Is My Computer Being Hacked?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

warner444

Thread Starter
Joined
Mar 3, 2008
Messages
3
Hi

Will appreciate your knowledge and insight. I noticed my drive being accessed a lot. Way more then usual. I am going to put up some logs and info and maybe someone can tell me what else to look at.

I see some logs that look very much like a continued attempt to access my drives
after seeing Wbem running a lot Process Explorer. It looks like the dates are off but htis is fresh today so there must be some date error in the logging. These are fresh this AM.

wmiprov.log

(Mon Jan 18 09:48:08 2010.297093) : Serivce ContentFilter has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 09:48:08 2010.297093) : Collect for service ContentFilter returned 0-Size BLOBs
(Mon Jan 18 09:48:08 2010.297250) : Serivce ContentIndex has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 09:48:08 2010.297250) : Collect for service ContentIndex returned 0-Size BLOBs
(Mon Jan 18 09:48:18 2010.306984) : Serivce ISAPISearch has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 09:48:18 2010.306984) : Collect for service ISAPISearch returned 0-Size BLOBs
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
(Mon Jan 18 18:05:02 2010.9642468) : Serivce .NET CLR Data has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 18:05:03 2010.9642656) : Collect for service .NET CLR Data returned 0-Size BLOBs
(Mon Jan 18 18:05:23 2010.9663437) : Serivce ContentFilter has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 18:05:23 2010.9663437) : Collect for service ContentFilter returned 0-Size BLOBs
(Mon Jan 18 18:05:24 2010.9663625) : Serivce ContentIndex has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 18:05:24 2010.9663625) : Collect for service ContentIndex returned 0-Size BLOBs
(Mon Jan 18 18:06:13 2010.9713359) : Serivce ISAPISearch has a non MSDN compliant or invalid Linkage Key
(Mon Jan 18 18:06:13 2010.9713359) : Collect for service ISAPISearch returned 0-Size BLOBs
(Tue Jan 19 00:02:57 2010.31117421) : CAdapRegPerf::Dredge() failed: 80041001.


FrameWork.log

Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/18/2010 09:36:40.655 thread:1152 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/18/2010 14:47:48.859 thread:880 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Impersonation Failed Level(1) 01/18/2010 15:11:55.703 thread:2040 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/18/2010 15:44:47.078 thread:2648 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Impersonation Failed Level(1) 01/18/2010 16:47:09.812 thread:4056 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
Impersonation Failed Level(1) 01/19/2010 20:25:39.406 thread:4568 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/19/2010 22:11:01.468 thread:3732 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Impersonation Failed Level(1) 01/25/2010 15:26:11.531 thread:4840 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
Shell Name Explorer.exe in Registry not found in process list. 01/30/2010 16:21:22.453 thread:3864 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 01/30/2010 16:21:22.468 thread:3864 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Shell Name Explorer.exe in Registry not found in process list. 01/30/2010 17:08:46.640 thread:3660 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
Unable to locate Shell Process, Impersonation failed. 01/30/2010 17:08:46.640 thread:3660 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 02/22/2010 09:34:36.531 thread:4316 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 02/25/2010 10:54:04.859 thread:832 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 04/17/2010 13:09:59.515 thread:3636 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:12.781 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]
ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:13.156 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]
ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:13.515 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]
ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:59.625 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]

wmiprov.log
(Mon Jan 18 09:36:50 2010.606281) : WDM call returned error: 4200
(Mon Jan 18 09:44:09 2010.57625) : WDM call returned error: 4200
(Mon Jan 18 09:44:32 2010.81250) : Received Event
(Mon Jan 18 09:48:02 2010.290718) : WDM call returned error: 4200
(Mon Jan 18 09:50:49 2010.458250) : Impersonation failed - Access denied
(Mon Jan 18 10:11:32 2010.275234) : WDM call returned error: 4200
(Mon Jan 18 10:34:14 2010.257750) : WDM call returned error: 4200
(Mon Jan 18 12:54:12 2010.269531) : WDM call returned error: 4200
(Mon Jan 18 13:00:58 2010.270578) : WDM call returned error: 4200
(Mon Jan 18 13:38:34 2010.270359) : WDM call returned error: 4200
(Mon Jan 18 14:44:27 2010.275046) : WDM call returned error: 4200
(Mon Jan 18 14:49:51 2010.598968) : Impersonation failed - Access denied
(Mon Jan 18 15:08:58 2010.1746218) : WDM call returned error: 4200
(Mon Jan 18 15:09:00 2010.1748500) : Impersonation failed - Access denied
(Mon Jan 18 15:11:52 2010.1920406) : WDM call returned error: 4200
(Mon Jan 18 15:16:53 2010.2221546) : Impersonation failed - Access denied
(Mon Jan 18 15:20:40 2010.133593) : WDM call returned error: 4200
(Mon Jan 18 15:23:20 2010.293781) : WDM call returned error: 4200
(Mon Jan 18 15:26:01 2010.101265) : WDM call returned error: 4200
(Mon Jan 18 15:28:54 2010.274140) : WDM call returned error: 4200
(Mon Jan 18 15:31:23 2010.422671) : Impersonation failed - Access denied
(Mon Jan 18 16:47:01 2010.4960875) : WDM call returned error: 4200
(Mon Jan 18 16:52:13 2010.5272812) : Impersonation failed - Access denied
(Mon Jan 18 18:01:22 2010.9422390) : WDM call returned error: 4200
(Mon Jan 18 18:08:17 2010.9836890) : Impersonation failed - Access denied
(Mon Jan 18 23:59:21 2010.30900953) : WDM call returned error: 4200



The computer is
Shuttle FN25V10
Windows XP Pro 32 bit SP3
2GB DDR Ram
300GB Seagate ST3300631AS 9SATA0
500BG Western Digital WDC WD5001ABYS-01YANA0 (IDE)
Plextor VDR (SATA)
Envy24 Audio
NVIDIA nForce Ethernet


The Logs, in order are:

1) Hijack This
2) startuplist.txt (from Hijack this)
3) Uninstall List (from hijack this)
4) RSIT.exe Log
5) RSIT.exe info


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:12 AM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Documents and Settings\me.BLUE\My Documents\DOWNLOADS\System Tools\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.68.106.168:51630
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI6A65~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI6A65~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\me.BLUE\Application

Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI6A65~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007

Pro\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office

2007 Pro\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007

Pro\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\me.BLUE\Start

Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft

Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8513 bytes
---------------------------------------------------------------------------
STARTUP LIST From Hijack This

StartupList report, 4/18/2010, 10:55:47 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP3 (WinNT 5.01.2600)
Detected: Internet Explorer v8.00 (8.00.6001.18702)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Documents and Settings\me.BLUE\My Documents\DOWNLOADS\System Tools\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003Core.job
GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003UA.job

--------------------------------------------------

Enumerating Download Program Files:

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[DLM Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX
CODEBASE = http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
Protocol #1: C:\WINDOWS\system32\nvappfilter.dll
Protocol #2: C:\WINDOWS\system32\nvappfilter.dll
Protocol #3: C:\WINDOWS\system32\nvappfilter.dll
Protocol #4: C:\WINDOWS\system32\nvappfilter.dll
Protocol #5: C:\WINDOWS\system32\nvappfilter.dll
Protocol #6: C:\WINDOWS\system32\nvappfilter.dll
Protocol #7: C:\WINDOWS\system32\nvappfilter.dll
Protocol #8: C:\WINDOWS\system32\nvappfilter.dll
Protocol #9: C:\WINDOWS\system32\nvappfilter.dll
Protocol #10: C:\WINDOWS\system32\nvappfilter.dll
Protocol #11: C:\WINDOWS\system32\nvappfilter.dll
Protocol #12: C:\WINDOWS\system32\nvappfilter.dll
Protocol #13: C:\WINDOWS\system32\nvappfilter.dll
Protocol #27: C:\WINDOWS\system32\nvappfilter.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,532 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
-------------------------------------------------------------------------------------------------------------------------------------------
UNINSTALL LIST FROM Hijack This

µTorrent
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.3.2
AI RoboForm (All Users)
AIM 7
Allscoop RSS Submit Pro 1.0
Apple Application Support
Apple Software Update
Article Page Machine 1.0
Back Link Analyzer v2.0-cp
BlogBot
Bonjour
Burn4Free CD and DVD
Canon CanoScan Toolbox 4.6
CCleaner
CommentKahuna
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
Defraggler
DeskTube
DeskTube
Download Updater (AOL LLC)
Fast Directory Submitter 1.54
FileZilla Client 3.3.2.1
FreeMind
G-Mapper
GoodSync
Google Talk (remove only)
GSiteCrawler
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HTML-Kit
IBP 11.6
iTunes
Java(TM) 6 Update 19
LinkAssistant
Malwarebytes' Anti-Malware
Market Samurai
Market Samurai
Micro Niche Finder
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office Groove MUI (English) 2010 (Beta)
Microsoft Office InfoPath MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2010 (Beta)
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
Notepad++
NoteTab Light 6 (Remove only)
NSIS A Submitter
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Nvu 1.0PR
PressBot
RSS Submit v2.60
Screencaster Plug-in for FF
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SENuke
SEO Software Submitter Advanced Edition 1.0
SEO Software Submitter Standard Edition 1.0
ShareFire
ShareFire
Skype™ 4.1
SocialBot
Speccy
SubmitEaze
TinyUploads
TinyUploads
Traffic Travis 3.2.2
Uninstall HTML-Kit Plugins Generator
Unix Utilities for Yahoo! Widgets
Untapped Niche Explorer 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Web CEO 8.1
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-9B
Xenu's Link Sleuth
XMind
XPC Tools
XSitePro2
Xvid 1.2.2 final uninstall
Yahoo! Install Manager
Yahoo! Widgets
Yahoo! Widgets SDK

--------------------------------------------------------------------------------
RSIT LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by me at 2010-04-18 11:02:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 141 GB (49%) free of 286 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:01 AM, on 4/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Documents and Settings\me.BLUE\My Documents\DOWNLOADS\System Tools\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\me.BLUE\My Documents\111 Page One Business\LINKING\Backlink_Imacros\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\me.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.68.106.168:51630
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

RoboForm\roboform.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\me.BLUE\Application

Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin

-0.80.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI6A65~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office

2007 Pro\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program

Files\Microsoft Office 2007 Pro\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber

Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program

Files\Microsoft Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\me.BLUE\Start

Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft

Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program

Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\bin\nSvcLog.exe

--
End of file - 8526 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03

75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-03-22 6021696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

[2010-03-22 6021696]
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Documents and Settings\me.BLUE\Application

Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin

-0.80.dll [2009-10-07 106496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-03-22 160328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18

133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI6A65~1\Office14\GROOVEEX.DLL [2009-10-29 4150160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\aut

horizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program

Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin

Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google

Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office 2007

Pro\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
"C:\Program Files\Microsoft Office 2007 Pro\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007

Pro\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office 2007 Pro\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office 2007

Pro\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\autho

rizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-18 11:02:59 ----D---- C:\rsit
2010-04-18 10:46:58 ----D---- C:\Program Files\Trend Micro
2010-04-17 21:27:51 ----D---- C:\Program Files\Speccy
2010-04-17 21:26:11 ----D---- C:\Program Files\Defraggler
2010-04-17 21:18:38 ----D---- C:\Program Files\CCleaner
2010-04-17 13:30:02 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-04-17 13:01:40 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Help
2010-04-17 10:15:55 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Malwarebytes
2010-04-17 10:15:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-04-17 10:15:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-14 21:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 21:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 20:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 20:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 15:08:26 ----D---- C:\Program Files\Market Samurai
2010-04-14 03:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 03:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 17:58:09 ----D---- C:\Documents and Settings\me.BLUE\Application Data\FireShot
2010-04-11 16:41:28 ----D---- C:\Documents and Settings\me.BLUE\Application Data\NoteTab Light
2010-04-11 16:41:13 ----D---- C:\Program Files\NoteTab Light
2010-04-11 16:35:40 ----D---- C:\Program Files\Yahoo!
2010-04-06 20:32:29 ----D---- C:\Program Files\SEO PowerSuite
2010-04-05 09:22:43 ----D---- C:\Program Files\FreeMind
2010-04-04 23:47:01 ----D---- C:\Documents and Settings\me.BLUE\Application Data\XMind
2010-04-04 23:46:42 ----D---- C:\Program Files\XMind
2010-04-02 00:03:47 ----D---- C:\Program Files\Adobe Media Player
2010-04-01 18:23:16 ----D---- C:\Program Files\Back Link Analyzer v2.0-cp
2010-04-01 14:26:43 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
2010-04-01 14:26:38 ----D---- C:\Program Files\Acro Software
2010-04-01 14:25:47 ----D---- C:\Program Files\GPLGS
2010-04-01 09:59:51 ----D---- C:\Program Files\Common Files\Java
2010-04-01 09:59:33 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-01 09:59:33 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-01 09:59:33 ----A---- C:\WINDOWS\system32\java.exe
2010-04-01 09:59:10 ----D---- C:\Program Files\Java
2010-03-31 21:40:12 ----A---- C:\WINDOWS\system32\windriver32.ini
2010-03-31 21:09:09 ----D---- C:\Program Files\SubmitEaze
2010-03-31 17:21:10 ----D---- C:\6f4efbbd91b15a279abe39f84964c94b
2010-03-31 16:39:06 ----D---- C:\Program Files\G-Lock Software
2010-03-31 16:39:06 ----D---- C:\Documents and Settings\me.BLUE\Application Data\G-Lock Software
2010-03-30 22:08:27 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2010-03-30 21:34:59 ----D---- C:\Program Files\SEO Elite 4
2010-03-30 20:34:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Micro Niche Finder
2010-03-30 20:34:29 ----D---- C:\Program Files\Micro Niche Finder
2010-03-28 21:24:25 ----D---- C:\Program Files\Article Page Machine
2010-03-28 01:24:49 ----D---- C:\Documents and Settings\me.BLUE\Application

Data\TinyUploads.2A699E5A97771997CD97182AA374EFA7532A1C5B.1
2010-03-28 01:24:38 ----D---- C:\Program Files\TinyUploads
2010-03-27 22:53:39 ----D---- C:\Program Files\Untapped Niche Explorer
2010-03-25 16:04:15 ----D---- C:\Program Files\WebPosition 4
2010-03-25 12:46:38 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-03-24 23:34:12 ----D---- C:\Program Files\Chami
2010-03-24 22:50:50 ----D---- C:\Documents and Settings\me.BLUE\Application

Data\com.dz.DeskTube.DC1B0EDA241604E0F9349CA56BDAFF9C08B50063.1
2010-03-24 22:50:45 ----D---- C:\Program Files\DeskTube
2010-03-24 22:37:09 ----D---- C:\Documents and Settings\me.BLUE\Application

Data\XeMoviePlayer.A1ACC815BFD9399B3F8CE896621A0C9027CA5EE5.1
2010-03-24 22:34:57 ----D---- C:\Documents and Settings\me.BLUE\Application

Data\com.adobe.apprise.2BD88CDEE5F8CFD8010094AE9CF3F4C9C891A505.1
2010-03-24 22:34:42 ----D---- C:\Program Files\ShareFire

======List of files/folders modified in the last 1 months======

2010-04-18 10:47:10 ----D---- C:\WINDOWS\Prefetch
2010-04-18 10:46:58 ----D---- C:\Program Files
2010-04-18 10:36:56 ----D---- C:\WINDOWS\system32\drivers
2010-04-18 10:35:00 ----D---- C:\WINDOWS\Temp
2010-04-18 10:35:00 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-18 10:33:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-18 10:33:20 ----RD---- C:\Program Files\Skype
2010-04-18 10:33:18 ----SHD---- C:\WINDOWS\Installer
2010-04-18 10:31:43 ----D---- C:\WINDOWS\system32
2010-04-17 21:49:47 ----D---- C:\Documents and Settings\me.BLUE\Application Data\GoodSync
2010-04-17 21:35:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-17 21:35:29 ----HD---- C:\WINDOWS\inf
2010-04-17 21:32:20 ----D---- C:\WINDOWS\Minidump
2010-04-17 20:42:52 ----D---- C:\WINDOWS\security
2010-04-17 20:42:14 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Skype
2010-04-17 14:55:43 ----D---- C:\Documents and Settings\me.BLUE\Application Data\skypePM
2010-04-17 14:25:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-04-17 14:21:09 ----D---- C:\Program Files\RSS Submit
2010-04-17 14:20:49 ----D---- C:\Program Files\XSitePro2
2010-04-17 13:14:40 ----D---- C:\WINDOWS
2010-04-14 21:02:08 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 21:02:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 21:01:56 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-10 22:42:05 ----D---- C:\Documents and Settings\me.BLUE\Application Data\FileZilla
2010-04-09 21:34:10 ----SD---- C:\Documents and Settings\me.BLUE\Application Data\Microsoft
2010-04-09 21:33:32 ----D---- C:\Program Files\Power Article Rewriter
2010-04-09 21:32:00 ----RSD---- C:\WINDOWS\assembly
2010-04-09 21:31:45 ----SD---- C:\WINDOWS\Tasks
2010-04-09 16:46:12 ----D---- C:\Program Files\Traffic Travis v3
2010-04-09 16:37:43 ----D---- C:\Program Files\SENuke
2010-04-06 10:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 11:56:47 ----D---- C:\Documents and Settings\me.BLUE\Application Data\uTorrent
2010-04-02 21:45:04 ----D---- C:\Program Files\Mozilla Firefox
2010-04-01 10:57:15 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-01 09:59:51 ----D---- C:\Program Files\Common Files
2010-04-01 09:59:13 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-31 17:23:13 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-31 17:22:56 ----D---- C:\WINDOWS\system32\XPSViewer
2010-03-31 17:22:53 ----RSD---- C:\WINDOWS\Fonts
2010-03-31 17:20:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-31 17:20:04 ----D---- C:\WINDOWS\WinSxS
2010-03-31 09:09:35 ----D---- C:\Program Files\Internet Explorer
2010-03-28 15:41:11 ----D---- C:\Program Files\FileZilla FTP Client
2010-03-28 01:39:17 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Apple Computer
2010-03-27 22:50:25 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Adobe
2010-03-27 20:57:56 ----D---- C:\Documents and Settings\me.BLUE\Application Data\IBP
2010-03-25 17:45:04 ----D---- C:\My Web Sites
2010-03-25 13:35:55 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Canon
2010-03-25 12:46:46 ----D---- C:\Program Files\AIM
2010-03-22 10:37:45 ----D---- C:\Program Files\Siber Systems

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-01-13 97920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2005-02-23

584512]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-01-13

33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-01-13 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys

[2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys

[2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 glancedrv;glancedrv; C:\WINDOWS\system32\DRIVERS\glancedrv.sys [2009-05-13 34080]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;

C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program

Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-01-13 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA

Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26

335872]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

[2005-01-13 57409]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

[2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program

Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE [2009-10-29 30603640]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26

149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft

Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13

14336]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour

------------------------------------------------------------------------------
RSIT Info

info.txt logfile of random's system information tool 1.06 2010-04-18 11:03:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {3BEF9769-BA52-18F7-1D02-2362F6A27E38}
Adobe Media Player-->MsiExec.exe /I{3BEF9769-BA52-18F7-1D02-2362F6A27E38}
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 7-->C:\Program Files\AIM\uninst.exe
Allscoop RSS Submit Pro 1.0-->C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\Allscoop RSS Submit Pro\ss2uinst.dat"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Article Page Machine 1.0-->"C:\Program Files\Article Page Machine\unins000.exe"
Back Link Analyzer v2.0-cp-->C:\Program Files\Back Link Analyzer v2.0-cp\Uninstall.exe
BlogBot-->MsiExec.exe /I{1BB744F5-793A-4F94-A019-4EFD792370B8}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
Canon CanoScan Toolbox 4.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\Setup.exe" -l0x9 anything
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CommentKahuna-->MsiExec.exe /I{A2A81B39-5186-48CA-92C3-5C7978870BF4}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DeskTube-->msiexec /qb /x {C7FC5149-BFBD-2E39-67CE-08A37E2E7370}
DeskTube-->MsiExec.exe /I{C7FC5149-BFBD-2E39-67CE-08A37E2E7370}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Fast Directory Submitter 1.54-->"C:\Program Files\G-Lock Software\Fast Directory Submitter\unins000.exe"
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
G-Mapper-->MsiExec.exe /I{BE0CBDD5-7506-476E-983E-388ADAAA6006}
GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
GSiteCrawler-->C:\PROGRA~1\SOFTplus\GSITEC~1\UNWISE.EXE C:\PROGRA~1\SOFTplus\GSITEC~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
IBP 11.6-->"C:\Program Files\IBP 11\unins000.exe"
iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
LinkAssistant-->"C:\Program Files\SEO PowerSuite\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Market Samurai-->msiexec /qb /x {487175CB-2E22-3BC4-D534-0AA8666D02AE}
Market Samurai-->MsiExec.exe /I{487175CB-2E22-3BC4-D534-0AA8666D02AE}
Micro Niche Finder-->"C:\Program Files\Micro Niche Finder\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010 (Beta)-->MsiExec.exe /X{20140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NoteTab Light 6 (Remove only)-->"C:\Program Files\NoteTab Light\unins000.exe"
NSIS A Submitter-->"C:\Documents and Settings\me.BLUE\Application Data\Softlakecity\Automatic Article Submitter\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Nvu 1.0PR-->"C:\Program Files\Nvu\unins000.exe"
PressBot-->MsiExec.exe /I{90206544-8DAA-416E-8D78-A6A3352BC10B}
RSS Submit v2.60-->"C:\Program Files\RSS Submit\unins000.exe"
Screencaster Plug-in for FF-->MsiExec.exe /I{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SENuke-->"C:\Program Files\SENuke\unins000.exe"
SEO Software Submitter Advanced Edition 1.0-->C:\Program Files\EPractize Labs Software\SEO Software Submitter Advanced Edition 1.0\Uninstall.exe
SEO Software Submitter Standard Edition 1.0-->C:\Program Files\EPractize Labs Software\SEO Software Submitter Standard Edition 1.0\Uninstall.exe
ShareFire-->msiexec /qb /x {7D683F68-A92F-03D4-C164-9173EE4487A5}
ShareFire-->MsiExec.exe /I{7D683F68-A92F-03D4-C164-9173EE4487A5}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SocialBot-->MsiExec.exe /I{04179174-F3AC-4CE6-BBBE-83B46D5041CB}
Speccy-->"C:\Program Files\Speccy\uninst.exe"
SubmitEaze-->"C:\Program Files\SubmitEaze\Uninstall SubmitEaze.exe"
TinyUploads-->msiexec /qb /x {6A6CA8F6-53E8-144B-3C1B-29B07BE05E7C}
TinyUploads-->MsiExec.exe /I{6A6CA8F6-53E8-144B-3C1B-29B07BE05E7C}
Traffic Travis 3.2.2-->"C:\Program Files\Traffic Travis v3\unins000.exe"
Uninstall HTML-Kit Plugins Generator-->"C:\Program Files\Chami\HTML-Kit Plugins Generator\unins000.exe"
Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
Untapped Niche Explorer 1.0-->"C:\Program Files\Untapped Niche Explorer\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Web CEO 8.1-->"C:\Program Files\Web CEO\Uninstall\unins000.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.43-9B-->"C:\Program Files\WinHTTrack\unins000.exe"
Xenu's Link Sleuth-->C:\Program Files\Xenu\uninst.exe
XMind-->C:\Program Files\XMind\uninstall.exe
XPC Tools-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Shuttle\XPC Tools\Uninst.isu"
XSitePro2-->"C:\WINDOWS\XSitePro2 Uninstaller.exe"
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets SDK-->C:\PROGRA~1\Yahoo!\Widgets\YAHOO!~1\UNINST~1.EXE
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI6A65~1\Office14\URLREDIR.DLL [2010-04-18]
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI6A65~1\Office14\GROOVEEX.DLL [2010-04-18]

======Security center information======

AV: ESET Smart Security 4.0
FW: ESET Personal firewall

======System event log======

Computer Name: BLUE
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 1737
Source Name: Disk
Time Written: 20100219130142.000000-480
Event Type: warning
User:

Computer Name: BLUE
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 1736
Source Name: Ftdisk
Time Written: 20100219130142.000000-480
Event Type: warning
User:

Computer Name: BLUE
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 1735
Source Name: Disk
Time Written: 20100219130142.000000-480
Event Type: warning
User:

Computer Name: BLUE
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 1734
Source Name: Disk
Time Written: 20100219130142.000000-480
Event Type: warning
User:

Computer Name: BLUE
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 1733
Source Name: Disk
Time Written: 20100219130142.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: BLUE
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.1.3642, faulting module xul.dll, version 1.9.1.3642, fault address 0x0007a49b.

Record Number: 643
Source Name: Application Error
Time Written: 20100213234635.000000-480
Event Type: error
User:

Computer Name: BLUE
Event Code: 1000
Message: Faulting application market samurai.exe, version 0.0.0.0, faulting module adobe air.dll, version 1.5.3.9130, fault address 0x000f004f.

Record Number: 642
Source Name: Application Error
Time Written: 20100213212801.000000-480
Event Type: error
User:

Computer Name: BLUE
Event Code: 1000
Message: Faulting application skype.exe, version 4.1.0.179, faulting module unknown, version 0.0.0.0, fault address 0x0000000b.

Record Number: 640
Source Name: Application Error
Time Written: 20100213172530.000000-480
Event Type: error
User:

Computer Name: BLUE
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.1.3642, faulting module jvm.dll, version 16.0.0.13, fault address 0x000c7cf2.

Record Number: 639
Source Name: Application Error
Time Written: 20100213123015.000000-480
Event Type: error
User:

Computer Name: BLUE
Event Code: 1000
Message: Faulting application skype.exe, version 4.1.0.179, faulting module unknown, version 0.0.0.0, fault address 0x0000000b.

Record Number: 638
Source Name: Application Error
Time Written: 20100213101200.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%;%SystemRoot%\system32;%SystemRoot%\system32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SystemRoot"=C:\WINDOWS

-----------------EOF-----------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Top