[slyk5]

so a couple of months ago i was infected with Troj/Rustok-N i know this because the site i was at when i was infected told me i had it, i looked it up and tried to figure out how to remove it and i downloaded malawarebytes and super anti spyware and spyware doctor and tried to run scans on them but they wouldnt update so it was difficult, eventually using another computer and doing some stuff i forget exactly what i did i got the porgrams to update but they didnt find anything bad most of the threats they found were either mild or moderate, so i feel it really didnt find it and instead found other infections that were the result of the main infection... i have felt the computer slow down since then and ive been running scans with malaware bytes and super anti spyware with minimal results showing up and the computer still doesnt feel as fast as it was before i got infected. so i think its still there and bogging everythign down.

i am runing windows vista

[slyk5]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:54 PM, on 11/9/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\ali\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.19.16:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\ali\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\ali\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8315 bytes

[Dakeyras]

Quote:

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hi slyk5 and welcome to Tech Support Guy.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!.
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Scan with Rooter:

Please download Rooter to your desktop.

• Right click on Rooter.exe and select Run as Administrator to start the application.
• Now click on the Scan button.
• When the scan is completed a text file called Rooter.txt will appear on your desktop, post the contents in your next reply.
• Now click on Close button to exit Rooter.

Note: The logfile can also be located within this folder Rooter$ at the root of your installed Hard-Drive. EG: C:\Rooter$

Scan with RSIT:

• Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

• Right click on RSIT.exe and select Run as Administrator to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any further symptoms and or problems encountered?
• Rooter Log.
• Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

[slyk5]

hi thank you Dakeyras for helping me, i was out of town and was not at my computer so i couldnt respond to your post. but now i am back.

first problem the link to the rooter.exe is down it says there is no more badnwith left

second

the computer is running the same it still seems sluggish, but i spent some time removing old programs with a program called revo uninstaller so i got rid of 10-15 programs i dont use anymore. and i think it helped a bit but not much.

i ran rsit.exe

i will post the logs in the next posts.

thank you

edit: the log.txt file was loo long to post is one post so i divided it up into log.txt part 1 and part 2

thank you

[slyk5]

log.txt part 1

Logfile of random's system information tool 1.06 (written by random/random)
Run by ali at 2009-11-18 12:53:17
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (14%) free of 227 GB
Total RAM: 2037 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:49 PM, on 11/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\ali\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Users\ali\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\System32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\ali\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\ali.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/default
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.19.16:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\ali\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\ali\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8539 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2942364553-2635985932-1836133300-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2942364553-2635985932-1836133300-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{0938A06A-4A73-40A1-8B3C-21525F1ED73A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-17 81000]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-12 69632]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Users\ali\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"Google Update"=C:\Users\ali\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-24 133104]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FIREWALL SERVICE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ali^AppData^Roaming^Microsoft^Windows ^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2008-10-24 98696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf010 00.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSv c]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUs bccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{21b360f3-68e8-11dd-a943-001eec2a74f4}]
shell\AutoRun\command - AutoRun\AutoStart.exe
shell\Explore\command - AutoRun\AutoStart.exe
shell\Open\command - AutoRun\AutoStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{21b36117-68e8-11dd-a943-001eec2a74f4}]
shell\AutoRun\command - kinza.exe
shell\explore\command - kinza.exe
shell\open\command - kinza.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{21b3611a-68e8-11dd-a943-001eec2a74f4}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{2604ce57-692e-11dd-82bf-001eec2a74f4}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{371e7da3-786b-11de-8879-001eec2a74f4}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{5b9c127c-74ee-11dd-9dbf-001eec2a74f4}]
shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{6db20912-f821-11dd-9d43-001eec2a74f4}]
shell\AutoRun\command - RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe
shell\open\command - RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{e7b799a6-adbd-11dd-b7f5-001eec2a74f4}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[slyk5]

log.txt part 2

======List of files/folders created in the last 1 months======

2009-12-22 11:45:32 ----A---- C:\Windows\system32\35949hz5at5184.dll
2009-12-20 17:33:42 ----A---- C:\Windows\system32\1zv591945.dll
2009-12-19 12:12:24 ----A---- C:\Windows\system32\54693sp9mboz5d7.exe
2009-12-13 18:11:13 ----A---- C:\Windows\system32\9b94z5eal527.dll
2009-12-03 16:53:08 ----A---- C:\Windows\system32\4c99addwaze26135.dll
2009-12-02 22:04:37 ----A---- C:\Windows\system32\9z9805roj4cc.dll
2009-12-01 01:54:42 ----A---- C:\Windows\system32\15589spam5ot7bz.dll
2009-11-23 05:14:14 ----A---- C:\Windows\system32\9ca3spyw5rz1623.exe
2009-11-22 03:06:33 ----A---- C:\Windows\system32\58456hazktool4559.dll
2009-11-20 22:32:21 ----A---- C:\Windows\system32\14925not-a-virzs5e5.exe
2009-11-18 12:53:16 ----D---- C:\rsit
2009-11-17 03:19:59 ----D---- C:\Program Files\Windows Portable Devices
2009-11-17 03:03:31 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-17 03:03:29 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-17 03:03:29 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-17 03:02:53 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-17 03:02:51 ----A---- C:\Windows\system32\cdd.dll
2009-11-17 03:02:49 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-17 03:02:49 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-17 03:02:49 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-17 03:02:49 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-17 03:02:49 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-17 03:02:49 ----A---- C:\Windows\system32\d2d1.dll
2009-11-17 03:02:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-17 03:02:48 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-17 03:02:48 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-17 03:02:48 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-17 03:02:48 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-17 03:02:47 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-17 03:02:47 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-17 03:02:47 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-17 03:02:46 ----A---- C:\Windows\system32\FntCache.dll
2009-11-17 03:02:46 ----A---- C:\Windows\system32\DWrite.dll
2009-11-17 03:02:46 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-17 03:02:46 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-17 03:02:46 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-17 03:02:45 ----A---- C:\Windows\system32\dxgi.dll
2009-11-17 03:02:45 ----A---- C:\Windows\system32\d3d11.dll
2009-11-17 03:02:45 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-17 03:02:45 ----A---- C:\Windows\system32\d3d10.dll
2009-11-17 03:02:11 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-17 03:02:11 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-17 03:02:11 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-17 03:02:06 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-17 03:02:01 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-17 03:02:01 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-17 03:02:01 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-17 03:02:01 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-17 03:02:01 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-17 03:02:00 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-17 03:02:00 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-17 03:02:00 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-17 03:00:31 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-17 03:00:29 ----A---- C:\Windows\system32\oleacc.dll
2009-11-17 03:00:28 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-15 00:25:32 ----A---- C:\Windows\system32\9552zot-a-virus64f.dll
2009-11-11 21:36:55 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-11 09:49:36 ----D---- C:\Users\ali\AppData\Roaming\mIRC
2009-11-11 09:49:36 ----D---- C:\Program Files\mIRC
2009-11-09 19:23:08 ----D---- C:\Program Files\Trend Micro
2009-11-09 13:16:55 ----A---- C:\Windows\system32\javaws.exe
2009-11-09 13:16:55 ----A---- C:\Windows\system32\javaw.exe
2009-11-09 13:16:55 ----A---- C:\Windows\system32\java.exe
2009-11-08 22:23:31 ----A---- C:\Windows\system32\js32.dll
2009-11-07 19:50:54 ----A---- C:\Windows\system32\1955tzoj195.exe
2009-11-05 03:03:52 ----A---- C:\Windows\system32\mshtml.dll
2009-11-04 17:44:45 ----A---- C:\Windows\system32\1c9zhreat69455.exe
2009-10-27 19:52:24 ----A---- C:\Windows\system32\wmp.dll
2009-10-27 19:52:17 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-27 19:52:12 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-23 22:16:54 ----A---- C:\Windows\system32\4ac9bac5dzor2913.dll
2009-10-21 18:33:46 ----A---- C:\Windows\system32\wininet.dll
2009-10-21 18:33:45 ----A---- C:\Windows\system32\urlmon.dll
2009-10-21 18:33:40 ----A---- C:\Windows\system32\ieframe.dll
2009-10-21 18:33:37 ----A---- C:\Windows\system32\ieui.dll
2009-10-21 18:33:34 ----A---- C:\Windows\system32\ieencode.dll
2009-10-21 18:33:32 ----A---- C:\Windows\system32\ieapfltr.dll
2009-10-20 12:23:43 ----D---- C:\Windows\system32\eu-ES
2009-10-20 12:23:43 ----D---- C:\Windows\system32\ca-ES
2009-10-20 12:23:42 ----D---- C:\Windows\system32\vi-VN
2009-10-20 01:45:05 ----A---- C:\Windows\system32\1892virusz505.dll
2009-10-19 19:28:14 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-19 19:28:06 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-19 19:28:02 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-19 19:25:30 ----A---- C:\Windows\system32\msasn1.dll
2009-10-19 19:25:04 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 1 months======

2009-11-18 12:53:28 ----D---- C:\Windows\Prefetch
2009-11-18 12:53:25 ----D---- C:\Windows\Temp
2009-11-18 12:43:37 ----D---- C:\Program Files\Diablo II
2009-11-18 12:38:06 ----D---- C:\Program Files\Mozilla Firefox
2009-11-18 03:58:28 ----SHD---- C:\System Volume Information
2009-11-18 02:11:13 ----D---- C:\Users\ali\AppData\Roaming\vlc
2009-11-18 01:52:31 ----D---- C:\Users\ali\AppData\Roaming\uTorrent
2009-11-17 03:38:39 ----D---- C:\Windows\rescache
2009-11-17 03:27:06 ----D---- C:\Windows\System32
2009-11-17 03:27:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-17 03:27:05 ----D---- C:\Windows\inf
2009-11-17 03:23:24 ----D---- C:\Windows\system32\Tasks
2009-11-17 03:20:09 ----D---- C:\WINDOWS
2009-11-17 03:20:00 ----D---- C:\Windows\system32\en-US
2009-11-17 03:19:59 ----RD---- C:\Program Files
2009-11-17 03:19:59 ----D---- C:\Windows\system32\wbem
2009-11-17 03:19:59 ----D---- C:\Windows\system32\drivers
2009-11-17 03:19:57 ----D---- C:\Windows\system32\zh-HK
2009-11-17 03:19:57 ----D---- C:\Windows\system32\uk-UA
2009-11-17 03:19:57 ----D---- C:\Windows\system32\tr-TR
2009-11-17 03:19:57 ----D---- C:\Windows\system32\th-TH
2009-11-17 03:19:57 ----D---- C:\Windows\system32\sv-SE
2009-11-17 03:19:57 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-17 03:19:57 ----D---- C:\Windows\system32\sl-SI
2009-11-17 03:19:57 ----D---- C:\Windows\system32\pt-PT
2009-11-17 03:19:57 ----D---- C:\Windows\system32\pt-BR
2009-11-17 03:19:57 ----D---- C:\Windows\system32\pl-PL
2009-11-17 03:19:57 ----D---- C:\Windows\system32\nl-NL
2009-11-17 03:19:57 ----D---- C:\Windows\system32\ko-KR
2009-11-17 03:19:57 ----D---- C:\Windows\system32\it-IT
2009-11-17 03:19:57 ----D---- C:\Windows\system32\hu-HU
2009-11-17 03:19:57 ----D---- C:\Windows\system32\hr-HR
2009-11-17 03:19:57 ----D---- C:\Windows\system32\he-IL
2009-11-17 03:19:57 ----D---- C:\Windows\system32\fr-FR
2009-11-17 03:19:57 ----D---- C:\Windows\system32\fi-FI
2009-11-17 03:19:57 ----D---- C:\Windows\system32\el-GR
2009-11-17 03:19:57 ----D---- C:\Windows\system32\bg-BG
2009-11-17 03:19:56 ----D---- C:\Windows\system32\zh-TW
2009-11-17 03:19:56 ----D---- C:\Windows\system32\zh-CN
2009-11-17 03:19:56 ----D---- C:\Windows\system32\sk-SK
2009-11-17 03:19:56 ----D---- C:\Windows\system32\ru-RU
2009-11-17 03:19:56 ----D---- C:\Windows\system32\ro-RO
2009-11-17 03:19:56 ----D---- C:\Windows\system32\nb-NO
2009-11-17 03:19:56 ----D---- C:\Windows\system32\lv-LV
2009-11-17 03:19:56 ----D---- C:\Windows\system32\lt-LT
2009-11-17 03:19:56 ----D---- C:\Windows\system32\ja-JP
2009-11-17 03:19:56 ----D---- C:\Windows\system32\et-EE
2009-11-17 03:19:56 ----D---- C:\Windows\system32\es-ES
2009-11-17 03:19:56 ----D---- C:\Windows\system32\de-DE
2009-11-17 03:19:56 ----D---- C:\Windows\system32\da-DK
2009-11-17 03:19:56 ----D---- C:\Windows\system32\cs-CZ
2009-11-17 03:19:56 ----D---- C:\Windows\system32\ar-SA
2009-11-17 03:03:46 ----D---- C:\Windows\winsxs
2009-11-17 03:03:44 ----D---- C:\Windows\system32\catroot
2009-11-17 03:03:14 ----D---- C:\Windows\system32\catroot2
2009-11-12 03:21:01 ----D---- C:\Program Files\Windows Mail
2009-11-12 03:05:39 ----SHD---- C:\Windows\Installer
2009-11-12 03:05:38 ----D---- C:\ProgramData\Microsoft Help
2009-11-12 03:02:01 ----D---- C:\Windows\Debug
2009-11-09 19:35:11 ----D---- C:\Program Files\Common Files
2009-11-09 19:26:01 ----HD---- C:\ProgramData
2009-11-09 19:25:59 ----AD---- C:\ProgramData\TEMP
2009-11-09 19:13:14 ----SD---- C:\Users\ali\AppData\Roaming\Microsoft
2009-11-09 19:08:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-09 19:06:08 ----D---- C:\Program Files\CyberLink
2009-11-09 18:46:20 ----D---- C:\Users\ali\AppData\Roaming\DMCache
2009-11-09 18:40:29 ----D---- C:\Program Files\HP
2009-11-09 18:37:49 ----D---- C:\ProgramData\HP
2009-11-09 18:32:39 ----D---- C:\Program Files\Hewlett-Packard
2009-11-09 18:28:21 ----D---- C:\ProgramData\CyberLink
2009-11-09 18:02:25 ----D---- C:\Program Files\Red Kawa
2009-11-09 17:57:22 ----D---- C:\Users\ali\AppData\Roaming\FLVPlayer4Free
2009-11-09 17:54:36 ----D---- C:\Program Files\Valve
2009-11-09 13:16:50 ----D---- C:\Program Files\Java
2009-11-05 12:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-11-05 03:02:00 ----D---- C:\Windows\SoftwareDistribution
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-29 06:49:11 ----D---- C:\ProgramData\Adobe
2009-10-28 12:46:28 ----D---- C:\Program Files\Common Files\Adobe
2009-10-28 06:23:34 ----D---- C:\Program Files\Windows Media Player
2009-10-22 08:35:11 ----D---- C:\Program Files\Registry Mechanic
2009-10-21 06:01:27 ----D---- C:\Windows\Microsoft.NET
2009-10-21 06:00:46 ----RSD---- C:\Windows\assembly
2009-10-20 12:35:14 ----SHD---- C:\boot
2009-10-20 12:24:27 ----D---- C:\Program Files\Windows Sidebar
2009-10-20 12:24:27 ----D---- C:\Program Files\Windows Collaboration
2009-10-20 12:24:27 ----D---- C:\Program Files\Windows Calendar
2009-10-20 12:24:27 ----D---- C:\Program Files\Movie Maker
2009-10-20 12:24:27 ----D---- C:\Program Files\Internet Explorer
2009-10-20 12:24:26 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-20 12:24:26 ----D---- C:\Program Files\Windows Journal
2009-10-20 12:24:26 ----D---- C:\Program Files\Common Files\System
2009-10-20 12:24:24 ----D---- C:\Windows\servicing
2009-10-20 12:24:24 ----D---- C:\Windows\ehome
2009-10-20 12:24:24 ----D---- C:\Program Files\Windows Defender
2009-10-20 12:24:18 ----D---- C:\Windows\system32\XPSViewer
2009-10-20 12:24:18 ----D---- C:\Windows\IME
2009-10-20 12:24:15 ----D---- C:\Windows\system32\oobe
2009-10-20 12:24:15 ----D---- C:\Windows\system32\migration
2009-10-20 12:24:13 ----D---- C:\Windows\system32\SLUI
2009-10-20 12:24:13 ----D---- C:\Windows\system32\setup
2009-10-20 12:24:13 ----D---- C:\Windows\system32\AdvancedInstallers
2009-10-20 12:24:12 ----D---- C:\Windows\system32\manifeststore
2009-10-20 12:24:12 ----D---- C:\Windows\system32\en
2009-10-20 12:24:08 ----D---- C:\Windows\system32\migwiz
2009-10-20 12:23:49 ----RSD---- C:\Windows\Fonts
2009-10-20 12:23:49 ----D---- C:\Windows\AppPatch
2009-10-20 12:23:42 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-08-17 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-08-17 53328]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 a6git6lx;a6git6lx; C:\Windows\system32\drivers\a6git6lx.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 papycpu;papycpu; C:\Windows\system32\drivers\papycpu.sys [1998-09-04 1984]
S3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R01000000 papycpu2;papycpu2; C:\Windows\system32\drivers\papycpu2.sys [2001-04-20 2016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[slyk5]

info.txt
info.txt logfile of random's system information tool 1.06 2009-11-18 12:53:56

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bridge Building Game v1.25-->"D:\Games\Bridge Building Game v1.25\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Gammacoder-->"C:\Program Files\Gammacoder\Uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{BBC783B7-8725-3B1C-B49A-BA7F09391251}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0093-->MsiExec.exe /I{D7358B07-4F10-4014-9869-7999578BE8ED}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Madden NFL 08-->C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Railroad Tycoon II - Platinum-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BED27751-CD2A-4C2F-9813-00B9B60C76FE}\setup.exe"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims™ Life Stories-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
TORCS - The Open Racing Car Simulator 1.3.1-->C:\Program Files\torcs\uninst.exe
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! antivirus 4.8.1290 [VPS 081119-0]
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: avast! antivirus 4.8.1290 [VPS 081119-0]

======System event log======

Computer Name: ali-PC
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 110079
Source Name: Service Control Manager
Time Written: 20090612163639.000000-000
Event Type: Error
User:

Computer Name: ali-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Record Number: 110078
Source Name: Service Control Manager
Time Written: 20090612163639.000000-000
Event Type: Error
User:

Computer Name: ali-PC
Event Code: 7000
Message: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 110077
Source Name: Service Control Manager
Time Written: 20090612163639.000000-000
Event Type: Error
User:

Computer Name: ali-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Record Number: 110076
Source Name: Service Control Manager
Time Written: 20090612163639.000000-000
Event Type: Error
User:

Computer Name: ali-PC
Event Code: 10005
Message: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 110075
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090612163639.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: ali-PC
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c, exception code 0xc0000005, fault offset 0x0004e6ca, process id 0xeec, application start time 0x01c8e3d3679e4a11.
Record Number: 172
Source Name: Application Error
Time Written: 20080712061302.000000-000
Event Type: Error
User:

Computer Name: ali-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 159
Source Name: Microsoft-Windows-WMI
Time Written: 20080712035744.000000-000
Event Type: Error
User:

Computer Name: ali-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2942364553-2635985932-1836133300-1000_Classes:
Process 1564 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000_CLASSES

Record Number: 128
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080712031621.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ali-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
7 user registry handles leaked from \Registry\User\S-1-5-21-2942364553-2635985932-1836133300-1000:
Process 552 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000
Process 1564 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000
Process 3960 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000\Software
Process 3960 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000\Software
Process 3960 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3960 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000\Software\Policies
Process 3960 (\Device\HarddiskVolume1\WINDOWS\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2942364553-2635985932-1836133300-1000\Software\Policies

Record Number: 127
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080712031620.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ali-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {60d834c3-c7a4-4247-87f0-93261ec1d8f6}
Record Number: 71
Source Name: VSS
Time Written: 20080712020301.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: ali-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2942364553-2635985932-1836133300-501
Account Name: Guest
Account Domain: ali-PC
Logon ID: 0x35ed7b

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1258016
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618113705.668971-000
Event Type: Audit Success
User:

Computer Name: ali-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2942364553-2635985932-1836133300-501
Account Name: Guest
Account Domain: ali-PC
Logon ID: 0x35ed2b

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1258015
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618113705.560971-000
Event Type: Audit Success
User:

Computer Name: ali-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2942364553-2635985932-1836133300-501
Account Name: Guest
Account Domain: ali-PC
Logon ID: 0x35ed19

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1258014
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618113705.452971-000
Event Type: Audit Success
User:

Computer Name: ali-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2942364553-2635985932-1836133300-501
Account Name: Guest
Account Domain: ali-PC
Logon ID: 0x35ed07

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1258013
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618113705.341971-000
Event Type: Audit Success
User:

Computer Name: ali-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-2942364553-2635985932-1836133300-501
Account Name: Guest
Account Domain: ali-PC
Logon ID: 0x35ecf5

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1258012
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090618113705.230971-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Pro gram Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=MCD
"PCBRAND"=Presario
"OnlineServices"=Online Services
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[Dakeyras]

Hi.

Quote:

hi thank you Dakeyras for helping me, i was out of town and was not at my computer so i couldnt respond to your post. but now i am back.

You're welcome and no problem.

Quote:

the computer is running the same it still seems sluggish, but i spent some time removing old programs with a program called revo uninstaller so i got rid of 10-15 programs i dont use anymore. and i think it helped a bit but not much.

OK thanks for the update.

Some friendly advice about Revo Uninstaller. It is a very powerful application and includes a pseudo registry cleaner and if used incorrectly it will render your machine nothing more than a expensive door stop. Personally I would not recommend it but its your computer after-all and if you do decide to keep it installed please do not use it during the malware removal process, thank you.

Quote:

first problem the link to the rooter.exe is down it says there is no more badnwith left

Appears to be working again now. But no need for the log at this time as I will be asking for a different scan now after researching the other logs provided.

Quote:

edit: the log.txt file was loo long to post is one post so i divided it up into log.txt part 1 and part 2

OK in future if any logs I request are too large to fit in one post merely upload them as a attachment please.

Next:

Did you set the below proxy's yourself and or recognise them at all?

Quote:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.19.16:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

At present with the Guard feature of the aforementioned being active, it will be in conflict with Windows Defender. At some point may cause a system conflict and actually lesson overall online protection.
My advice would be to disable the Guard and keep the application as a on-demand scanner only as follows:-

Disable SUPERAntiSpyware:

• Right-click on the shortcut from the system tray
• Choose View Control Center (preferences/options)
• On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
• Click Close to exit.

WildTangent Advice:

This is a known system resource hog and has a questionable side, if you do not play games I highly suggest you remove this. However it will require a specialist removal tool to do. Let myself know if you wish to keep this or not.

Next:

USB drive/devices advice, it appears one of more is infected, do reconnect any to your machine and or to any other for the time being. We will address this in due course.

Scan with GMER:


Please download GMER Rootkit Scanner from here.

• Right click on the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  Click the image to enlarge it
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.

• How is you computer performing now? Any problems encountered and or any further symptoms?
• Anwsers to my questions.
• GMER Log.

[slyk5]

Quote:

Did you set the below proxy's yourself and or recognise them at all?
Quote:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.19.16:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

yes i set those proxies for school, but i dont use them anymore.

Quote:

SUPERAntiSpyware Advice:

CAUTION: SuperAntiSpyware comes with a programme called Bootsafe, do not for any reason use this programme, if used on an infected computer it could render it UNBOOTABLE.

At present with the Guard feature of the aforementioned being active, it will be in conflict with Windows Defender. At some point may cause a system conflict and actually lesson overall online protection.
My advice would be to disable the Guard and keep the application as a on-demand scanner only as follows:-

Disable SUPERAntiSpyware:

* Right-click on the shortcut from the system tray
* Choose View Control Center (preferences/options)
* On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
* Click Close to exit.

currently super anti spyware does not show up in the task bar because i have set it not to start the program at startup. i used the program to try to get rid of this infection and id like to get rid of it if i dont need it. pls let me know if i can uninstall it as a well as malawarebytes.

Quote:

WildTangent Advice:

This is a known system resource hog and has a questionable side, if you do not play games I highly suggest you remove this. However it will require a specialist removal tool to do. Let myself know if you wish to keep this or not.

i have not ever played any wild tangent games and i do not intend to. i wish to remove all wild tanget products for my computer. i have not noticed any processes running.

Quote:

Next:

USB drive/devices advice, it appears one of more is infected, do reconnect any to your machine and or to any other for the time being. We will address this in due course.

the only usb devices i had conneccted to the computer durring the scan was a mouse. do you mean to say do not connect any usb drives to the computer at this time? i have used usb drives on this computer while i thought it was infected, do those usb drives now have the ifecction as well? what should i do with the drives i suspect of being infected? will using the usb drives i susupect of being infected cause a re-infection?

Quote:

Scan with GMER:


Please download GMER Rootkit Scanner from here.

* Right click on the .exe file and select Run as Administrator. If asked to allow gmer.sys driver to load, please consent
* If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

Click the image to enlarge it
* In the right panel, you will see several boxes that have been checked. Uncheck the following ...
o Sections
o IAT/EAT
o Drives/Partition other than Systemdrive (typically C:\)
o Show All (don't miss this one)
* Then click the Scan button & wait for it to finish
* Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
* Save it where you can easily find it, such as your desktop, and post it in reply

GMER could not complete its scan. i downloaded the file to the desktop and ran the exe. it had some initiallizing scan it completed, i unchecked the boxes you wanted me to and i pressed scan. about 30-60 seconds into the scan a window pops up saying:

Quote:

q0m6u9hr.exe is not responding. windows is trying to find a solution or somethign like that

so the program closes and i try to run GMER again. this time same error, 30-60 seconds into the scan and while windows is searching for solutions to the problem the screen turns blue and there are a whole bunch of numbers and other stuff. at the bottom it says dumping physical memory to disk with the numbers increasing from 0 to 100

so once the numbers reach 100 the computer turns off and turns back on again and it asks me if i want to start windows normally. i say yes, start windows normally. and i try to scan again, same error and then blue screen again. i try one more time again same error and blue screen.

now what?

[Dakeyras]

Hi.

We can disinfect your various USB drives in due course. However I actually suspect the registry may be damaged on your computer plus further research has revealed more bad news I'm afraid. One or more of the identified infections is a Back-door Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords. Plus if the registry is corrupted as I suspect unfortunately the only recourse is a reformat and reinstallation of the Windows operating system.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.

[Dakeyras]

As it has been a substantial amount of time without a reply, I take it that you do not require anymore help so I have now un-subscribed from this topic.

Due to limited free time and the fact I provide assistance in other forums, I can only have so many open threads at any one time and if yours isn't active, somebody else's will be.