; F:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-12 20480]
R3 StillCam;Still Serial Digital Camera Driver; F:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 kbdhid;Keyboard HID Driver; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 adfs;adfs; F:\WINDOWS\system32\drivers\adfs.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\F:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; F:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-06 141312]
S3 AEAudioService;AEAudio Service; F:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 127872]
S3 HidUsb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 lmimirr;lmimirr; F:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
S3 mouhid;Mouse HID Driver; F:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; F:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; F:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; F:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Profos;Profos; \??\F:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys []
S3 SenFiltService;SenFilt Service; F:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-11 393088]
S3 Trufos;Trufos; \??\F:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys []
S3 upperdev;upperdev; F:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbser;USB Modem Driver; F:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; F:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; F:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; F:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S4 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S4 Ati HotKey Poller;Ati HotKey Poller; F:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
S4 ATI Smart;ATI Smart; F:\WINDOWS\system32\ati2sgag.exe [2006-12-20 520192]
S4 BgLiveSvc;BullGuard LiveUpdate; F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BullGuardUpdate.exe [2009-04-06 300368]
S4 BgMainSvc;BullGuard Main Service; F:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 BGRaSvc;BGRaSvc; F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\support\bgrasvc.exe [2009-06-01 79184]
S4 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 BsFileScan;BullGuard File Scan Service; F:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 BsFire;BullGuard Firewall Service; F:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 BsGaming;BullGuard Gaming Service; F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\BsGaming.exe [2009-04-06 505160]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 ForcewareWebInterface;Forceware Web Interface; F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
S4 gusvc;Google Software Updater; F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-10 182768]
S4 idsvc;Windows CardSpace; f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-02-16 152984]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 nSvcIp;ForceWare IP service; F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
S4 nSvcLog;ForceWare user log service; F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
S4 odserv;Microsoft Office Diagnostics Service; F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Pml Driver HPZ12;Pml Driver HPZ12; F:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S4 ServiceLayer;ServiceLayer; F:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S4 WinDefend;Windows Defender; F:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WSearch;Windows Search; F:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-16-2009 2:30 (GMT +1)

info.txt logfile of random's system information tool 1.06 2009-11-16 08:29:03

======Uninstall list======

-->F:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"F:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Ares 2.1.2-->"F:\Program Files\Ares\uninstall.exe"
ASUS_Ai_Proactive_Screensaver (E)-->F:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr /u
AsusUpdate-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->F:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{685755F8-C74B-4613-8137-C90AF458228D}
ATI Display Driver-->rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BullGuard Gamer's Edition 8.7-->F:\Program Files\BullGuard Ltd\BullGuard Gamer's Edition\uninst.exe
Critical Update for Windows Media Player 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->F:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Talk (remove only)-->"F:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111-->F:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"F:\Documents and Settings\Jonathan\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"F:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"F:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"F:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->F:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP LaserJet 3050/3052/3055/3390/3392 3.0-->"F:\Program Files\HP\Digital Imaging\{E94E150C-762B-4cd1-8A54-7228A07C0710}\setup\hpzscr01.exe" -datfile hppscr01.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
InfraRecorder-->F:\Program Files\InfraRecorder\uninstall.exe
Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"F:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"F:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"F:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.5)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{F0779413-6026-4BC6-97B4-DE8D9CADAFEC}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->F:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
NVIDIA Drivers-->F:\WINDOWS\system32\nvunrm.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
Picasa 3-->"F:\Program Files\Google\Picasa3\Uninstall.exe"
RealPlayer-->F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"F:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"F:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"F:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"F:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"F:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"F:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"F:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"F:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"F:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"F:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"F:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"F:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"F:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"F:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"F:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"F:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"F:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"F:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"F:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"F:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"F:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"F:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"F:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"F:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"F:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"F:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"F:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"F:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"F:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"F:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"F:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"F:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"F:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"F:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"F:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"F:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"F:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"F:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"F:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"F:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"F:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"F:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"F:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"F:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"F:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"F:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"F:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"F:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"F:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"F:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"F:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"F:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"F:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"F:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"F:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"F:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"F:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"F:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"F:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"F:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Update for Windows Internet Explorer 8 (KB975364)-->"F:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"F:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"F:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"F:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"F:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"F:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"F:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 1.0.0-->F:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->F:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u F:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)-->F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
Windows Driver Package - Nokia Modem (02/24/2009 4.0)-->F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->F:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u F:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"F:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"F:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->F:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->F:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U F:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->F:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->F:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=F:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\Program Files\ATI Technologies\ATI.ACE\;F:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-16-2009 6:21 (GMT +1)

Darn - always more complicated when many change have been made using msconfig. Looks like quite a few services over time have been changed with that, so leaves things sorta muddled. You didn't post the Gmer log, but the info already posted shows some type of autorun worm activity, so let's start repairs.

The malware has included an autorun type component, so if any external drives have been used on this computer recently be sure to install them now, and leave them installed until ALL repairs on it are completed. If not, they will remain infected and can re-infect the computer (or others).

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Make a copy of the following list, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

------------------

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{042cbda8-46d1-11de-bb26-001bfc220299}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ae78ac4-0412-11de-badd-001bfc220299}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=-

Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

------------------

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-16-2009 7:00 (GMT +1)

Hi Jintan,

I was running Gmer. there was a power failure and the system shut down. But saw your post do you want that log to be posted .. cos I have to run that again.

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-16-2009 7:12 (GMT +1)

For now go ahead and do the steps I just posted, We will check with Gmer later if needed.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-16-2009 8:14 (GMT +1)

Jintan,

below is the log.

ComboFix 09-11-16.05 - Jonathan 11/16/2009 13:26..2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.744 [GMT -5:00]
Running from: f:\documents and settings\Jonathan\My Documents\Downloads\456out.com.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\_000006_.tmp.dll

f:\windows\system32\DRIVERS\atapi.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 13:28 . 2009-11-16 13:29 -------- d-----w- F:\rsit
2009-11-16 13:28 . 2009-11-16 13:29 -------- d-----w- f:\program files\trend micro
2009-11-13 20:22 . 2009-11-13 20:22 -------- d-----w- f:\program files\Ares
2009-11-12 22:42 . 2009-11-12 22:42 -------- d-sh--w- f:\documents and settings\Default User\IETldCache
2009-11-11 16:29 . 2009-11-11 16:29 14152 ----a-w- f:\windows\system32\lccl.dll
2009-11-11 16:29 . 2009-11-11 16:29 14152 ----a-w- f:\windows\system32\client_cc.dll
2009-11-11 16:28 . 2009-11-11 16:28 19784 ----a-w- f:\windows\system32\BgOutlookHook.dll
2009-11-11 16:28 . 2009-11-11 16:29 87376 ----a-w- f:\windows\system32\BGLsp.dll
2009-11-11 16:16 . 2009-11-11 18:08 -------- d-----w- f:\documents and settings\Jonathan\Application Data\BullGuard
2009-11-11 16:15 . 2009-01-23 13:48 55504 ----a-w- f:\windows\system32\drivers\BdFileSpy.sys
2009-11-11 15:16 . 2009-11-12 14:41 -------- d-----w- f:\documents and settings\All Users\Application Data\BullGuard
2009-11-11 15:15 . 2009-11-11 16:22 -------- d-----w- f:\program files\BullGuard Ltd
2009-11-10 22:38 . 2009-11-10 22:39 -------- dc-h--w- f:\windows\ie8
2009-11-06 20:19 . 2009-11-06 20:21 -------- d-----w- f:\documents and settings\Jonathan\Application Data\InfraRecorder
2009-11-06 20:18 . 2009-11-06 20:18 -------- d-----w- f:\program files\InfraRecorder
2009-11-06 13:14 . 2009-08-31 15:49 52224 ----a-w- f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
2009-11-06 13:14 . 2009-08-31 15:49 114688 ----a-w- f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\npmozax.dll
2009-11-06 13:11 . 2009-11-12 14:34 664 ----a-w- f:\windows\system32\d3d9caps.dat
2009-10-26 13:04 . 2001-08-17 17:48 12160 -c--a-w- f:\windows\system32\dllcache\mouhid.sys
2009-10-26 13:04 . 2001-08-17 17:48 12160 ----a-w- f:\windows\system32\drivers\mouhid.sys
2009-10-21 20:47 . 2009-10-21 20:47 -------- d-----w- f:\documents and settings\Jonathan\Application Data\Styler
2009-10-21 20:26 . 2009-10-21 20:52 -------- d-----w- f:\program files\Styler
2009-10-21 19:38 . 2009-10-21 19:38 2560 ----a-w- f:\windows\_MSRSTRT.EXE
2009-10-21 19:34 . 2009-10-21 19:37 -------- d-----w- f:\documents and settings\Jonathan\Local Settings\Application Data\Theme_XP
2009-10-21 19:34 . 2009-10-21 19:38 -------- d-----w- f:\program files\Theme_XP
2009-10-21 19:28 . 2009-10-21 19:40 -------- d-----w- f:\program files\FileSubmit
2009-10-21 19:28 . 2009-10-21 19:33 -------- d-----w- f:\windows\Icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 14:13 . 2009-04-23 21:28 -------- d-----w- f:\program files\SweetIM
2009-11-12 22:44 . 2009-02-18 13:09 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 22:38 . 2009-03-23 17:23 -------- d-----w- f:\program files\Google
2009-11-03 01:42 . 2009-10-06 12:57 195456 ------w- f:\windows\system32\MpSigStub.exe
2009-11-02 16:03 . 2009-02-11 11:01 -------- d-----w- f:\program files\Common Files\Adobe
2009-10-22 14:11 . 2009-07-16 17:06 -------- d-----w- f:\documents and settings\Jonathan\Application Data\vlc
2009-10-21 19:43 . 2009-10-16 18:23 -------- d-----w- f:\program files\LogMeIn
2009-10-21 19:37 . 2009-04-15 17:30 -------- d-----w- f:\program files\Total Video Converter
2009-09-28 23:34 . 2009-10-16 18:24 83288 ----a-w- f:\windows\system32\LMIRfsClientNP.dll
2009-09-28 23:34 . 2009-10-16 18:24 28984 ----a-w- f:\windows\system32\LMIport.dll
2009-09-28 23:34 . 2009-10-16 18:24 87352 ----a-w- f:\windows\system32\LMIinit.dll
2009-09-22 07:38 . 2009-09-21 16:28 -------- d-----w- f:\documents and settings\Jonathan\Application Data\Softros Messenger
2009-09-21 17:21 . 2009-08-25 19:39 -------- d-----w- f:\program files\AWall
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- f:\windows\system32\msv1_0.dll
2009-09-08 12:51 . 2009-09-08 12:51 488968 ----a-w- f:\documents and settings\Jonathan\Application Data\Real\Update\setup\setup.exe
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- f:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll
2009-08-24 14:21 . 2009-08-24 14:21 36864 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-08-24 14:21 . 2009-08-24 14:21 3351812 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-08-24 14:21 . 2009-08-24 14:21 3181612 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-08-24 14:21 . 2009-08-24 14:21 24501456 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en.exe
2009-08-21 19:40 . 2009-02-10 12:56 82848 ----a-w- f:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- f:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- f:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-10 39408]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="f:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- f:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=f:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^Jonathan^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=f:\documents and settings\Jonathan\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=f:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RasMan"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=2 (0x2)
"wuauserv"=2 (0x2)
"WSearch"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WinDefend"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"nSvcLog"=2 (0x2)
"nSvcIp"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"ForcewareWebInterface"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BsGaming"=2 (0x2)
"BsFire"=2 (0x2)
"BsFileScan"=2 (0x2)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"BGRaSvc"=3 (0x3)
"BgMainSvc"=2 (0x2)
"BgLiveSvc"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Ares\\Ares.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"f:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R2 BdFileSpy;BullGuard File Monitor Driver;f:\windows\system32\drivers\BdFileSpy.sys [11/11/2009 11:15 AM 55504]
R2 BdGaming;BullGuard Gaming Driver;f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\BdGaming.sys [7/29/2008 4:03 AM 11472]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;f:\windows\system32\drivers\LMIRfsDriver.sys [10/16/2009 1:24 PM 47640]
R3 afw;Agnitum firewall driver;f:\windows\system32\drivers\afw.sys [3/23/2009 7:07 AM 31128]
R3 afwcore;afwcore;f:\windows\system32\drivers\afwcore.sys [3/23/2009 7:07 AM 257304]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\f:\program files\LogMeIn\x86\RaInfo.sys --> f:\program files\LogMeIn\x86\RaInfo.sys [?]
S4 BGRaSvc;BGRaSvc;f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\support\BGRaSvc.exe [6/1/2009 6:50 AM 79184]
S4 BsFileScan;BullGuard File Scan Service;f:\windows\System32\svchost.exe -k BullGuard [2/28/2006 7:00 AM 14336]
S4 BsFire;BullGuard Firewall Service;f:\windows\System32\svchost.exe -k BullGuard [2/28/2006 7:00 AM 14336]
S4 BsGaming;BullGuard Gaming Service;f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\BsGaming.exe [4/6/2009 5:32 AM 505160]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 f:\windows\Tasks\MP Scheduled Scan.job
- f:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-11-16 f:\windows\Tasks\User_Feed_Synchronization-{9838CD9C-3F6F-45A5-9F08-C714B47431DE}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: bullhorn.com
Trusted Zone: bullhornstaffing.com
TCP: {916D7F3D-FCC4-49DD-BB54-DC86058F0751} = 203.145.184.13,202.71.156.177
DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} - hxxp://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
FF - ProfilePath - f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL -
FF - component: f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: f:\program files\Copernic Desktop Search - Home\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: f:\program files\Copernic Desktop Search - Home\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - plugin: f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-16 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spng.sys >>UNKNOWN [0x8658C938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7246cb8
\Driver\atapi -> atapi.sys @ 0xf7201b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70f7bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7104a21
SendHandler -> NDIS.sys @ 0xf70e287b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
f:\windows\system32\Ati2evxx.dll
f:\windows\system32\LMIinit.dll
.
Completion time: 2009-11-16 13:39
ComboFix-quarantined-files.txt 2009-11-16 18:39

Pre-Run: 69,795,524,608 bytes free
Post-Run: 69,850,357,760 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /usepmtimer /NoExecute=OptOut

- - End Of File - - 42A1C95D8CB915315F06E928A3E7E94F

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-17-2009 1:56 (GMT +1)

ComboFix indicates an essential boot driver system file has been altered by malware there. Let's verify that, but we will also need to remove Daemon Tools, since the latest version of this also tampers with system boot files ( a terrible chancy idea, just to avoid copy-protection on files).

Go to Start - Programs, and uninstall Daemon Tools and/or Alcohol.

Click here to download Duplex Secure's SPTD installer SPTDinst-v162-x86.exe to your desktop, then click the downloaded file to start the installer. When the option appears select Uninstall, and allow the tool to uninstall SPTD from your system. Be sure to reboot after to complete the removal of the SPTD settings.

Reboot, and run ComboFix again, and post that new C:\ComoboFix.txt log please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-17-2009 2:39 (GMT +1)

Jintan,

I checked for Daemon tools and alcohol but dint find any. Below is the ComboFix log.

ComboFix 09-11-17.03 - Jonathan 11/17/2009 8:18.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.334 [GMT -5:00]
Running from: f:\documents and settings\Jonathan\My Documents\Downloads\456out.com.exe
AV: BullGuard Antivirus *On-access scanning disabled* (Outdated) {7A9BB333-8EDF-4FDC-A2A5-1A30FA021913}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: BullGuard Firewall *disabled* {2AEF4CB6-61B5-4E60-AF22-D95E75B63FA1}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-17 12:58 . 2009-11-17 13:11 79488 ----a-w- f:\documents and settings\Jonathan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-16 13:28 . 2009-11-16 13:29 -------- d-----w- F:\rsit
2009-11-16 13:28 . 2009-11-16 13:29 -------- d-----w- f:\program files\trend micro
2009-11-13 20:22 . 2009-11-13 20:22 -------- d-----w- f:\program files\Ares
2009-11-12 22:42 . 2009-11-12 22:42 -------- d-sh--w- f:\documents and settings\Default User\IETldCache
2009-11-11 16:29 . 2009-11-11 16:29 14152 ----a-w- f:\windows\system32\lccl.dll
2009-11-11 16:29 . 2009-11-11 16:29 14152 ----a-w- f:\windows\system32\client_cc.dll
2009-11-11 16:28 . 2009-11-11 16:28 19784 ----a-w- f:\windows\system32\BgOutlookHook.dll
2009-11-11 16:28 . 2009-11-11 16:29 87376 ----a-w- f:\windows\system32\BGLsp.dll
2009-11-11 16:16 . 2009-11-11 18:08 -------- d-----w- f:\documents and settings\Jonathan\Application Data\BullGuard
2009-11-11 16:15 . 2009-01-23 13:48 55504 ----a-w- f:\windows\system32\drivers\BdFileSpy.sys
2009-11-11 15:16 . 2009-11-12 14:41 -------- d-----w- f:\documents and settings\All Users\Application Data\BullGuard
2009-11-11 15:15 . 2009-11-11 16:22 -------- d-----w- f:\program files\BullGuard Ltd
2009-11-10 22:38 . 2009-11-10 22:39 -------- dc-h--w- f:\windows\ie8
2009-11-06 20:19 . 2009-11-06 20:21 -------- d-----w- f:\documents and settings\Jonathan\Application Data\InfraRecorder
2009-11-06 20:18 . 2009-11-06 20:18 -------- d-----w- f:\program files\InfraRecorder
2009-11-06 13:14 . 2009-08-31 15:49 52224 ----a-w- f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
2009-11-06 13:14 . 2009-08-31 15:49 114688 ----a-w- f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\npmozax.dll
2009-11-06 13:11 . 2009-11-12 14:34 664 ----a-w- f:\windows\system32\d3d9caps.dat
2009-10-26 13:04 . 2001-08-17 17:48 12160 -c--a-w- f:\windows\system32\dllcache\mouhid.sys
2009-10-26 13:04 . 2001-08-17 17:48 12160 ----a-w- f:\windows\system32\drivers\mouhid.sys
2009-10-21 20:47 . 2009-10-21 20:47 -------- d-----w- f:\documents and settings\Jonathan\Application Data\Styler
2009-10-21 20:26 . 2009-10-21 20:52 -------- d-----w- f:\program files\Styler
2009-10-21 19:38 . 2009-10-21 19:38 2560 ----a-w- f:\windows\_MSRSTRT.EXE
2009-10-21 19:34 . 2009-10-21 19:37 -------- d-----w- f:\documents and settings\Jonathan\Local Settings\Application Data\Theme_XP
2009-10-21 19:34 . 2009-10-21 19:38 -------- d-----w- f:\program files\Theme_XP
2009-10-21 19:34 . 2009-10-21 19:34 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-10-21 19:28 . 2009-10-21 19:40 -------- d-----w- f:\program files\FileSubmit
2009-10-21 19:28 . 2009-10-21 19:33 -------- d-----w- f:\windows\Icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 14:13 . 2009-04-23 21:28 -------- d-----w- f:\program files\SweetIM
2009-11-12 22:44 . 2009-02-18 13:09 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-10 22:38 . 2009-03-23 17:23 -------- d-----w- f:\program files\Google
2009-11-03 01:42 . 2009-10-06 12:57 195456 ------w- f:\windows\system32\MpSigStub.exe
2009-11-02 16:03 . 2009-02-11 11:01 -------- d-----w- f:\program files\Common Files\Adobe
2009-10-22 14:11 . 2009-07-16 17:06 -------- d-----w- f:\documents and settings\Jonathan\Application Data\vlc
2009-10-21 19:43 . 2009-10-16 18:23 -------- d-----w- f:\program files\LogMeIn
2009-10-21 19:37 . 2009-04-15 17:30 -------- d-----w- f:\program files\Total Video Converter
2009-09-28 23:34 . 2009-10-16 18:24 83288 ----a-w- f:\windows\system32\LMIRfsClientNP.dll
2009-09-28 23:34 . 2009-10-16 18:24 28984 ----a-w- f:\windows\system32\LMIport.dll
2009-09-28 23:34 . 2009-10-16 18:24 87352 ----a-w- f:\windows\system32\LMIinit.dll
2009-09-22 07:38 . 2009-09-21 16:28 -------- d-----w- f:\documents and settings\Jonathan\Application Data\Softros Messenger
2009-09-21 17:21 . 2009-08-25 19:39 -------- d-----w- f:\program files\AWall
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- f:\windows\system32\msv1_0.dll
2009-09-08 12:51 . 2009-09-08 12:51 488968 ----a-w- f:\documents and settings\Jonathan\Application Data\Real\Update\setup\setup.exe
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- f:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- f:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- f:\windows\system32\strmdll.dll
2009-08-24 14:21 . 2009-08-24 14:21 36864 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-08-24 14:21 . 2009-08-24 14:21 3351812 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-08-24 14:21 . 2009-08-24 14:21 3181612 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe
2009-08-24 14:21 . 2009-08-24 14:21 24501456 ----a-w- f:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_en.exe
2009-08-21 19:40 . 2009-02-10 12:56 82848 ----a-w- f:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- f:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- f:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-16_18.37.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-17 13:12 . 2009-11-17 13:12 16384 f:\windows\temp\Perflib_Perfdata_cac.dat
+ 2009-11-17 13:05 . 2009-11-17 13:05 16384 f:\windows\temp\Perflib_Perfdata_324.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-10 39408]
"SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Search Protection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"PC Suite Tray"="f:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="f:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="f:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Windows Defender"="f:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ToolBoxFX"="f:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-10-06 53248]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-30 198160]
"Synchronization Manager"="f:\windows\system32\mobsync.exe" [2008-04-14 143360]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888]
"HPUsageTracking"="f:\program files\HP\HP UT\bin\hppusg.exe" [2005-09-07 36864]
"HP Software Update"="f:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"googletalk"="f:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BullGuard"="f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\bullguard.exe" [2009-11-11 304464]
"ATICCC"="f:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - f:\windows\system32\HdAShCut.exe [2004-10-27 61952]

f:\documents and settings\Jonathan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 23:34 87352 ----a-w- f:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"f:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Program Files\\Ares\\Ares.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"f:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

R2 BdFileSpy;BullGuard File Monitor Driver;f:\windows\system32\drivers\BdFileSpy.sys [11/11/2009 11:15 AM 55504]
R2 BdGaming;BullGuard Gaming Driver;f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\BdGaming.sys [7/29/2008 4:03 AM 11472]
R2 BsFileScan;BullGuard File Scan Service;f:\windows\System32\svchost.exe -k BullGuard [2/28/2006 7:00 AM 14336]
R2 BsFire;BullGuard Firewall Service;f:\windows\System32\svchost.exe -k BullGuard [2/28/2006 7:00 AM 14336]
R2 BsGaming;BullGuard Gaming Service;f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\BsGaming.exe [4/6/2009 5:32 AM 505160]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;f:\windows\system32\drivers\LMIRfsDriver.sys [10/16/2009 1:24 PM 47640]
R2 WinDefend;Windows Defender;f:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 afw;Agnitum firewall driver;f:\windows\system32\drivers\afw.sys [3/23/2009 7:07 AM 31128]
R3 afwcore;afwcore;f:\windows\system32\drivers\afwcore.sys [3/23/2009 7:07 AM 257304]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\f:\program files\LogMeIn\x86\RaInfo.sys --> f:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 BGRaSvc;BGRaSvc;f:\program files\BullGuard Ltd\BullGuard Gamer's Edition\support\BGRaSvc.exe [6/1/2009 6:50 AM 79184]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsFire
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 f:\windows\Tasks\MP Scheduled Scan.job
- f:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-11-16 f:\windows\Tasks\User_Feed_Synchronization-{9838CD9C-3F6F-45A5-9F08-C714B47431DE}.job
- f:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: bullhorn.com
Trusted Zone: bullhornstaffing.com
TCP: {916D7F3D-FCC4-49DD-BB54-DC86058F0751} = 202.71.156.176,202.71.156.177
DPF: {4503BC07-768C-4872-9AE3-A5558E73C2FE} - hxxp://www.bullhornstaffing.com/BullhornHelp/Tools/bhconfigactivex.CAB
FF - ProfilePath - f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - prefs.js: keyword.URL -
FF - component: f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFExternalAlert.dll
FF - component: f:\program files\Copernic Desktop Search - Home\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: f:\program files\Copernic Desktop Search - Home\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - plugin: f:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\rv1tt8vv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: f:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
f:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yodm3D - f:\documents and settings\Jonathan\My Documents\Downloads\Ubuntu_XP_by_ShamusHand\Yod'm 3D\Yodm3D.exe
HKCU-Run-uTorrent - f:\program files\uTorrent\uTorrent.exe
HKCU-Run-Messenger (Yahoo!) - ~f:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-AlcoholAutomount - f:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
HKLM-Run-SweetIM - f:\program files\SweetIM\Messenger\SweetIM.exe
HKLM-Run-LogMeIn GUI - f:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-egui - f:\program files\ESET\ESET Smart Security\egui.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 08:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1080)
f:\windows\system32\Ati2evxx.dll
f:\windows\system32\LMIinit.dll
.
Completion time: 2009-11-17 08:35
ComboFix-quarantined-files.txt 2009-11-17 13:35
ComboFix2.txt 2009-11-16 18:39

Pre-Run: 65,221,648,384 bytes free
Post-Run: 65,200,324,608 bytes free

- - End Of File - - C593C905A517F84653FF40C5F727C5A9

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-18-2009 1:38 (GMT +1)

Heck - I am not sure but think ComboFix only runs the scan part we need the first time round, unless it just made all the corrections.

Download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\
mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-18-2009 4:49 (GMT +1)

Jintan,

below is the Log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-18-2009 9:46 (GMT +1)

Did you make other repairs, or are receiving assistance elsewhere? Good to see such improvements in these last few logs posted, but there weren't any steps done here to bring this about.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-18-2009 11:42 (GMT +1)

No Jintan,

I dint do any repairs or received any assistance.

system got a little faster .. but when I try to open Mozilla it takes longer time to open same with IE8

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-19-2009 1:15 (GMT +1)

Perhaps running the Daemon uninstall, if you did that, did correct the issues that were being picked up as malware hooks. Let's scan check for now.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-19-2009 1:57 (GMT +1)

Jintan,

Below is the log.

Malwarebytes' Anti-Malware 1.41
Database version: 3195
Windows 5.1.2600 Service Pack 3

11/19/2009 7:55:24 AM
mbam-log-2009-11-19 (07-55-24).txt

Scan type: Quick Scan
Objects scanned: 105611
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-20-2009 2:34 (GMT +1)

Well, not really sure where the infection all went to there, but nothing being picked up now. Any problems we still need to address?

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Jonathan gudime
New Member

Date Joined Nov 2009
Total Posts : 10

Posted 11-20-2009 2:40 (GMT +1)

Thanks for you help .......

but my IE8 and mozilla take time when opened. reason why does it take so much time. it take around 1 min to them to fully open .

and the home page is also google.

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 11-20-2009 6:29 (GMT +1)

The logs show some firewall services running there. Let me check on some details and post back after about which ones may not be needed.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Forum Information

Currently it is Saturday, March 13, 2010 5:20 AM (GMT +1)
There are a total of 76.142 posts in 17.592 threads.
In the last 3 days there were 8 new threads and 56 reply posts. View Active Threads