The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Help with Winbluesoft and crapy avg 8.5

Posted 6/21/2009 6:17 AM
#74536
User avatar

Jordan_556 Member

Date Joined Nov 2016
Total Posts: 6
here is the RIST LOG any help would be GREAT i cannot delete winbluesoft at this time!
At the bottem is the RIST INFO
Thank you
Jordan

Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 60 GB (52%) free of 114 GB
Total RAM: 3071 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:20 PM, on 20/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\setup2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\De Jongs\Downloads\RSIT.exe
C:\Program Files\trend micro\De Jongs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [setup2.exe] C:\Windows\system32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{72E68933-3E50-47C6-B9D5-75F022AD0C3C}: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.105,85.255.112.21
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\dmvdsitf32.dll,avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c98bef1e8188a0) (gupdate1c98bef1e8188a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

--
End of file - 10032 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AntispywareBot Scheduled Scan.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-02 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-02-06 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-18 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-14 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Acer Tour"= []
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488]
"Acer Product Registration"=C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 3383296]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe [2007-02-02 1261568]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-04-26 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-04-26 8429568]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-04-26 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-09 1948440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-10-09 729088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-23 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"setup2.exe"=C:\Windows\system32\setup2.exe [2009-06-20 830976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-03-16 1822720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-23 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
C:\PROGRA~1\ACERAR~1\ACERHO~2\Kernel\DMS\PCMMED~1.EXE [2007-04-04 200812]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\De Jongs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ChkDisk.lnk - C:\Windows\system32\rundll32.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\dmvdsitf32.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62ab0bb0-bc92-11dc-8870-806e6f6e6963}]
shell\AutoRun\command - E:\DIR615.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3000c73-e230-11dc-94bf-001c253f1c3b}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL L:\freeride.exe
shell\enter\command - L:\freeride.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-28 03:07:42 ----A---- C:\Windows\system32\39163spy52z.dll
2009-12-25 22:18:33 ----A---- C:\Windows\system32\5603zvirus719.dll
2009-12-17 04:05:30 ----A---- C:\Windows\system32\71595hreat8z53.exe
2009-12-06 14:00:56 ----A---- C:\Windows\system32\5d49thief159z.exe
2009-12-03 19:31:57 ----A---- C:\Windows\system32\dbcspywzr5939.dll
2009-11-25 01:02:22 ----A---- C:\Windows\system32\5z04thief9959.dll
2009-11-24 19:43:13 ----A---- C:\Windows\system32\50181h9cztool54c.exe
2009-11-18 16:02:07 ----A---- C:\Windows\system32\97z5threat23741.exe
2009-11-17 18:20:24 ----A---- C:\Windows\system32\31z9thief2575.dll
2009-11-17 05:54:28 ----A---- C:\Windows\system32\14e69aczdoo51075.exe
2009-11-15 13:45:52 ----A---- C:\Windows\system32\9581zsp57a4.exe
2009-11-01 21:12:14 ----A---- C:\Windows\system32\18z26not-a-v5rus9c.exe
2009-10-20 00:38:35 ----A---- C:\Windows\system32\4caazhie59811.exe
2009-10-17 07:25:26 ----A---- C:\Windows\system32\2101zhac9tool65c.exe
2009-10-11 18:06:02 ----A---- C:\Windows\system32\49a5s5ezl287.dll
2009-10-10 00:22:00 ----A---- C:\Windows\system32\17924szambot657.dll
2009-10-05 12:50:53 ----A---- C:\Windows\system32\31865zp9588.exe
2009-10-03 15:22:02 ----A---- C:\Windows\system32\215ca9dwa5ez082.exe
2009-10-03 06:02:40 ----A---- C:\Windows\system32\992dow5loader325z.exe
2009-09-22 00:56:29 ----A---- C:\Windows\system32\1359thzea528385.dll
2009-09-17 14:46:32 ----A---- C:\Windows\system32\23137t5zj3fc9.exe
2009-09-13 13:07:40 ----A---- C:\Windows\system32\1986zv5rus4b89.exe
2009-09-07 19:06:24 ----A---- C:\Windows\system32\9z6vir858.dll
2009-08-28 12:33:21 ----A---- C:\Windows\system32\10505p9warez766.exe
2009-08-27 22:57:41 ----A---- C:\Windows\system32\1b75t9reatz2156.exe
2009-08-24 13:53:51 ----A---- C:\Windows\system32\900dth5ef209z.exe
2009-08-23 00:17:55 ----A---- C:\Windows\system32\22932sp97z05.exe
2009-08-22 15:10:03 ----A---- C:\Windows\system32\z096spambota5.dll
2009-08-21 23:10:47 ----A---- C:\Windows\system32\201009irusz25.dll
2009-08-21 14:08:10 ----A---- C:\Windows\system32\3b95ste9z908.exe
2009-08-19 14:29:24 ----A---- C:\Windows\system32\9349spywa5e285z.dll
2009-07-24 07:02:01 ----A---- C:\Windows\system32\16z1threa51298.exe
2009-07-10 04:45:49 ----A---- C:\Windows\system32\174z6viru596d.exe
2009-07-06 11:28:54 ----A---- C:\Windows\system32\28599spz5bot40.exe
2009-06-25 06:43:21 ----A---- C:\Windows\system32\z198hack5ool16e.exe
2009-06-24 23:23:34 ----A---- C:\Windows\system32\964195zy57f.exe
2009-06-24 13:38:12 ----A---- C:\Windows\system32\9z31addware25235.dll
2009-06-22 04:56:44 ----A---- C:\Windows\system32\94865parse1z57.exe
2009-06-21 16:50:54 ----A---- C:\Windows\system32\675ds9ywarez307.dll
2009-06-20 10:46:00 ----D---- C:\rsit
2009-06-20 10:46:00 ----D---- C:\Program Files\trend micro
2009-06-20 10:39:57 ----A---- C:\Windows\system32\iesetup.dll
2009-06-20 10:39:56 ----A---- C:\Windows\system32\wininet.dll
2009-06-20 10:39:56 ----A---- C:\Windows\system32\ieui.dll
2009-06-20 10:39:56 ----A---- C:\Windows\system32\iertutil.dll
2009-06-20 10:39:56 ----A---- C:\Windows\system32\iernonce.dll
2009-06-20 10:39:56 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-20 10:39:55 ----A---- C:\Windows\system32\urlmon.dll
2009-06-20 10:39:55 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-20 10:39:55 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-20 10:39:54 ----A---- C:\Windows\system32\ieframe.dll
2009-06-20 10:39:53 ----A---- C:\Windows\system32\mshtml.dll
2009-06-20 10:38:54 ----A---- C:\Windows\system32\msls31.dll
2009-06-20 10:38:54 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-20 10:38:54 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-20 10:38:54 ----A---- C:\Windows\system32\icardie.dll
2009-06-20 10:38:54 ----A---- C:\Windows\system32\corpol.dll
2009-06-20 10:38:54 ----A---- C:\Windows\system32\admparse.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\inseng.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\imgutil.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\iepeers.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-20 10:38:53 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-20 10:38:52 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-20 10:38:52 ----A---- C:\Windows\system32\wextract.exe
2009-06-20 10:38:52 ----A---- C:\Windows\system32\webcheck.dll
2009-06-20 10:38:52 ----A---- C:\Windows\system32\occache.dll
2009-06-20 10:38:52 ----A---- C:\Windows\system32\mstime.dll
2009-06-20 10:38:52 ----A---- C:\Windows\system32\msrating.dll
2009-06-20 10:38:52 ----A---- C:\Windows\system32\msfeedssync.exe
2009-06-20 10:38:52 ----A---- C:\Windows\system32\ieakui.dll
2009-06-20 10:38:52 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\vbscript.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\url.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\jscript.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-20 10:38:51 ----A---- C:\Windows\system32\advpack.dll
2009-06-20 10:38:50 ----A---- C:\Windows\system32\mshta.exe
2009-06-20 10:38:50 ----A---- C:\Windows\system32\iexpress.exe
2009-06-20 10:38:49 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-20 10:38:49 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-20 10:38:49 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-20 10:38:49 ----A---- C:\Windows\system32\PDMSetup.exe
2009-06-20 10:38:49 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-20 10:38:49 ----A---- C:\Windows\system32\iesysprep.dll
2009-06-20 10:10:00 ----A---- C:\Windows\system32\6179tzr5at11659.exe
2009-06-20 10:09:59 ----A---- C:\Windows\system32\2579szyw9re2509.exe
2009-06-20 10:09:57 ----A---- C:\Windows\system32\52119worm9az.dll
2009-06-20 10:09:54 ----A---- C:\Windows\system32\16798hacktoo5502z.dll
2009-06-20 10:09:50 ----A---- C:\Windows\system32\29z94spamb9t353.dll
2009-06-20 10:09:48 ----A---- C:\Windows\system32\z125ba9kdoor2146.exe
2009-06-20 10:09:48 ----A---- C:\Windows\system32\4zc9spyw95e2802.dll
2009-06-20 10:09:48 ----A---- C:\Windows\system32\48d5back9oor10z6.exe
2009-06-20 10:09:47 ----A---- C:\Windows\system32\9296addzar5868.dll
2009-06-20 10:09:45 ----A---- C:\Windows\system32\97885teal1z1.dll
2009-06-20 10:09:44 ----A---- C:\Windows\system32\29559not-a-vizus7.dll
2009-06-20 10:09:41 ----A---- C:\Windows\system32\zf50t9ief3218.dll
2009-06-20 10:09:35 ----A---- C:\Windows\system32\22433t9oz615.exe
2009-06-20 10:09:34 ----A---- C:\Windows\system32\7c5t9ief404z.exe
2009-06-20 10:09:33 ----A---- C:\Windows\system32\3356worz9fe5.exe
2009-06-20 10:09:30 ----A---- C:\Windows\system32\939655roj341z.exe
2009-06-20 10:09:25 ----A---- C:\Windows\system32\289635acktozl672.exe
2009-06-20 10:09:24 ----A---- C:\Windows\system32\649adzware355.dll
2009-06-20 10:09:23 ----A---- C:\Windows\system32\11cthreat1549z.exe
2009-06-20 10:09:22 ----A---- C:\Windows\system32\60afspaz9e475.exe
2009-06-20 10:09:22 ----A---- C:\Windows\system32\5z7069py5a1.exe
2009-06-20 10:09:22 ----A---- C:\Windows\system32\5f9d5wn9oader32z0.dll
2009-06-20 10:09:20 ----A---- C:\Windows\system32\z6219virus285.exe
2009-06-20 10:09:18 ----A---- C:\Windows\system32\24f6thiz9985.dll
2009-06-20 10:09:14 ----A---- C:\Windows\system32\setup2.exe
2009-06-20 10:09:14 ----A---- C:\Windows\system32\6d59szarse485.dll
2009-06-18 03:59:50 ----A---- C:\Windows\system32\597z3wo9m57f.exe
2009-06-13 11:04:03 ----A---- C:\Windows\system32\1285hzc5tool4c69.exe
2009-06-13 09:11:05 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-13 09:11:05 ----A---- C:\Windows\system32\EncDec.dll
2009-06-09 15:58:46 ----A---- C:\Windows\system32\localspl.dll
2009-06-09 15:58:42 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-09 09:14:58 ----D---- C:\ProgramData\AVG Security Toolbar
2009-06-09 02:22:25 ----A---- C:\Windows\system32\5a39spazse780.dll
2009-05-24 14:03:28 ----A---- C:\Windows\system32\28991ziru9685.exe
2009-05-24 10:26:25 ----D---- C:\Users\De Jongs\AppData\Roaming\Apple Computer
2009-05-24 10:26:13 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-24 10:26:13 ----A---- C:\Windows\system32\GEARAspi.dll
2009-05-24 10:26:00 ----D---- C:\Program Files\iPod
2009-05-24 10:25:58 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 10:25:58 ----D---- C:\Program Files\iTunes
2009-05-24 10:25:38 ----D---- C:\Program Files\Bonjour
2009-05-24 10:24:41 ----D---- C:\Program Files\Common Files\Apple
2009-05-24 10:22:46 ----D---- C:\Program Files\QuickTime
2009-05-24 10:22:45 ----D---- C:\ProgramData\Apple Computer
2009-05-24 10:15:53 ----A---- C:\Windows\system32\6c1st5al134z9.exe
2009-05-21 06:56:42 ----A---- C:\Windows\system32\3741hazkto9l1385.exe

======List of files/folders modified in the last 1 months======

2009-06-20 23:10:13 ----D---- C:\Windows\Temp
2009-06-20 23:06:38 ----D---- C:\Windows\System32
2009-06-20 23:06:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-20 23:06:37 ----D---- C:\Windows\inf
2009-06-20 23:04:26 ----D---- C:\Windows\Tasks
2009-06-20 23:03:02 ----D---- C:\Windows\Prefetch
2009-06-20 23:02:21 ----D---- C:\Windows\system32\drivers
2009-06-20 23:02:19 ----D---- C:\Program Files\Motorola
2009-06-20 23:02:17 ----D---- C:\ProgramData\avg8
2009-06-20 23:00:09 ----D---- C:\Windows\system32\migration
2009-06-20 23:00:08 ----D---- C:\Program Files\Internet Explorer
2009-06-20 23:00:06 ----D---- C:\Windows\system32\en-US
2009-06-20 23:00:06 ----D---- C:\Windows\PolicyDefinitions
2009-06-20 19:51:12 ----D---- C:\ProgramData\Google Updater
2009-06-20 10:46:00 ----RD---- C:\Program Files
2009-06-20 10:40:18 ----D---- C:\Windows\winsxs
2009-06-20 10:40:13 ----D---- C:\Windows\system32\catroot
2009-06-20 10:39:18 ----D---- C:\Windows\system32\catroot2
2009-06-20 10:38:39 ----D---- C:\Windows
2009-06-20 10:24:18 ----SHD---- C:\Windows\Installer
2009-06-20 10:24:05 ----D---- C:\Program Files\Common Files
2009-06-20 10:23:27 ----D---- C:\Program Files\Mozilla Firefox
2009-06-20 10:16:00 ----HD---- C:\$AVG8.VAULT$
2009-06-14 10:16:26 ----D---- C:\Windows\system32\Tasks
2009-06-14 09:54:42 ----SHD---- C:\System Volume Information
2009-06-14 03:14:28 ----D---- C:\Windows\Microsoft.NET
2009-06-14 03:14:16 ----RSD---- C:\Windows\assembly
2009-06-14 03:06:49 ----D---- C:\Windows\ehome
2009-06-10 03:06:07 ----D---- C:\ProgramData\Microsoft Help
2009-06-10 03:04:59 ----D---- C:\Program Files\Microsoft Works
2009-06-09 09:14:58 ----HD---- C:\ProgramData
2009-06-06 11:32:42 ----SHD---- C:\$RECYCLE.BIN
2009-06-06 10:08:29 ----RD---- C:\Users
2009-06-06 10:08:08 ----HD---- C:\Windows\system32\GroupPolicy
2009-06-01 09:51:12 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-06-09 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-02 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-18 18432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-16 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-04-26 7475072]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-03-22 240128]
S3 ati2mtag;ati2mtag; C:\Windows\system32\DRIVERS\ati2mtag.sys [2006-11-02 1523200]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-14 2427392]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-05-07 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-20 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-05-02 908568]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-09 143360]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-14 569344]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gupdate1c98bef1e8188a0;Google Update Service (gupdate1c98bef1e8188a0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280]
S2 RoxLiveShare10;LiveShare P2P Server 10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

HERE IS THE INFO.TXT

info.txt logfile of random's system information tool 1.06 2009-06-20 10:46:21

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\uninst.exe -fC:\Games\SimFarm\DeIsL1.isu
1250 Games XP Championship-->"C:\Program Files\Selectsoft\1250 Games XP Championship\uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
555 Games XP Championship-->"C:\Program Files\Selectsoft\555 Games XP Championship\uninstall.exe"
AC3File (remove only)-->C:\Program Files\AC3File\uninstall.exe
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer Assist-->C:\Program Files\Acer Assist\uninstall.exe
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Registration-->C:\Program Files\Acer Registration\uninstall.exe
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DivX Author 1.5-->C:\Program Files\DivX\DivX Author 1.5\DivXAuthorUninstall.exe /DIVX_AUTHOR
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hyplay-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}\setup.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lap Trapper Club Edition-->C:\WINDOWS\st6unst.exe -n "F:\laptimer\ST6UNST.LOG"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealFlight G4 R/C Simulator-->C:\Program Files\Common Files\KnifeEdge\LauncherHelperG4.exe -task=UninstallProduct -productname="RealFlight G4.5"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RollerCoaster Tycoon 2 Triple Thrill Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Security center information======

AV: AVG Anti-Virus
AS: AntispywareBot (disabled)
AS: AVG Anti-Virus (disabled)
AS: Windows Defender

======System event log======

Computer Name: DeJongs-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971180(Update) into Install Requested(Install Requested) state
Record Number: 97521
Source Name: Microsoft-Windows-Servicing
Time Written: 20090620173953.000000-000
Event Type: Warning
User: DeJongs-PC\De Jongs

Computer Name: DeJongs-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB969897(Security Update) into Install Requested(Install Requested) state
Record Number: 97598
Source Name: Microsoft-Windows-Servicing
Time Written: 20090620174031.000000-000
Event Type: Warning
User: DeJongs-PC\De Jongs

Computer Name: DeJongs-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB969897(Security Update) into Install Requested(Install Requested) state
Record Number: 97600
Source Name: Microsoft-Windows-Servicing
Time Written: 20090620174031.000000-000
Event Type: Warning
User: DeJongs-PC\De Jongs

Computer Name: DeJongs-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB969897(Security Update) into Install Requested(Install Requested) state
Record Number: 97602
Source Name: Microsoft-Windows-Servicing
Time Written: 20090620174031.000000-000
Event Type: Warning
User: DeJongs-PC\De Jongs

Computer Name: DeJongs-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB969897(Security Update) into Install Requested(Install Requested) state
Record Number: 97604
Source Name: Microsoft-Windows-Servicing
Time Written: 20090620174031.000000-000
Event Type: Warning
User: DeJongs-PC\De Jongs

=====Application event log=====

Computer Name: DeJongs-PC
Event Code: 16387
Message: Shadow copy creation failed because of error reported by ASR Writer. More info: The maximum number of secrets that may be stored in a single system has been exceeded. (0x80070565).
Record Number: 20252
Source Name: SPP
Time Written: 20090620173838.000000-000
Event Type: Error
User:

Computer Name: DeJongs-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x800423f4).
Record Number: 20253
Source Name: System Restore
Time Written: 20090620173838.000000-000
Event Type: Error
User:

Computer Name: DeJongs-PC
Event Code: 12290
Message: Volume Shadow Copy Service warning: ASR writer Error 0x80070565. hr = 0x00000000.

Operation:
PrepareForBackup event
PrepareForBackup event

Context:
Execution Context: ASR Writer
Execution Context: Writer
Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
Writer Name: ASR Writer
Writer Instance ID: {6511680a-aeec-48e8-90b7-4e8facabc993}
Record Number: 20254
Source Name: VSS
Time Written: 20090620173859.000000-000
Event Type: Warning
User:

Computer Name: DeJongs-PC
Event Code: 16387
Message: Shadow copy creation failed because of error reported by ASR Writer. More info: The maximum number of secrets that may be stored in a single system has been exceeded. (0x80070565).
Record Number: 20255
Source Name: SPP
Time Written: 20090620173859.000000-000
Event Type: Error
User:

Computer Name: DeJongs-PC
Event Code: 8193
Message: Failed to create restore point on volume (Process = C:\Windows\servicing\TrustedInstaller.exe; Descripton = Windows Modules Installer; Hr = 0x800423f4).
Record Number: 20256
Source Name: System Restore
Time Written: 20090620173859.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: DeJongs-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 1093182
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620174614.378000-000
Event Type: Audit Failure
User:

Computer Name: DeJongs-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 1093183
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620174614.425000-000
Event Type: Audit Failure
User:

Computer Name: DeJongs-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 1093184
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620174614.469000-000
Event Type: Audit Failure
User:

Computer Name: DeJongs-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 1093185
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620174614.513000-000
Event Type: Audit Failure
User:

Computer Name: DeJongs-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 1093186
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090620174614.556000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Posted 6/23/2009 2:41 AM
#74622
User avatar

Jordan_556 Member

Date Joined Nov 2016
Total Posts: 6
here is the info..
After running this program i noticed already the computer is working way faster.



ComboFix 09-06-22.04 - De Jongs 22/06/2009 18:49.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.1820 [GMT -7:00]
Running from: c:\users\De Jongs\Downloads\123.com.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AntispywareBot *disabled* (Updated) {277F39EE-AFFB-406E-A620-FF07C26C60DA}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ShoppingReport
c:\users\De Jongs\AppData\Roaming\AntispywareBot
c:\windows\system32\q6NOx.vbs
c:\users\De Jongs\AppData\Roaming\0200000023c6ef64579C.manifest
c:\users\De Jongs\AppData\Roaming\0200000023c6ef64579O.manifest
c:\users\De Jongs\AppData\Roaming\0200000023c6ef64579P.manifest
c:\users\De Jongs\AppData\Roaming\0200000023c6ef64579S.manifest
c:\users\De Jongs\AppData\Roaming\AntispywareBot\Log\2009 Jan 15 - 08_35_19 PM_459.log
c:\users\De Jongs\AppData\Roaming\AntispywareBot\Log\2009 Jan 16 - 03_00_00 AM_052.log
c:\users\De Jongs\AppData\Roaming\AntispywareBot\Log\2009 Jan 16 - 03_00_00 AM_114.log
c:\users\De Jongs\AppData\Roaming\AntispywareBot\rs.dat
c:\users\De Jongs\AppData\Roaming\AntispywareBot\Settings\ScanResults.pie
c:\users\De Jongs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\2733095yz99.ocx
c:\windows\297695pz5eb.exe
c:\windows\351289zy6ed.dll
c:\windows\357595r134z.cpl
c:\windows\a5as95rsz86.cpl
c:\windows\afe9pars5z116.cpl
c:\windows\f88do59loader54z.ocx
c:\windows\system32\10505p9warez766.exe
c:\windows\system32\10849not-a-z5rus33a9.bin
c:\windows\system32\10895worz53c.cpl
c:\windows\system32\11275vi5u9z84.bin
c:\windows\system32\11cthreat1549z.exe
c:\windows\system32\12195hief1z77.exe
c:\windows\system32\12479notza-5irus35f.bin
c:\windows\system32\12530viz9s67.exe
c:\windows\system32\12540hz5ktool912.ocx
c:\windows\system32\1285hzc5tool4c69.exe
c:\windows\system32\12895zro9381.cpl
c:\windows\system32\1292w5rz5a9.ocx
c:\windows\system32\129z7w5rm196.cpl
c:\windows\system32\12azthrea55269.exe
c:\windows\system32\134285p93e0z.cpl
c:\windows\system32\1359thzea528385.dll
c:\windows\system32\13951trz523e.cpl
c:\windows\system32\13aebac5doorz49.ocx
c:\windows\system32\14076not-a-9iru55ez.cpl
c:\windows\system32\141989orm5cz5.dll
c:\windows\system32\14585trzj6d99.cpl
c:\windows\system32\1464b5ckdzor15789.bin
c:\windows\system32\14955not-a-vzrus584.dll
c:\windows\system32\14e69aczdoo51075.exe
c:\windows\system32\15554v9zusf2.bin
c:\windows\system32\1559tzief385.dll
c:\windows\system32\159edo9nloazer2703.ocx
c:\windows\system32\159zworm298.bin
c:\windows\system32\16297z9r5s675.exe
c:\windows\system32\16455tr5j459z.bin
c:\windows\system32\16798hacktoo5502z.dll
c:\windows\system32\16z1threa51298.exe
c:\windows\system32\17126wo9m5e0z.bin
c:\windows\system32\174z6viru596d.exe
c:\windows\system32\17528ha9ktool2a6z.cpl
c:\windows\system32\175s9y5z5.bin
c:\windows\system32\175z5troj94b.exe
c:\windows\system32\17924szambot657.dll
c:\windows\system32\1835zhief9194.cpl
c:\windows\system32\18750troz96f.ocx
c:\windows\system32\18958virusz45.cpl
c:\windows\system32\18b3bazkdoor359.exe
c:\windows\system32\18dbs5yware294z.bin
c:\windows\system32\18z26not-a-v5rus9c.exe
c:\windows\system32\19681troj6z5.cpl
c:\windows\system32\1986zv5rus4b89.exe
c:\windows\system32\19bzownlo9der13945.cpl
c:\windows\system32\1a65spyw9re2759z.bin
c:\windows\system32\1a69spazse1265.dll
c:\windows\system32\1acdspywarz9965.cpl
c:\windows\system32\1b75t9reatz2156.exe
c:\windows\system32\1bdz5t9al1482.cpl
c:\windows\system32\1d59spywarez48.exe
c:\windows\system32\1ez5s59al3182.exe
c:\windows\system32\1f55zddware2419.bin
c:\windows\system32\1fd79zck5oor654.bin
c:\windows\system32\1z384worm569.exe
c:\windows\system32\1ze1threat95216.cpl
c:\windows\system32\200fadzwar95305.dll
c:\windows\system32\201009irusz25.dll
c:\windows\system32\20394szamb5931.cpl
c:\windows\system32\2057hac9toolz66.ocx
c:\windows\system32\20595zackt9ol47e.ocx
c:\windows\system32\209435py436z.cpl
c:\windows\system32\20971spz5bot597.exe
c:\windows\system32\2101zhac9tool65c.exe
c:\windows\system32\21326hac9tool6z5.ocx
c:\windows\system32\21449troj75dz.cpl
c:\windows\system32\214d5wzl9ader1766.cpl
c:\windows\system32\21506spambot595z.bin
c:\windows\system32\215ca9dwa5ez082.exe
c:\windows\system32\216f5parse9z49.cpl
c:\windows\system32\22375spamz9t4eb.cpl
c:\windows\system32\22433t9oz615.exe
c:\windows\system32\225z3spy95.cpl
c:\windows\system32\22932sp97z05.exe
c:\windows\system32\23137t5zj3fc9.exe
c:\windows\system32\23z595orm324.dll
c:\windows\system32\23zfaddware9052.cpl
c:\windows\system32\24f6thiz9985.dll
c:\windows\system32\25024virz9507.bin
c:\windows\system32\25105vi5uz29a.dll
c:\windows\system32\251z7spa9bot55c.ocx
c:\windows\system32\25439zreat2564.dll
c:\windows\system32\25446spy3z9.cpl
c:\windows\system32\25451w9r52z5.exe
c:\windows\system32\2551st9az959.dll
c:\windows\system32\255zs9yware185.dll
c:\windows\system32\2579szyw9re2509.exe
c:\windows\system32\25899vizus25d9.cpl
c:\windows\system32\25z99spy15.bin
c:\windows\system32\26012zro57a9.exe
c:\windows\system32\26115h9ckt5ol7z7.ocx
c:\windows\system32\26479pyw5rz334.bin
c:\windows\system32\2652s9eal1489z.cpl
c:\windows\system32\266d5hr9at15728z.bin
c:\windows\system32\26959trojzd2.ocx
c:\windows\system32\26b9downloa59r2z32.exe
c:\windows\system32\27089noz-a-59ruse6.ocx
c:\windows\system32\273195zambot495.exe
c:\windows\system32\27667n9z5a-virus3a9.ocx
c:\windows\system32\27809t5oj244z.ocx
c:\windows\system32\27938wzr9465.cpl
c:\windows\system32\27991vzr5s18a.cpl
c:\windows\system32\27997hzcktool515.ocx
c:\windows\system32\27z7addware1395.ocx
c:\windows\system32\27zf5pyware1049.cpl
c:\windows\system32\28385hacktozlc9.dll
c:\windows\system32\28599spz5bot40.exe
c:\windows\system32\28953hzckto9l5e9.ocx
c:\windows\system32\289635acktozl672.exe
c:\windows\system32\28991ziru9685.exe
c:\windows\system32\29062hacktozl59.exe
c:\windows\system32\29165z5y439.bin
c:\windows\system32\293985p9mbot708z.exe
c:\windows\system32\29550zp9mbot58e.exe
c:\windows\system32\29z66spa9bot5c0.bin
c:\windows\system32\29z94spamb9t353.dll
c:\windows\system32\2a399hr5at1z953.dll
c:\windows\system32\2abcbac95zor588.bin
c:\windows\system32\2d4abackd9o528z3.bin
c:\windows\system32\2z0275ot-a-virus1389.exe
c:\windows\system32\305989pambot7d3z.exe
c:\windows\system32\306z7tro53209.exe
c:\windows\system32\31105z593f0.ocx
c:\windows\system32\31865zp9588.exe
c:\windows\system32\31z9thief2575.dll
c:\windows\system32\322989acztool385.ocx
c:\windows\system32\32641not-a-vir9sz015.bin
c:\windows\system32\330bad5wa9e10z9.exe
c:\windows\system32\3356worz9fe5.exe
c:\windows\system32\3396spa5se19z.cpl
c:\windows\system32\354n9t-z-virus5ad.bin
c:\windows\system32\3556spyz9c.cpl
c:\windows\system32\359z59oj561.bin
c:\windows\system32\35e1addwzr91948.ocx
c:\windows\system32\35f89zief1849.dll
c:\windows\system32\3741hazkto9l1385.exe
c:\windows\system32\3852addw59e837z.cpl
c:\windows\system32\39163spy52z.dll
c:\windows\system32\39759hreat2z455.ocx
c:\windows\system32\3a3s9arse2159z.exe
c:\windows\system32\3b95ste9z908.exe
c:\windows\system32\3d18zi51957.dll
c:\windows\system32\3e55threzt298119.ocx
c:\windows\system32\3ed5st9zl1056.bin
c:\windows\system32\3f39v5r28z3.ocx
c:\windows\system32\3f6za5dware2590.exe
c:\windows\system32\3z6csteal3059.cpl
c:\windows\system32\4093szywa5e959.cpl
c:\windows\system32\409dad5w9re2z96.cpl
c:\windows\system32\4259trozb.dll
c:\windows\system32\428bbac5door16z29.cpl
c:\windows\system32\4295thzef6069.cpl
c:\windows\system32\43bct9i5f122z.cpl
c:\windows\system32\4468zo5950.bin
c:\windows\system32\4544a9dware3019z.ocx
c:\windows\system32\455z9y765.dll
c:\windows\system32\45e35z9rse803.cpl
c:\windows\system32\45f9addwarez495.ocx
c:\windows\system32\45zc5hief3090.dll
c:\windows\system32\4609zirus51e.ocx
c:\windows\system32\4692tzreat27151.exe
c:\windows\system32\4697thzef356.bin
c:\windows\system32\4792s5arse2629z.ocx
c:\windows\system32\48735irz898.bin
c:\windows\system32\48d5back9oor10z6.exe
c:\windows\system32\49155zck9ool32a.bin
c:\windows\system32\4931dowzl5ader959.cpl
c:\windows\system32\49a5s5ezl287.dll
c:\windows\system32\49bf59rz020.cpl
c:\windows\system32\49dzdownloader6395.bin
c:\windows\system32\4a8fzt9al5961.exe
c:\windows\system32\4b89sz5rse972.bin
c:\windows\system32\4caazhie59811.exe
c:\windows\system32\4ce0spzw9re32075.ocx
c:\windows\system32\4cz29i52114.cpl
c:\windows\system32\4d20th9eat11z45.bin
c:\windows\system32\4d25backdoorz963.exe
c:\windows\system32\4d4dzpywar51968.bin
c:\windows\system32\4dbcv9r2z85.bin
c:\windows\system32\4dz9vi9365.bin
c:\windows\system32\4zc9spyw95e2802.dll
c:\windows\system32\50179py4z5.cpl
c:\windows\system32\50181h9cztool54c.exe
c:\windows\system32\50361wormz79.bin
c:\windows\system32\5085zownloa9er465.ocx
c:\windows\system32\508trzj93.dll
c:\windows\system32\510bback59oz1693.cpl
c:\windows\system32\511ethze9523.ocx
c:\windows\system32\5129py7fz5.ocx
c:\windows\system32\52119worm9az.dll
c:\windows\system32\52219h9cktool3z8.dll
c:\windows\system32\5279n9t-azvirus59f.ocx
c:\windows\system32\529spzware979.dll
c:\windows\system32\535ba5dwar92256z.bin
c:\windows\system32\536wor9z145.cpl
c:\windows\system32\53996zroj63c.dll
c:\windows\system32\53c4zddware995.cpl
c:\windows\system32\5469zpambot2a2.ocx
c:\windows\system32\54efthiefz359.cpl
c:\windows\system32\54f2z9wnloader19975.cpl
c:\windows\system32\55392hzc9tool268.ocx
c:\windows\system32\5562zro9677.ocx
c:\windows\system32\556zbac9door525.dll
c:\windows\system32\55fzdo5nloade9864.dll
c:\windows\system32\5603zvirus719.dll
c:\windows\system32\5672sp95z1.ocx
c:\windows\system32\5717st9az1596.dll
c:\windows\system32\5755adzware5789.exe
c:\windows\system32\5758spy9are3z5.cpl
c:\windows\system32\59494zroj361.exe
c:\windows\system32\594z5ddware3159.ocx
c:\windows\system32\59505z9rse33.bin
c:\windows\system32\5950spyzare541.exe
c:\windows\system32\5950wormz9a.bin
c:\windows\system32\595fvir3011z.bin
c:\windows\system32\595zthreat15359.exe
c:\windows\system32\597z3wo9m57f.exe
c:\windows\system32\597znot-5-virus16a9.exe
c:\windows\system32\5985worm5z9.dll
c:\windows\system32\599addwzr9751.exe
c:\windows\system32\59ca5zief25359.dll
c:\windows\system32\5a27zh9ef590.exe
c:\windows\system32\5a39spazse780.dll
c:\windows\system32\5b5zte9l2915.ocx
c:\windows\system32\5c39spa9s59z5.dll
c:\windows\system32\5caezir5995.ocx
c:\windows\system32\5d49thief159z.exe
c:\windows\system32\5ed49zeal523.dll
c:\windows\system32\5efba5kdoo92z94.bin
c:\windows\system32\5f9d5wn9oader32z0.dll
c:\windows\system32\5fe5sparze12839.ocx
c:\windows\system32\5fzfv59965.bin
c:\windows\system32\5z04thief9959.dll
c:\windows\system32\5z58downl5a9er1411.ocx
c:\windows\system32\5z7069py5a1.exe
c:\windows\system32\5z89virus5d.ocx
c:\windows\system32\5z929spambot4a2.cpl
c:\windows\system32\5zd9addware1455.dll
c:\windows\system32\60afspaz9e475.exe
c:\windows\system32\6156vzr2694.bin
c:\windows\system32\6159steaz2926.ocx
c:\windows\system32\6179tzr5at11659.exe
c:\windows\system32\6292v9rzs465.cpl
c:\windows\system32\6349dowzloa59r898.ocx
c:\windows\system32\63d5bzckdoo93148.ocx
c:\windows\system32\6489zdd5are1216.dll
c:\windows\system32\649adzware355.dll
c:\windows\system32\64b0s9arse2z57.bin
c:\windows\system32\6527stez9672.bin
c:\windows\system32\65f2backdoz59585.exe
c:\windows\system32\6629szy605.cpl
c:\windows\system32\675ds9ywarez307.dll
c:\windows\system32\6930downzoader3125.cpl
c:\windows\system32\695doznloader2038.exe
c:\windows\system32\6a99vzr3518.bin
c:\windows\system32\6a9zspyware58069.bin
c:\windows\system32\6bc0stzal22095.ocx
c:\windows\system32\6c1st5al134z9.exe
c:\windows\system32\6c27zhief1595.exe
c:\windows\system32\6c2bs9ywarz2715.ocx
c:\windows\system32\6c3zback9oor2951.bin
c:\windows\system32\6d399ir1z735.ocx
c:\windows\system32\6d59szarse485.dll
c:\windows\system32\6d5zaddware4295.ocx
c:\windows\system32\6d9fs5arse288z.ocx
c:\windows\system32\6z3dvir1594.bin
c:\windows\system32\6z8dsp9rse1578.ocx
c:\windows\system32\6zfds95ware433.ocx
c:\windows\system32\70d8stza5309.dll
c:\windows\system32\7120vzr2592.bin
c:\windows\system32\71595hreat8z53.exe
c:\windows\system32\7167z59352.bin
c:\windows\system32\723ftz9ef5.bin
c:\windows\system32\740cvir9z45.bin
c:\windows\system32\74549izus435.bin
c:\windows\system32\7483threat9z5685.exe
c:\windows\system32\7491sp5rse182z.cpl
c:\windows\system32\756athief3z91.dll
c:\windows\system32\7686down95azer3175.cpl
c:\windows\system32\77905pambot4z8.ocx
c:\windows\system32\7793hacktoo985z.dll
c:\windows\system32\7939no5-a-vizus7b4.bin
c:\windows\system32\7955azdware1293.cpl
c:\windows\system32\7969vzr5s1b9.cpl
c:\windows\system32\79f8threat1z405.ocx
c:\windows\system32\7c5t9ief404z.exe
c:\windows\system32\7d55sparse1329z.ocx
c:\windows\system32\7f7bste5z2499.bin
c:\windows\system32\7z34vir1795.cpl
c:\windows\system32\819tro553ez.bin
c:\windows\system32\8501vzru55f09.cpl
c:\windows\system32\8508wor51z09.bin
c:\windows\system32\8zthreat95625.ocx
c:\windows\system32\900dth5ef209z.exe
c:\windows\system32\9038sp59bzt3fa.ocx
c:\windows\system32\90b5v5rz59.exe
c:\windows\system32\9213znot-a5virus205.cpl
c:\windows\system32\923zsp5ware1006.bin
c:\windows\system32\9259spamb9tzb9.cpl
c:\windows\system32\92623spy5z6.cpl
c:\windows\system32\9296addzar5868.dll
c:\windows\system32\9349spywa5e285z.dll
c:\windows\system32\93865hief314z.ocx
c:\windows\system32\939655roj341z.exe
c:\windows\system32\9455backdoor287z.bin
c:\windows\system32\94865parse1z57.exe
c:\windows\system32\9524spywaze2533.exe
c:\windows\system32\953z8virus384.bin
c:\windows\system32\9557woz9151.bin
c:\windows\system32\9558zspambot14b.ocx
c:\windows\system32\9569not-a-v9r5sz6d.cpl
c:\windows\system32\9581zsp57a4.exe
c:\windows\system32\96396zi5us5a0.bin
c:\windows\system32\964195zy57f.exe
c:\windows\system32\9699w5rm5z9.ocx
c:\windows\system32\9735tr5j2az.dll
c:\windows\system32\97508spazbot590.ocx
c:\windows\system32\97885teal1z1.dll
c:\windows\system32\97z5threat23741.exe
c:\windows\system32\9883zorm155.exe
c:\windows\system32\989v59zs267.ocx
c:\windows\system32\98e5spywaze2959.ocx
c:\windows\system32\992dow5loader325z.exe
c:\windows\system32\9955zvirus591.ocx
c:\windows\system32\9955zvirusd9.exe
c:\windows\system32\9e5downzoad9r1631.bin
c:\windows\system32\9ed7s5eaz2700.exe
c:\windows\system32\9fa5backdoor2560z.ocx
c:\windows\system32\9z31addware25235.dll
c:\windows\system32\9z36backdoor5594.dll
c:\windows\system32\9z6vir858.dll
c:\windows\system32\a95thi9f5z2.cpl
c:\windows\system32\bzbs5y9are1336.ocx
c:\windows\system32\c4a9h5zf1765.cpl
c:\windows\system32\cz9sparse1695.bin
c:\windows\system32\da7adz9are2588.bin
c:\windows\system32\dbcspywzr5939.dll
c:\windows\system32\dezownloader14495.bin
c:\windows\system32\drivers\MSIVXormnowebswnvejpqqcdurbtqsedjnben.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXsuuxiietydibqqyovojpftenlqmhvfuj.dll
c:\windows\system32\MSIVXxwthresgokiutrxlsavpeytgrxqaxfph.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z03bthreat8995.exe
c:\windows\system32\z04595orm547.bin
c:\windows\system32\z0509spy56c.exe
c:\windows\system32\z096spambota5.dll
c:\windows\system32\z125ba9kdoor2146.exe
c:\windows\system32\z198hack5ool16e.exe
c:\windows\system32\z295downloader278.dll
c:\windows\system32\z3279sp95ee5.ocx
c:\windows\system32\z359threat9051.ocx
c:\windows\system32\z49fad5ware2229.cpl
c:\windows\system32\z530hackt9ol5c3.exe
c:\windows\system32\z5d9sp5rse2696.dll
c:\windows\system32\z6155w9rm381.ocx
c:\windows\system32\z6219virus285.exe
c:\windows\system32\z62d59ief2395.dll
c:\windows\system32\z8001not-a-9irus375.exe
c:\windows\system32\z80ba5k9oor101.bin
c:\windows\system32\z970vi9us7e5.cpl
c:\windows\system32\z9974h5cktool4c19.ocx
c:\windows\system32\zaebsteal1695.bin
c:\windows\system32\zb96down5oader3256.dll
c:\windows\system32\zbbvir1955.ocx
c:\windows\system32\zd5fthief9176.ocx
c:\windows\system32\zdb5spyware2496.ocx
c:\windows\system32\zf31t9ief2615.bin
c:\windows\system32\zf50t9ief3218.dll
c:\windows\Tasks.\AntiSpywareBot Scheduled Scan.job
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 01:59 . 2009-06-23 01:59 -------- d-----w- c:\users\De Jongs\AppData\Local\temp
2009-06-21 06:35 . 2009-06-23 01:31 -------- d-----w- c:\programdata\BullGuard
2009-06-21 06:35 . 2009-06-23 01:19 -------- d-----w- c:\users\De Jongs\AppData\Roaming\BullGuard
2009-06-21 06:34 . 2009-01-23 13:48 55504 ----a-w- c:\windows\system32\drivers\BdFileSpy.sys
2009-06-21 06:34 . 2009-06-21 06:34 -------- d-----w- c:\program files\BullGuard Ltd
2009-06-20 17:46 . 2009-06-21 06:10 -------- d-----w- c:\program files\trend micro
2009-06-20 17:46 . 2009-06-20 17:46 -------- d-----w- C:\rsit
2009-06-20 17:39 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-20 17:39 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 17:09 . 2009-06-20 17:09 13527 ----a-w- c:\windows\system32\29559not-a-vizus7.dll
2009-06-14 18:55 . 2009-06-02 20:38 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-13 16:11 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 16:11 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-10 01:56 . 2009-06-10 01:56 -------- d-----w- c:\users\De Jongs\AppData\Local\AVG Security Toolbar
2009-06-09 22:58 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-09 22:58 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 22:58 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 16:15 . 2009-06-09 16:13 826344 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-06-09 16:14 . 2009-06-23 01:20 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-05-24 17:26 . 2009-05-24 17:26 -------- d-----w- c:\users\De Jongs\AppData\Roaming\Apple Computer
2009-05-24 17:26 . 2009-05-24 17:26 -------- dc----w- c:\windows\system32\DRVSTORE
2009-05-24 17:26 . 2009-03-19 23:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-24 17:26 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-24 17:26 . 2009-05-24 17:26 -------- d-----w- c:\program files\iPod
2009-05-24 17:25 . 2009-05-24 17:26 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-24 17:25 . 2009-05-24 17:26 -------- d-----w- c:\program files\iTunes
2009-05-24 17:25 . 2009-05-24 17:25 -------- d-----w- c:\program files\Bonjour
2009-05-24 17:24 . 2009-05-24 17:25 -------- d-----w- c:\program files\Common Files\Apple
2009-05-24 17:23 . 2009-05-24 17:23 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-24 17:22 . 2009-05-24 17:23 -------- d-----w- c:\program files\QuickTime
2009-05-24 17:22 . 2009-05-24 17:25 -------- d-----w- c:\programdata\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 01:37 . 2009-04-26 19:10 -------- d-----w- c:\programdata\avg8
2009-06-22 16:40 . 2009-04-09 01:38 -------- d-----w- c:\users\De Jongs\AppData\Roaming\CameraWindowDC
2009-06-22 03:52 . 2008-12-08 04:44 -------- d-----w- c:\programdata\Google Updater
2009-06-21 06:02 . 2008-01-06 20:05 -------- d-----w- c:\program files\Motorola
2009-06-10 10:06 . 2007-04-17 01:00 -------- d-----w- c:\programdata\Microsoft Help
2009-06-10 10:04 . 2007-04-17 01:01 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 16:13 . 2009-04-26 19:10 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-21 03:33 . 2008-02-12 01:46 102 ----a-w- c:\users\De Jongs\AppData\Roaming\wklnhst.dat
2009-05-18 20:37 . 2008-07-24 03:31 -------- d-----w- c:\program files\Google
2009-05-18 10:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-02 15:38 . 2009-04-26 19:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 15:38 . 2009-04-26 19:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 15:38 . 2009-05-02 15:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 15:38 . 2009-04-26 19:11 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-28 10:51 . 2009-04-28 10:51 87376 ----a-w- c:\windows\system32\BGLsp.dll
2009-04-26 19:10 . 2009-04-26 19:10 -------- d-----w- c:\program files\AVG
2009-04-06 10:32 . 2009-04-06 10:32 19784 ----a-w- c:\windows\system32\BgOutlookHook.dll
2009-03-26 22:23 . 2009-03-26 22:23 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-26 22:23 . 2009-03-26 22:23 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[7] 2008-01-19 07:33 21504 3794B461C45882E06856F282EEF025AF c:\windows\System32\svchost.exe
[7] 2006-11-02 09:45 22016 10DA15933D582D2FEDCF705EFE394B09 c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[7] 2008-01-19 07:33 21504 3794B461C45882E06856F282EEF025AF c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

[7] 2008-01-19 07:36 627200 B974D9F06DC7D1908E825DC201681269 c:\windows\System32\user32.dll
[7] 2006-11-02 09:46 633856 E698A5437B89A285ACA3FF022356810A c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[7] 2008-02-21 07:23 633856 63B4F59D7C89B1BF5277F1FFEFD491CD c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[7] 2008-02-21 07:23 633856 9D9F061EDA75425FC67F0365E3467C86 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[7] 2008-01-19 07:36 627200 B974D9F06DC7D1908E825DC201681269 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[7] 2008-01-19 07:37 179200 B304D47D5744BA20FCB99FB8B2C07B0B c:\windows\System32\ws2_32.dll
[7] 2006-11-02 09:46 178688 D99A071C1018BB3D4ABAAD4B62048AC2 c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[7] 2008-01-19 07:37 179200 B304D47D5744BA20FCB99FB8B2C07B0B c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

[7] 2009-05-09 05:50 915456 D78B62CC91F043CED52F23F0085E7FE2 c:\windows\System32\wininet.dll
[7] 2006-11-02 09:46 822272 214A456AADCC7DD1B36E2287BA71A9CA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16386_none_ffb23181a4e80112\wininet.dll
[7] 2008-02-21 07:22 824832 0AD9BE4F82F0389EC9B8A58F2FD16442 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504\wininet.dll
[7] 2008-07-24 10:03 826368 9191790BF02A8D759EC2B4E4FA868407 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll
[7] 2008-06-27 03:54 826368 E74D932CA7B3DA8CDB7A5F11F5A03ABC c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[7] 2008-10-02 03:49 826368 8BF7D225505A4ADA25D9444E91811CEA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
[7] 2008-10-16 04:40 826368 F18C1B151A0B18C35BF0919A9BA0FA0F c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
[7] 2009-01-15 04:16 826368 FF35D495AC08549154D1D96990513CD9 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
[7] 2009-03-03 04:20 826368 BA68744F8FE1BAAC35362F18774972A3 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\wininet.dll
[7] 2009-04-24 16:22 827392 D94BDEEF2E47EB4A46B957253C697F01 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16851_none_ffcda951a4d4204f\wininet.dll
[7] 2008-02-21 07:22 825344 39FBDEC53D5F7C5F4B7C35B9B1926A0F c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20734_none_006fe306bdded9ee\wininet.dll
[7] 2008-07-24 10:03 827392 F40594128A6BFDA6C3F0900796895078 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll
[7] 2008-06-27 03:49 827904 AE7150C0696C656D02FDD48259F4EFF5 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[7] 2008-10-02 03:30 827904 C85EF7DE97ABBF00B16AD11EDFEAC637 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
[7] 2008-10-16 04:24 827904 622FE627D15DD920238A993021F0A4D1 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
[7] 2009-01-15 04:19 827904 65647F41CEC0C8EEC9DF5BC1168EC76C c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
[7] 2009-03-03 04:18 828416 88B57405AC5B2BF513069086F8963635 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\wininet.dll
[7] 2009-04-24 16:01 828928 E7D90AF9B0C7FA98DF353E022EE1C63E c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21046_none_0066ef9cbde5561d\wininet.dll
[7] 2008-01-19 07:36 825856 455D715A840579BDC1CF8E5C1DA76849 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
[7] 2008-07-24 10:03 826880 44FD3968AD885026D94450832A78DE8A c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll
[7] 2008-06-27 04:15 827392 618A51B5FB9DD5810960F6044C0E9289 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[7] 2008-10-02 03:49 827392 C373C19F10601C1AFE7E40907AE48694 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
[7] 2008-10-16 04:47 827392 8F89FFECF6989DD7D9ECCEC6D95D7419 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
[7] 2009-01-15 06:11 827392 FB79A2AA5E92653B9A394FE26D799BF8 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
[7] 2009-03-03 04:40 827392 6E115E2D3FAE5077A361A5BCE78FF170 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\wininet.dll
[7] 2009-04-24 16:05 827904 64EAF7CF461A15DB4EAEB1D50A10E88E c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\wininet.dll
[7] 2008-07-24 10:03 826880 A86218059C228E7691A13E4CB63C4CDF c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll
[7] 2008-06-27 03:50 827904 EDF59D63DDBC8BE0BB4836EFFFC04BDC c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[7] 2008-10-02 03:34 827904 6B2591CDCEFEB8451594288426677CBB c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
[7] 2008-10-16 04:38 827904 4944C9FFE8903A276590D4215F74B937 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
[7] 2009-01-16 05:00 827904 6A986C2CD30633447DAB21A4852E40D6 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
[7] 2009-03-03 04:32 827904 3ED9859939928CA568F487AB42175A33 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\wininet.dll
[7] 2009-04-24 16:00 828416 77C60DD61D21777734B1C945540473A4 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22418_none_026fc85ebaf18fce\wininet.dll
[7] 2009-04-23 12:15 828416 24CBE22F35941FBFD6144A5C011EA999 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.18024_none_03bdcc679f05fbbd\wininet.dll
[7] 2009-04-24 15:43 828416 07DBFC0759F61E95901AF2B2D4E83451 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6002.22121_none_04446854b8264f82\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
[7] 2009-05-09 05:50 915456 D78B62CC91F043CED52F23F0085E7FE2 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
[7] 2009-05-12 22:49 915456 4BEDA2520729640D927E09A51AB916C4 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll

[7] 2008-04-26 08:26 891448 82E266BEE5F0167E41C6ECFDD2A79C02 c:\windows\System32\drivers\tcpip.sys
[7] 2008-01-19 07:43 891448 FC6E2835D667774D409C7C7021EAF9C4 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[7] 2008-04-26 08:26 891448 82E266BEE5F0167E41C6ECFDD2A79C02 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[7] 2008-04-26 08:08 891448 01EC1E92595F839BEE70D439C46796E3 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[7] 2006-11-02 08:58 802816 D944522B048A5FEB7700B5170D3D9423 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16386_none_5f4ed3e0926e99e4\tcpip.sys
[7] 2008-02-21 07:30 803328 5DF77458AA92FDB36FCE79C60F74AB5D c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a\tcpip.sys
[7] 2008-02-21 07:30 806400 52A8BD6294F7D1443C6184C67AE13AF4 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4\tcpip.sys

[7] 2008-01-19 07:33 314880 C2610B6BDBEFC053BBDAB4F1B965CB24 c:\windows\System32\winlogon.exe
[7] 2006-11-02 09:45 308224 9F75392B9128A91ABAFB044EA350BAAD c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[7] 2008-01-19 07:33 314880 C2610B6BDBEFC053BBDAB4F1B965CB24 c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[7] 2008-01-19 07:43 529464 9BDC71790FA08F0A0B5F10462B1BD0B1 c:\windows\System32\drivers\ndis.sys
[7] 2006-11-02 09:51 500840 227C11E1E7CF6EF8AFB2A238D209760C c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[7] 2008-01-19 07:43 529464 9BDC71790FA08F0A0B5F10462B1BD0B1 c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys


[7] 2009-03-03 04:46 3599328 FEB3FB3309EBA85917BDE7F4FD019C9D c:\windows\System32\ntkrnlpa.exe
[7] 2006-11-02 09:51 3502184 CADAA2FCB7F3D18BE056A34D84EE2CA1 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntkrnlpa.exe
[7] 2008-02-21 07:27 3504824 B0315AAB99CA2CF6576E68465B3AC554 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntkrnlpa.exe
[7] 2008-02-21 07:41 3504824 A676D072FF3967821EC292F5C885A32D c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntkrnlpa.exe
[7] 2008-02-21 07:23 3504824 7B3DE8F172BD5BA3842237088595E0DD c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntkrnlpa.exe
[7] 2008-02-21 07:32 3504696 0BE027340C32D14ABECDA068E45E532A c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntkrnlpa.exe
[7] 2008-09-18 04:35 3505208 E67F6247029F6311E643532D2CFFE667 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntkrnlpa.exe
[7] 2009-03-03 04:24 3503584 06BCF21AAA1890328D1F58F0ACBE668D c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntkrnlpa.exe
[7] 2008-01-06 21:29 3504312 A8147A1CC43F032CC3344F3E5CECC3C3 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20591_none_6a736cf7d0623bc3\ntkrnlpa.exe
[7] 2008-02-21 07:27 3504824 A59C7EA8F866BA9EBE06CB57F01FA5E1 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntkrnlpa.exe
[7] 2008-02-21 07:41 3504824 99AC9F5573F9376970A82D77731BE62A c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntkrnlpa.exe
[7] 2008-02-21 07:23 3505848 0BDCA5C80ED74AD207EEC0535D2AF508 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntkrnlpa.exe
[7] 2008-02-21 07:32 3505720 4821AB9F49B32CC17887AE861895826E c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntkrnlpa.exe
[7] 2008-09-18 04:27 3506744 084A3A26A3D1A75D0705D963C0289DD5 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntkrnlpa.exe
[7] 2009-03-03 04:22 3505120 191C702B48681FB2BA5A96F416207ACF c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntkrnlpa.exe
[7] 2008-01-19 07:43 3600440 FE51E8DBBEF2D01EF886499FECBF2D78 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntkrnlpa.exe
[7] 2008-04-26 08:25 3600952 6BB1994F5B62FEF6268F1EBB4014E293 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntkrnlpa.exe
[7] 2008-09-18 05:09 3601464 3EB08788832D9048C617559CEFD208CF c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntkrnlpa.exe
[7] 2009-03-03 04:46 3599328 FEB3FB3309EBA85917BDE7F4FD019C9D c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntkrnlpa.exe
[7] 2008-04-26 08:11 3601464 68EEF02A8846442FE98AD0E0517EE6BC c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntkrnlpa.exe
[7] 2008-09-18 04:54 3601976 DC870DCAA25E5CC1C8A50FAC19CCED45 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntkrnlpa.exe
[7] 2009-03-03 04:37 3600880 641C0F376136E5B6F389016EC48374D2 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntkrnlpa.exe

[7] 2009-03-03 04:46 3547632 393BB8FE05D66ABA7B091E6032179272 c:\windows\System32\ntoskrnl.exe
[7] 2006-11-02 09:51 3467880 883D5B644BFA3DC7298D4731B13AF499 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe
[7] 2008-02-21 07:27 3470008 4F2488EC5D0EBFE868F47681BCF315D3 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16514_none_6a435250b701059d\ntoskrnl.exe
[7] 2008-02-21 07:41 3471032 0E8F7801D17C7437CEE216099B975163 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16551_none_6a1511c2b724295c\ntoskrnl.exe
[7] 2008-02-21 07:23 3470520 2D202D94C6D0EC6B1483D2D47016FA0A c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16575_none_6a037312b730c69a\ntoskrnl.exe
[7] 2008-02-21 07:32 3470392 A0BF353A68B434F2BBFF238FEEB51486 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16584_none_69f7a2dcb739c934\ntoskrnl.exe
[7] 2008-09-18 04:35 3470904 03279407E78F76BA1131DAB35A5E55C0 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_6a18166cb7216faf\ntoskrnl.exe
[7] 2009-03-03 04:24 3469280 3910FE042C707E6BACD0FEC5AB9ECDE6 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b702b714cf98\ntoskrnl.exe
[7] 2008-01-06 21:29 3470008 F28BD6C5F56EF09744D11482A8B7C34B c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20591_none_6a736cf7d0623bc3\ntoskrnl.exe
[7] 2008-02-21 07:27 3470520 99B743BE7149970EB8D9C48FB0A41BF7 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20629_none_6ac720a1d022400b\ntoskrnl.exe
[7] 2008-02-21 07:41 3471544 9E6991F557248A5E6E742D1081583969 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20670_none_6a880e6bd052e7b1\ntoskrnl.exe
[7] 2008-02-21 07:23 3472056 2DF67260DD3167402ABC14DC11112686 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20697_none_6a797099d05cd0f4\ntoskrnl.exe
[7] 2008-02-21 07:32 3471928 B23072AE0FD60A2BE57FD48F81DDB5BB c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20707_none_6adac1cbd013d2a2\ntoskrnl.exe
[7] 2008-09-18 04:27 3472952 1E09CE4D9BB7B6521FB023CAE2E55F63 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_6abf2403d0296cc8\ntoskrnl.exe
[7] 2009-03-03 04:22 3471328 808C86316AED98716C5F305A6265F393 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fcb9d027d2b8\ntoskrnl.exe
[7] 2008-01-19 07:43 3548728 6700F35EBA206E5C89AC27C9A124DC01 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_6c3061a0b4231268\ntoskrnl.exe
[7] 2008-04-26 08:25 3549240 C9CD31B3CBA8134F2B47FB5E78376ACC c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_6bf282f6b4510613\ntoskrnl.exe
[7] 2008-09-18 05:09 3549240 1FD3E8BFFD38F9B145E4B2B238B692F7 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_6c0a2548b43efe06\ntoskrnl.exe
[7] 2009-03-03 04:46 3547632 393BB8FE05D66ABA7B091E6032179272 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c750b42ddca2\ntoskrnl.exe
[7] 2008-04-26 08:11 3549240 22D444D3D88A4C299894B3638A114BF7 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_6c8020e9cd6b0b39\ntoskrnl.exe
[7] 2008-09-18 04:54 3549752 DEA801F2D9FD1DB35ED6B9BC4A6657F1 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_6c822363cd693b0e\ntoskrnl.exe
[7] 2009-03-03 04:37 3548656 DFF34C5D66AB4BF1EED47BF19D1267BB c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c8571cd797017\ntoskrnl.exe

[7] 2008-10-29 06:29 2927104 4F554999D7D5F05DAAEBBA7B5BA1089D c:\windows\explorer.exe
[7] 2006-11-02 09:45 2923520 FD8C53FB002217F6F888BCF6F5D7084D c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[7] 2008-02-21 07:40 2923520 6D06CD98D954FE87FB2DB8108793B399 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[7] 2008-10-29 06:20 2923520 37440D09DEAE0B672A04DCCF7ABF06BE c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[7] 2008-02-21 07:40 2923520 BD06F0BF753BC704B653C3A50F89D362 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[7] 2008-10-28 02:15 2923520 E7156B0B74762D9DE0E66BDCDE06E5FB c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[7] 2008-01-19 07:33 2927104 FFA764631CB70A30065C12EF8E174F9F c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[7] 2008-10-29 06:29 2927104 4F554999D7D5F05DAAEBBA7B5BA1089D c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[7] 2008-10-30 03:59 2927616 50BA5850147410CDE89C523AD3BC606E c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[7] 2008-01-19 07:33 279040 2B336AB6286D6C81FA02CBAB914E3C6C c:\windows\System32\services.exe
[7] 2006-11-02 09:45 279552 329CF3C97CE4C19375C8ABCABAE258B0 c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[7] 2008-01-19 07:33 279040 2B336AB6286D6C81FA02CBAB914E3C6C c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[7] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\System32\lsass.exe
[7] 2006-11-02 09:45 7680 6A0E382E74280E4CC0DF17FE2661D003 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[7] 2009-02-13 07:26 7680 59DE082968FDD257FFF0D209B9A5B460 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[7] 2009-02-13 04:58 7680 AFF8A58280863629CA4FFA9E0B259F1E c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[7] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[7] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[7] 2009-02-13 08:20 9728 F4C62B07E5BF96F1FDCA9DB393ECED22 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

[7] 2006-11-02 09:45 8704 22BFD03DF51065A9ED8D17F8FB72296B c:\windows\System32\ctfmon.exe
[7] 2006-11-02 09:45 8704 22BFD03DF51065A9ED8D17F8FB72296B c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

[7] 2008-01-19 07:33 125952 846CDF9A3CF4DA9B306ADFB7D55EE4C2 c:\windows\System32\spoolsv.exe
[7] 2006-11-02 09:45 124928 DA612EF2556776DF2630B68BF2D48935 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[7] 2008-01-19 07:33 125952 846CDF9A3CF4DA9B306ADFB7D55EE4C2 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe

[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\System32\wuauclt.exe
[7] 2006-11-02 09:46 41472 FF81090B6EF1A42A19DF226632711D25 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe
[7] 2008-02-21 02:53 53080 F3E9065EB617A7E3A832A7976BFA021B c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6000.381_none_981d19142bc9942c\wuauclt.exe
[7] 2008-01-19 07:33 43008 8E93CDF0EA8EDBA63F07E2898A9B2147 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe

[7] 2008-01-19 07:33 25088 0E135526E9785D085BCD9AEDE6FBCBF9 c:\windows\System32\userinit.exe
[7] 2006-11-02 09:45 24576 22027835939F86C3E47AD8E3FBDE3D11 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[7] 2008-01-19 07:33 25088 0E135526E9785D085BCD9AEDE6FBCBF9 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[7] 2008-01-19 07:36 448512 D605031E225AACCBCEB5B76A4F1603A6 c:\windows\System32\termsrv.dll
[7] 2006-11-02 09:46 427520 FAD71C1E8E4047B154E899AE31EB8CAA c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll
[7] 2008-01-19 07:36 448512 D605031E225AACCBCEB5B76A4F1603A6 c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll

[7] 2009-02-13 08:49 888832 DB6E3731E6F5C8AE2843F80B5787F7C6 c:\windows\System32\kernel32.dll
[7] 2006-11-02 09:46 874496 1E36AE445E4DA83B82D51FEB2D4F8772 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[7] 2009-02-13 07:26 875520 B82C7AC1D559F0FD088792171D64C7F3 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[7] 2009-02-13 07:13 875520 BB792054BD990EC05D9E260D50FEAD39 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[7] 2008-01-19 07:34 888320 DC2338093F91BA4E0512208E60206DDD c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[7] 2009-02-13 08:49 888832 DB6E3731E6F5C8AE2843F80B5787F7C6 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[7] 2009-02-13 08:21 890880 1987D817D08F5EAF0B7F334026FDDB79 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll

[7] 2008-01-19 07:36 97280 51832219A52C3535BF4771C375E63F9B c:\windows\System32\powrprof.dll
[7] 2006-11-02 09:46 96768 3CDEC51291F735C5C276B957239017A3 c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6000.16386_none_a0e2dc64ffed4e9d\powrprof.dll
[7] 2008-01-19 07:36 97280 51832219A52C3535BF4771C375E63F9B c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll

[7] 2008-01-19 07:34 114688 EC17194A193CD8E90D27CFB93DFA9A2E c:\windows\System32\imm32.dll
[7] 2006-11-02 09:46 115200 EE12864398F1C3BF5BEE91F6AF9842E1 c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll
[7] 2008-01-19 07:34 114688 EC17194A193CD8E90D27CFB93DFA9A2E c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll



[7] 2008-01-19 07:41 35384 37605E0A8CF00CBBA538E753E4344C6E c:\windows\System32\drivers\kbdclass.sys
[7] 2006-11-02 09:49 32872 1A48765F92BA1A88445FC25C9C9D94FC c:\windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\kbdclass.sys
[7] 2008-02-21 07:38 35384 B076B2AB806B3F696DAB21375389101C c:\windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\kbdclass.sys
[7] 2008-01-19 07:41 35384 37605E0A8CF00CBBA538E753E4344C6E c:\windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\kbdclass.sys
[7] 2008-02-21 07:38 35384 B076B2AB806B3F696DAB21375389101C c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\kbdclass.sys
[7] 2008-02-21 07:38 35384 C9B0CF786D5F151A43C7BE8E243F2819 c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\kbdclass.sys
[7] 2008-01-19 07:41 35384 37605E0A8CF00CBBA538E753E4344C6E c:\windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 20:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-24 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-06-21 304464]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-26 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-26 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-09 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-06-21 304464]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-23 4423680]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

c:\users\De Jongs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-16 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PCM Media Sharing.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PCM Media Sharing.lnk
backup=c:\windows\pss\PCM Media Sharing.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ED1E9675-5C5C-4552-8979-8FFBD704C996}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5A6A6A0-D297-4AA6-9383-21A16C3F9929}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C0B04953-9D63-4886-9FEE-B20972592777}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{64C52DD3-2977-4C34-BDA1-8FD96179DF00}"= c:\program files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{F42A10AE-D383-4A78-9E05-64BBC84376C5}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{A0E22BD1-9D17-41A4-BF50-419B503C50D0}"= c:\program files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{E59634F8-1C07-40AC-84E1-E301FBC238EE}"= c:\program files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2}"= c:\program files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{5F06C73B-3B46-4ED5-983C-2880071833B2}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{1955E669-BE1F-4C13-B854-FB32F2900974}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A8757501-B402-4C19-AD10-EA4697A9512B}"= c:\program files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"TCP Query User{C324516B-FF3B-4742-B048-451819FF4A4F}c:\\program files\\motorola\\software update\\msu.exe"= UDP:c:\program files\motorola\software update\msu.exe:msu
"UDP Query User{66481570-053F-4592-BB23-A51324A3559E}c:\\program files\\motorola\\software update\\msu.exe"= TCP:c:\program files\motorola\software update\msu.exe:msu
"{EECA4C64-6486-47D6-9E31-96CE0A961EEE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E329D7A9-457C-43A9-8A4F-47EE74F40E3C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D54F10BF-9565-4E87-A7A3-E88310A0C3F2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3EC65432-00A0-4DE6-98C0-3D318F48C6A0}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer(tm) generals\\game.dat"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat:game.dat
"UDP Query User{BCA2555F-2737-4798-AEE5-98A77FAD83A9}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer(tm) generals\\game.dat"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat:game.dat
"TCP Query User{6295FAF3-52AF-44C8-9142-47246F82C80E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5B2523B4-6D61-4E55-BACE-D5EE54043AFE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6FCD4103-B0F4-480F-B8B4-12AA92B383DF}"= UDP:g:\limewire\LimeWire.exe:LimeWire
"{5D5BA800-D078-4A2E-853A-F846FEE65EC7}"= TCP:g:\limewire\LimeWire.exe:LimeWire
"TCP Query User{A2FCD307-B0E0-4614-9094-1B97A6512311}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3287F72C-09D0-4A92-A159-16B1D0E3F701}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{27A5E50F-1D03-49D4-869A-5517E8885697}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{7CBEC626-BE34-4403-9CED-0869207D2711}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"{9273B752-C00C-45D0-B34A-28EAC4DD86C4}"= UDP:g:\limewire\LimeWire.exe:LimeWire
"{9FDC7963-8226-4ADC-8062-6AC82182C8EC}"= TCP:g:\limewire\LimeWire.exe:LimeWire
"TCP Query User{25ED7B49-D351-48F2-A9CC-EAADE655DD88}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{C422CEF0-9EEB-43C5-A085-F045BDC338D1}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{366E3D09-8514-4862-AAA1-A7519049B0C7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{2C25FDF9-CFBE-4C89-BC1E-18278403204C}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{B4FE1729-8913-4EBE-9285-F271EE7680CA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{E17C30FF-135D-463E-8789-7EF2BAD470AD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6270445B-CAEA-4F82-A25C-D724E2DA408E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{2515916A-6BFB-483F-B920-A0915414637C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{30B7F705-DA3A-48DD-A255-0AE30AF8E182}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56BAD59E-56CB-4AF5-AA40-B9B20E9AD6F8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F56ADC9E-A2C1-4AE3-956E-6A88107EF88A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [26/04/2009 12:11 PM 12552]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [23/03/2009 5:07 AM 29208]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [26/04/2009 12:10 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [02/05/2009 8:38 AM 108552]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [16/04/2007 6:13 PM 266343]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/05/2009 8:38 AM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/05/2009 8:38 AM 298776]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [20/06/2009 11:34 PM 55504]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [27/07/2008 9:55 PM 21504]
R2 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [27/07/2008 9:55 PM 21504]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [27/07/2008 9:55 PM 21504]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [23/03/2009 5:07 AM 305688]
S2 gupdate1c98bef1e8188a0;Google Update Service (gupdate1c98bef1e8188a0);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2009 7:19 PM 133104]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [07/05/2007 4:11 PM 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-24 23:59]

2009-06-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 02:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\BGLsp.dll
FF - ProfilePath - c:\users\De Jongs\AppData\Roaming\Mozilla\Firefox\Profiles\uwe65zos.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-06-22 18:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-23 19:02
ComboFix-quarantined-files.txt 2009-06-23 02:02

Pre-Run: 61,620,531,200 bytes free
Post-Run: 61,430,018,048 bytes free

813 --- E O F --- 2009-06-20 17:40
Posted 6/23/2009 5:24 AM
#74626
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Sounds good :smile:


[color=#000000>



Download: CCleaner here:
https://www.ccleaner.com/

Once installed, run CCleaner click the Windows tab

Select the following:

Internet Explorer:

Temp Internet

History

Recently Typed URLs

Delete Index.dat files

System:

Empty Recycle Bin

Temporary Files

Memory Dumps

Chkdsk File Fragments

Old Prefetch Data

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit



Please download Malwarebytes' Anti-Malware:
https://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Click here: https://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

to download HJTinstall.exe

Save HJTinstall.exe to your desktop.

Double click on the HJTinstall.exe icon on your desktop.

By default it will install to C:\Program Files\Trend Micro\Hijack This.

Click I accept

Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.

Click Save to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

DO NOT have Hijack This fix anything yet.

Most of what it finds will be harmless or even required.



Post hijackthis log along with Malwarebytes' Anti-Malware log, and tell how things are running ?

[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/23/2009 8:37 AM
#74636
User avatar

Steve_B Member

Date Joined Nov 2016
Total Posts: 4
[s]Scan your computer with Malwarebytes' Anti-Malware, or use manual removal guide.
These are quite informative:
[/s]
Posted 6/24/2009 4:49 AM
#74671
User avatar

Jordan_556 Member

Date Joined Nov 2016
Total Posts: 6
Still working good dont have a desktop full of add windows in the morning anymore the only thing that seems to be slow is trying to open IE or firefox both take about 15-20sec to load and then all websites load slow...have cable internet 25mb sec


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:37 PM, on 23/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c98bef1e8188a0) (gupdate1c98bef1e8188a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

--
End of file - 10186 bytes




Malwarebytes' Anti-Malware 1.38
Database version: 2327
Windows 6.0.6001 Service Pack 1

23/06/2009 9:33:56 PM
mbam-log-2009-06-23 (21-33-42).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|)
Objects scanned: 197080
Time elapsed: 2 hour(s), 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\De Jongs\downloads\noadware.exe (Rogue.NoAdware) -> No action taken.
c:\Users\De Jongs\downloads\setupxv.exe (Rogue.Installer) -> No action taken.
c:\Users\De Jongs\downloads\SopCast\SopCast\Setup-SopCast-3.0.3-2008-4-30.exe (Rogue.Installer) -> No action taken.
Posted 6/24/2009 5:07 AM
#74672
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Ok.


Download the Norton Removal Tool (SymNRT) to your Desktop.

https://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Once downloaded please close ALL open browsers, also save any work because this may require a restart.

Go to your desktop and double click on the removal tool and then click Setup.
Once open Click Next
Accept the license agreement and click Next
Type in the letters/numbers that you see into the text box then click Next.
Then click Next and the tool will start running.
Once finished restart the PC and run the tool again to ensure everything has been removed.
Delete Nortonremoval tool from your Desktop.





Remove/uninstall from "[color=black>AVG8]or Bullguard.[/color]

[color=black>

Reboot, post new hijackthis log and tell how things are running now ?[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/24/2009 7:31 AM
#74678
User avatar

Jordan_556 Member

Date Joined Nov 2016
Total Posts: 6
everything is working but now anything you want to do on the computer..open files delete them or load anything it takes a long time over 30sec and then once the box is loaded you have to wait for the info inside it to show *example click on my computer and after 30sec you get a blank box then 30 more sec it starts showing the contents


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:37 PM, on 23/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c98bef1e8188a0) (gupdate1c98bef1e8188a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

--
End of file - 10186 bytes
Posted 6/24/2009 7:58 AM
#74679
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
It´s the same log you have posted twice ;-)

Scan saved at 9:44:37 PM, on 23/06/2009

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/25/2009 3:04 AM
#74705
User avatar

Jordan_556 Member

Date Joined Nov 2016
Total Posts: 6
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:55 PM, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate1c98bef1e8188a0) (gupdate1c98bef1e8188a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)

--
End of file - 9112 bytes
Posted 6/25/2009 3:16 AM
#74706
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
[2]R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
[/2]

[2]O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
[/2]

[2]O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll[/2]





[2]Reboot, and tell how things are running now ?[/2]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 6/27/2009 5:33 PM
#74773
User avatar

Jordan_556 Member

Date Joined Nov 2016
Total Posts: 6
ok i deleted the info and restarted the computer things are working great now!! the only thing left pissing me off is windows vista haha i hate the user account control any way of shuting it off or making vista run faster/smoother like xp?

Thanks for your time and help, looks like my computer is going to live to see another day now :lol:
Jordan
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, September 26, 2022, 2:28 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
37 Guest(s), 0 Registered Member(s) are currently online.