1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is My Computer Being Hacked?

Discussion in 'Virus & Other Malware Removal' started by warner444, Apr 18, 2010.

Thread Status:
Not open for further replies.
  1. warner444

    warner444 Thread Starter

    Joined:
    Mar 3, 2008
    Messages:
    3
    Hi

    Will appreciate your knowledge and insight. I noticed my drive being accessed a lot. Way more then usual. I am going to put up some logs and info and maybe someone can tell me what else to look at.

    I see some logs that look very much like a continued attempt to access my drives
    after seeing Wbem running a lot Process Explorer. It looks like the dates are off but htis is fresh today so there must be some date error in the logging. These are fresh this AM.

    wmiprov.log

    (Mon Jan 18 09:48:08 2010.297093) : Serivce ContentFilter has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 09:48:08 2010.297093) : Collect for service ContentFilter returned 0-Size BLOBs
    (Mon Jan 18 09:48:08 2010.297250) : Serivce ContentIndex has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 09:48:08 2010.297250) : Collect for service ContentIndex returned 0-Size BLOBs
    (Mon Jan 18 09:48:18 2010.306984) : Serivce ISAPISearch has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 09:48:18 2010.306984) : Collect for service ISAPISearch returned 0-Size BLOBs
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 870 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 09:48:48 2010.337218) : Skipping Object of index 906 of service RemoteAccess because index does not belong to the range 2014 - 2052 assigned to the service by LodCtr
    (Mon Jan 18 18:05:02 2010.9642468) : Serivce .NET CLR Data has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 18:05:03 2010.9642656) : Collect for service .NET CLR Data returned 0-Size BLOBs
    (Mon Jan 18 18:05:23 2010.9663437) : Serivce ContentFilter has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 18:05:23 2010.9663437) : Collect for service ContentFilter returned 0-Size BLOBs
    (Mon Jan 18 18:05:24 2010.9663625) : Serivce ContentIndex has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 18:05:24 2010.9663625) : Collect for service ContentIndex returned 0-Size BLOBs
    (Mon Jan 18 18:06:13 2010.9713359) : Serivce ISAPISearch has a non MSDN compliant or invalid Linkage Key
    (Mon Jan 18 18:06:13 2010.9713359) : Collect for service ISAPISearch returned 0-Size BLOBs
    (Tue Jan 19 00:02:57 2010.31117421) : CAdapRegPerf::Dredge() failed: 80041001.


    FrameWork.log

    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/18/2010 09:36:40.655 thread:1152 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/18/2010 14:47:48.859 thread:880 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    Impersonation Failed Level(1) 01/18/2010 15:11:55.703 thread:2040 [d:\xpsprtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/18/2010 15:44:47.078 thread:2648 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    Impersonation Failed Level(1) 01/18/2010 16:47:09.812 thread:4056 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
    Impersonation Failed Level(1) 01/19/2010 20:25:39.406 thread:4568 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 01/19/2010 22:11:01.468 thread:3732 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    Impersonation Failed Level(1) 01/25/2010 15:26:11.531 thread:4840 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3878]
    Shell Name Explorer.exe in Registry not found in process list. 01/30/2010 16:21:22.453 thread:3864 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
    Unable to locate Shell Process, Impersonation failed. 01/30/2010 16:21:22.468 thread:3864 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
    Shell Name Explorer.exe in Registry not found in process list. 01/30/2010 17:08:46.640 thread:3660 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.959]
    Unable to locate Shell Process, Impersonation failed. 01/30/2010 17:08:46.640 thread:3660 [d:\xpsp\admin\wmi\wbem\providers\win32provider\common\implogonuser.cpp.971]
    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 02/22/2010 09:34:36.531 thread:4316 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 02/25/2010 10:54:04.859 thread:832 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    Login Warning - provider with that name already existed, overridden with latest provider login (root\cimv2:Win32_ComputerSystemWindowsProductActivationSetting) 04/17/2010 13:09:59.515 thread:3636 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.2252]
    ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:12.781 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]
    ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:13.156 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]
    ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:13.515 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]
    ERROR CInstance(Win32_TerminalService)::SetDWORD() FAILED! error# 80041002 04/17/2010 13:25:59.625 thread:1704 [d:\xpsp\admin\wmi\wbem\sdk\framedyn\instance.cpp.2440]

    wmiprov.log
    (Mon Jan 18 09:36:50 2010.606281) : WDM call returned error: 4200
    (Mon Jan 18 09:44:09 2010.57625) : WDM call returned error: 4200
    (Mon Jan 18 09:44:32 2010.81250) : Received Event
    (Mon Jan 18 09:48:02 2010.290718) : WDM call returned error: 4200
    (Mon Jan 18 09:50:49 2010.458250) : Impersonation failed - Access denied
    (Mon Jan 18 10:11:32 2010.275234) : WDM call returned error: 4200
    (Mon Jan 18 10:34:14 2010.257750) : WDM call returned error: 4200
    (Mon Jan 18 12:54:12 2010.269531) : WDM call returned error: 4200
    (Mon Jan 18 13:00:58 2010.270578) : WDM call returned error: 4200
    (Mon Jan 18 13:38:34 2010.270359) : WDM call returned error: 4200
    (Mon Jan 18 14:44:27 2010.275046) : WDM call returned error: 4200
    (Mon Jan 18 14:49:51 2010.598968) : Impersonation failed - Access denied
    (Mon Jan 18 15:08:58 2010.1746218) : WDM call returned error: 4200
    (Mon Jan 18 15:09:00 2010.1748500) : Impersonation failed - Access denied
    (Mon Jan 18 15:11:52 2010.1920406) : WDM call returned error: 4200
    (Mon Jan 18 15:16:53 2010.2221546) : Impersonation failed - Access denied
    (Mon Jan 18 15:20:40 2010.133593) : WDM call returned error: 4200
    (Mon Jan 18 15:23:20 2010.293781) : WDM call returned error: 4200
    (Mon Jan 18 15:26:01 2010.101265) : WDM call returned error: 4200
    (Mon Jan 18 15:28:54 2010.274140) : WDM call returned error: 4200
    (Mon Jan 18 15:31:23 2010.422671) : Impersonation failed - Access denied
    (Mon Jan 18 16:47:01 2010.4960875) : WDM call returned error: 4200
    (Mon Jan 18 16:52:13 2010.5272812) : Impersonation failed - Access denied
    (Mon Jan 18 18:01:22 2010.9422390) : WDM call returned error: 4200
    (Mon Jan 18 18:08:17 2010.9836890) : Impersonation failed - Access denied
    (Mon Jan 18 23:59:21 2010.30900953) : WDM call returned error: 4200



    The computer is
    Shuttle FN25V10
    Windows XP Pro 32 bit SP3
    2GB DDR Ram
    300GB Seagate ST3300631AS 9SATA0
    500BG Western Digital WDC WD5001ABYS-01YANA0 (IDE)
    Plextor VDR (SATA)
    Envy24 Audio
    NVIDIA nForce Ethernet


    The Logs, in order are:

    1) Hijack This
    2) startuplist.txt (from Hijack this)
    3) Uninstall List (from hijack this)
    4) RSIT.exe Log
    5) RSIT.exe info


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:47:12 AM, on 4/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Documents and Settings\me.BLUE\My Documents\DOWNLOADS\System Tools\procexp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.68.106.168:51630
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI6A65~1\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI6A65~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

    Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\me.BLUE\Application

    Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI6A65~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Se&nd to OneNote - res:///105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2007

    Pro\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office

    2007 Pro\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2007

    Pro\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

    Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\me.BLUE\Start

    Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

    http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft

    Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

    Files\Java\jre6\bin\jqs.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcLog.exe

    --
    End of file - 8513 bytes
    ---------------------------------------------------------------------------
    STARTUP LIST From Hijack This

    StartupList report, 4/18/2010, 10:55:47 AM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows XP SP3 (WinNT 5.01.2600)
    Detected: Internet Explorer v8.00 (8.00.6001.18702)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Documents and Settings\me.BLUE\My Documents\DOWNLOADS\System Tools\procexp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    egui = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - {724d43a9-0d85-11d4-9908-00400523e39a}
    (no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    AppleSoftwareUpdate.job
    GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003Core.job
    GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003UA.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Installation Support]
    InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

    [DLM Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX
    CODEBASE = http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

    [WUWebControl Class]
    InProcServer32 = C:\WINDOWS\system32\wuweb.dll
    CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765

    [{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll
    Protocol #1: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #2: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #3: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #4: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #5: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #6: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #7: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #8: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #9: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #10: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #11: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #12: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #13: C:\WINDOWS\system32\nvappfilter.dll
    Protocol #27: C:\WINDOWS\system32\nvappfilter.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 6,532 bytes
    Report generated in 0.047 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
    -------------------------------------------------------------------------------------------------------------------------------------------
    UNINSTALL LIST FROM Hijack This

    µTorrent
    7-Zip 4.65
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Media Player
    Adobe Reader 9.3.2
    AI RoboForm (All Users)
    AIM 7
    Allscoop RSS Submit Pro 1.0
    Apple Application Support
    Apple Software Update
    Article Page Machine 1.0
    Back Link Analyzer v2.0-cp
    BlogBot
    Bonjour
    Burn4Free CD and DVD
    Canon CanoScan Toolbox 4.6
    CCleaner
    CommentKahuna
    Compatibility Pack for the 2007 Office system
    CutePDF Writer 2.8
    Defraggler
    DeskTube
    DeskTube
    Download Updater (AOL LLC)
    Fast Directory Submitter 1.54
    FileZilla Client 3.3.2.1
    FreeMind
    G-Mapper
    GoodSync
    Google Talk (remove only)
    GSiteCrawler
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    HTML-Kit
    IBP 11.6
    iTunes
    Java(TM) 6 Update 19
    LinkAssistant
    Malwarebytes' Anti-Malware
    Market Samurai
    Market Samurai
    Micro Niche Finder
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office Access MUI (English) 2010 (Beta)
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
    Microsoft Office Excel MUI (English) 2010 (Beta)
    Microsoft Office Groove MUI (English) 2010 (Beta)
    Microsoft Office InfoPath MUI (English) 2010 (Beta)
    Microsoft Office OneNote MUI (English) 2010 (Beta)
    Microsoft Office Outlook MUI (English) 2010 (Beta)
    Microsoft Office PowerPoint MUI (English) 2010 (Beta)
    Microsoft Office Professional Plus 2010
    Microsoft Office Professional Plus 2010 (Beta)
    Microsoft Office Proof (English) 2010 (Beta)
    Microsoft Office Proof (French) 2010 (Beta)
    Microsoft Office Proof (Spanish) 2010 (Beta)
    Microsoft Office Proofing (English) 2010 (Beta)
    Microsoft Office Publisher MUI (English) 2010 (Beta)
    Microsoft Office Shared MUI (English) 2010 (Beta)
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    Microsoft Office Word MUI (English) 2010 (Beta)
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.6.3)
    Notepad++
    NoteTab Light 6 (Remove only)
    NSIS A Submitter
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    Nvu 1.0PR
    PressBot
    RSS Submit v2.60
    Screencaster Plug-in for FF
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    SENuke
    SEO Software Submitter Advanced Edition 1.0
    SEO Software Submitter Standard Edition 1.0
    ShareFire
    ShareFire
    Skype™ 4.1
    SocialBot
    Speccy
    SubmitEaze
    TinyUploads
    TinyUploads
    Traffic Travis 3.2.2
    Uninstall HTML-Kit Plugins Generator
    Unix Utilities for Yahoo! Widgets
    Untapped Niche Explorer 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Web CEO 8.1
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinHTTrack Website Copier 3.43-9B
    Xenu's Link Sleuth
    XMind
    XPC Tools
    XSitePro2
    Xvid 1.2.2 final uninstall
    Yahoo! Install Manager
    Yahoo! Widgets
    Yahoo! Widgets SDK

    --------------------------------------------------------------------------------
    RSIT LOG

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by me at 2010-04-18 11:02:59
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 141 GB (49%) free of 286 GB
    Total RAM: 2047 MB (71% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:03:01 AM, on 4/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Documents and Settings\me.BLUE\My Documents\DOWNLOADS\System Tools\procexp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\me.BLUE\My Documents\111 Page One Business\LINKING\Backlink_Imacros\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\me.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 68.68.106.168:51630
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

    RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

    Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI

    RoboForm\roboform.dll
    O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\me.BLUE\Application

    Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin

    -0.80.dll
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI6A65~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Se&nd to OneNote - res:///105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office

    2007 Pro\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program

    Files\Microsoft Office 2007 Pro\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber

    Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI

    RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

    Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

    Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program

    Files\Microsoft Office 2007 Pro\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\me.BLUE\Start

    Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -

    http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263849381765
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft

    Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program

    Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

    Files\Java\jre6\bin\jqs.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\bin\nSvcLog.exe

    --
    End of file - 8526 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003Core.job
    C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-562591055-682003330-1003UA.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03

    75200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
    C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2010-03-22 6021696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-01 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

    Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-01 79648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

    [2010-03-22 6021696]
    {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - FireShot - C:\Documents and Settings\me.BLUE\Application

    Data\Mozilla\Firefox\Profiles\xeb1ptdc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin

    -0.80.dll [2009-10-07 106496]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
    "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2010-03-22 160328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18

    133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI6A65~1\Office14\GROOVEEX.DLL [2009-10-29 4150160]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\aut

    horizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program

    Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

    Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin

    Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
    "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google

    Talk\googletalk.exe:*:Enabled:Google Talk"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE"="C:\Program Files\Microsoft Office 2007

    Pro\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace"
    "C:\Program Files\Microsoft Office 2007 Pro\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office 2007

    Pro\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\Microsoft Office 2007 Pro\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office 2007

    Pro\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\autho

    rizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

    Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2010-04-18 11:02:59 ----D---- C:\rsit
    2010-04-18 10:46:58 ----D---- C:\Program Files\Trend Micro
    2010-04-17 21:27:51 ----D---- C:\Program Files\Speccy
    2010-04-17 21:26:11 ----D---- C:\Program Files\Defraggler
    2010-04-17 21:18:38 ----D---- C:\Program Files\CCleaner
    2010-04-17 13:30:02 ----HD---- C:\WINDOWS\system32\GroupPolicy
    2010-04-17 13:01:40 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Help
    2010-04-17 10:15:55 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Malwarebytes
    2010-04-17 10:15:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2010-04-17 10:15:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-04-14 21:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
    2010-04-14 21:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
    2010-04-14 20:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
    2010-04-14 20:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
    2010-04-14 15:08:26 ----D---- C:\Program Files\Market Samurai
    2010-04-14 03:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
    2010-04-14 03:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
    2010-04-13 17:58:09 ----D---- C:\Documents and Settings\me.BLUE\Application Data\FireShot
    2010-04-11 16:41:28 ----D---- C:\Documents and Settings\me.BLUE\Application Data\NoteTab Light
    2010-04-11 16:41:13 ----D---- C:\Program Files\NoteTab Light
    2010-04-11 16:35:40 ----D---- C:\Program Files\Yahoo!
    2010-04-06 20:32:29 ----D---- C:\Program Files\SEO PowerSuite
    2010-04-05 09:22:43 ----D---- C:\Program Files\FreeMind
    2010-04-04 23:47:01 ----D---- C:\Documents and Settings\me.BLUE\Application Data\XMind
    2010-04-04 23:46:42 ----D---- C:\Program Files\XMind
    2010-04-02 00:03:47 ----D---- C:\Program Files\Adobe Media Player
    2010-04-01 18:23:16 ----D---- C:\Program Files\Back Link Analyzer v2.0-cp
    2010-04-01 14:26:43 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
    2010-04-01 14:26:38 ----D---- C:\Program Files\Acro Software
    2010-04-01 14:25:47 ----D---- C:\Program Files\GPLGS
    2010-04-01 09:59:51 ----D---- C:\Program Files\Common Files\Java
    2010-04-01 09:59:33 ----A---- C:\WINDOWS\system32\javaws.exe
    2010-04-01 09:59:33 ----A---- C:\WINDOWS\system32\javaw.exe
    2010-04-01 09:59:33 ----A---- C:\WINDOWS\system32\java.exe
    2010-04-01 09:59:10 ----D---- C:\Program Files\Java
    2010-03-31 21:40:12 ----A---- C:\WINDOWS\system32\windriver32.ini
    2010-03-31 21:09:09 ----D---- C:\Program Files\SubmitEaze
    2010-03-31 17:21:10 ----D---- C:\6f4efbbd91b15a279abe39f84964c94b
    2010-03-31 16:39:06 ----D---- C:\Program Files\G-Lock Software
    2010-03-31 16:39:06 ----D---- C:\Documents and Settings\me.BLUE\Application Data\G-Lock Software
    2010-03-30 22:08:27 ----A---- C:\WINDOWS\system32\BASSMOD.dll
    2010-03-30 21:34:59 ----D---- C:\Program Files\SEO Elite 4
    2010-03-30 20:34:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Micro Niche Finder
    2010-03-30 20:34:29 ----D---- C:\Program Files\Micro Niche Finder
    2010-03-28 21:24:25 ----D---- C:\Program Files\Article Page Machine
    2010-03-28 01:24:49 ----D---- C:\Documents and Settings\me.BLUE\Application

    Data\TinyUploads.2A699E5A97771997CD97182AA374EFA7532A1C5B.1
    2010-03-28 01:24:38 ----D---- C:\Program Files\TinyUploads
    2010-03-27 22:53:39 ----D---- C:\Program Files\Untapped Niche Explorer
    2010-03-25 16:04:15 ----D---- C:\Program Files\WebPosition 4
    2010-03-25 12:46:38 ----D---- C:\Program Files\Common Files\Software Update Utility
    2010-03-24 23:34:12 ----D---- C:\Program Files\Chami
    2010-03-24 22:50:50 ----D---- C:\Documents and Settings\me.BLUE\Application

    Data\com.dz.DeskTube.DC1B0EDA241604E0F9349CA56BDAFF9C08B50063.1
    2010-03-24 22:50:45 ----D---- C:\Program Files\DeskTube
    2010-03-24 22:37:09 ----D---- C:\Documents and Settings\me.BLUE\Application

    Data\XeMoviePlayer.A1ACC815BFD9399B3F8CE896621A0C9027CA5EE5.1
    2010-03-24 22:34:57 ----D---- C:\Documents and Settings\me.BLUE\Application

    Data\com.adobe.apprise.2BD88CDEE5F8CFD8010094AE9CF3F4C9C891A505.1
    2010-03-24 22:34:42 ----D---- C:\Program Files\ShareFire

    ======List of files/folders modified in the last 1 months======

    2010-04-18 10:47:10 ----D---- C:\WINDOWS\Prefetch
    2010-04-18 10:46:58 ----D---- C:\Program Files
    2010-04-18 10:36:56 ----D---- C:\WINDOWS\system32\drivers
    2010-04-18 10:35:00 ----D---- C:\WINDOWS\Temp
    2010-04-18 10:35:00 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-04-18 10:33:56 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-04-18 10:33:20 ----RD---- C:\Program Files\Skype
    2010-04-18 10:33:18 ----SHD---- C:\WINDOWS\Installer
    2010-04-18 10:31:43 ----D---- C:\WINDOWS\system32
    2010-04-17 21:49:47 ----D---- C:\Documents and Settings\me.BLUE\Application Data\GoodSync
    2010-04-17 21:35:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-04-17 21:35:29 ----HD---- C:\WINDOWS\inf
    2010-04-17 21:32:20 ----D---- C:\WINDOWS\Minidump
    2010-04-17 20:42:52 ----D---- C:\WINDOWS\security
    2010-04-17 20:42:14 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Skype
    2010-04-17 14:55:43 ----D---- C:\Documents and Settings\me.BLUE\Application Data\skypePM
    2010-04-17 14:25:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
    2010-04-17 14:21:09 ----D---- C:\Program Files\RSS Submit
    2010-04-17 14:20:49 ----D---- C:\Program Files\XSitePro2
    2010-04-17 13:14:40 ----D---- C:\WINDOWS
    2010-04-14 21:02:08 ----A---- C:\WINDOWS\imsins.BAK
    2010-04-14 21:02:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-04-14 21:01:56 ----HD---- C:\WINDOWS\$hf_mig$
    2010-04-10 22:42:05 ----D---- C:\Documents and Settings\me.BLUE\Application Data\FileZilla
    2010-04-09 21:34:10 ----SD---- C:\Documents and Settings\me.BLUE\Application Data\Microsoft
    2010-04-09 21:33:32 ----D---- C:\Program Files\Power Article Rewriter
    2010-04-09 21:32:00 ----RSD---- C:\WINDOWS\assembly
    2010-04-09 21:31:45 ----SD---- C:\WINDOWS\Tasks
    2010-04-09 16:46:12 ----D---- C:\Program Files\Traffic Travis v3
    2010-04-09 16:37:43 ----D---- C:\Program Files\SENuke
    2010-04-06 10:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-04-05 11:56:47 ----D---- C:\Documents and Settings\me.BLUE\Application Data\uTorrent
    2010-04-02 21:45:04 ----D---- C:\Program Files\Mozilla Firefox
    2010-04-01 10:57:15 ----D---- C:\WINDOWS\Microsoft.NET
    2010-04-01 09:59:51 ----D---- C:\Program Files\Common Files
    2010-04-01 09:59:13 ----A---- C:\WINDOWS\system32\deploytk.dll
    2010-03-31 17:23:13 ----D---- C:\WINDOWS\system32\CatRoot
    2010-03-31 17:22:56 ----D---- C:\WINDOWS\system32\XPSViewer
    2010-03-31 17:22:53 ----RSD---- C:\WINDOWS\Fonts
    2010-03-31 17:20:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-03-31 17:20:04 ----D---- C:\WINDOWS\WinSxS
    2010-03-31 09:09:35 ----D---- C:\Program Files\Internet Explorer
    2010-03-28 15:41:11 ----D---- C:\Program Files\FileZilla FTP Client
    2010-03-28 01:39:17 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Apple Computer
    2010-03-27 22:50:25 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Adobe
    2010-03-27 20:57:56 ----D---- C:\Documents and Settings\me.BLUE\Application Data\IBP
    2010-03-25 17:45:04 ----D---- C:\My Web Sites
    2010-03-25 13:35:55 ----D---- C:\Documents and Settings\me.BLUE\Application Data\Canon
    2010-03-25 12:46:46 ----D---- C:\Program Files\AIM
    2010-03-22 10:37:45 ----D---- C:\Program Files\Siber Systems

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
    R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
    R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-01-13 97920]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

    C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
    R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2005-02-23

    584512]
    R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-01-13

    33408]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-01-13 12928]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys

    [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys

    [2008-04-13 17152]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 glancedrv;glancedrv; C:\WINDOWS\system32\DRIVERS\glancedrv.sys [2009-05-13 34080]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;

    C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

    C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
    R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program

    Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-01-13 139264]
    R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA

    Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-01 153376]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26

    335872]
    R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    [2005-01-13 57409]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

    [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

    C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

    Foundation\infocard.exe [2008-07-29 881664]
    S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program

    Files\Microsoft Office 2007 Pro\Office14\GROOVE.EXE [2009-10-29 30603640]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26

    149336]
    S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft

    Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

    Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13

    14336]
    S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour

    ------------------------------------------------------------------------------
    RSIT Info

    info.txt logfile of random's system information tool 1.06 2010-04-18 11:03:03

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Media Player-->msiexec /qb /x {3BEF9769-BA52-18F7-1D02-2362F6A27E38}
    Adobe Media Player-->MsiExec.exe /I{3BEF9769-BA52-18F7-1D02-2362F6A27E38}
    Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
    AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
    AIM 7-->C:\Program Files\AIM\uninst.exe
    Allscoop RSS Submit Pro 1.0-->C:\WINDOWS\system32\ss2uinst.exe "C:\Program Files\Allscoop RSS Submit Pro\ss2uinst.dat"
    Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Article Page Machine 1.0-->"C:\Program Files\Article Page Machine\unins000.exe"
    Back Link Analyzer v2.0-cp-->C:\Program Files\Back Link Analyzer v2.0-cp\Uninstall.exe
    BlogBot-->MsiExec.exe /I{1BB744F5-793A-4F94-A019-4EFD792370B8}
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Burn4Free CD and DVD-->"C:\Program Files\Burn4Free\uninstall.exe"
    Canon CanoScan Toolbox 4.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\Setup.exe" -l0x9 anything
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    CommentKahuna-->MsiExec.exe /I{A2A81B39-5186-48CA-92C3-5C7978870BF4}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    CutePDF Writer 2.8-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
    Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
    DeskTube-->msiexec /qb /x {C7FC5149-BFBD-2E39-67CE-08A37E2E7370}
    DeskTube-->MsiExec.exe /I{C7FC5149-BFBD-2E39-67CE-08A37E2E7370}
    Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
    Fast Directory Submitter 1.54-->"C:\Program Files\G-Lock Software\Fast Directory Submitter\unins000.exe"
    FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    FreeMind-->"C:\Program Files\FreeMind\unins000.exe"
    G-Mapper-->MsiExec.exe /I{BE0CBDD5-7506-476E-983E-388ADAAA6006}
    GoodSync-->"C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
    Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
    GSiteCrawler-->C:\PROGRA~1\SOFTplus\GSITEC~1\UNWISE.EXE C:\PROGRA~1\SOFTplus\GSITEC~1\INSTALL.LOG
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
    HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
    IBP 11.6-->"C:\Program Files\IBP 11\unins000.exe"
    iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}
    Java(TM) 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}
    LinkAssistant-->"C:\Program Files\SEO PowerSuite\Uninstall.exe"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Market Samurai-->msiexec /qb /x {487175CB-2E22-3BC4-D534-0AA8666D02AE}
    Market Samurai-->MsiExec.exe /I{487175CB-2E22-3BC4-D534-0AA8666D02AE}
    Micro Niche Finder-->"C:\Program Files\Micro Niche Finder\unins000.exe"
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Groove MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00BA-0409-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0044-0409-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2010 (Beta)-->MsiExec.exe /X{20140000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0409-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NoteTab Light 6 (Remove only)-->"C:\Program Files\NoteTab Light\unins000.exe"
    NSIS A Submitter-->"C:\Documents and Settings\me.BLUE\Application Data\Softlakecity\Automatic Article Submitter\uninstall.exe"
    NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
    NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
    Nvu 1.0PR-->"C:\Program Files\Nvu\unins000.exe"
    PressBot-->MsiExec.exe /I{90206544-8DAA-416E-8D78-A6A3352BC10B}
    RSS Submit v2.60-->"C:\Program Files\RSS Submit\unins000.exe"
    Screencaster Plug-in for FF-->MsiExec.exe /I{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}
    Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977165-v2)-->"C:\WINDOWS\$NtUninstallKB977165-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
    SENuke-->"C:\Program Files\SENuke\unins000.exe"
    SEO Software Submitter Advanced Edition 1.0-->C:\Program Files\EPractize Labs Software\SEO Software Submitter Advanced Edition 1.0\Uninstall.exe
    SEO Software Submitter Standard Edition 1.0-->C:\Program Files\EPractize Labs Software\SEO Software Submitter Standard Edition 1.0\Uninstall.exe
    ShareFire-->msiexec /qb /x {7D683F68-A92F-03D4-C164-9173EE4487A5}
    ShareFire-->MsiExec.exe /I{7D683F68-A92F-03D4-C164-9173EE4487A5}
    Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    SocialBot-->MsiExec.exe /I{04179174-F3AC-4CE6-BBBE-83B46D5041CB}
    Speccy-->"C:\Program Files\Speccy\uninst.exe"
    SubmitEaze-->"C:\Program Files\SubmitEaze\Uninstall SubmitEaze.exe"
    TinyUploads-->msiexec /qb /x {6A6CA8F6-53E8-144B-3C1B-29B07BE05E7C}
    TinyUploads-->MsiExec.exe /I{6A6CA8F6-53E8-144B-3C1B-29B07BE05E7C}
    Traffic Travis 3.2.2-->"C:\Program Files\Traffic Travis v3\unins000.exe"
    Uninstall HTML-Kit Plugins Generator-->"C:\Program Files\Chami\HTML-Kit Plugins Generator\unins000.exe"
    Unix Utilities for Yahoo! Widgets-->C:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
    Untapped Niche Explorer 1.0-->"C:\Program Files\Untapped Niche Explorer\unins000.exe"
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
    Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
    Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Web CEO 8.1-->"C:\Program Files\Web CEO\Uninstall\unins000.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinHTTrack Website Copier 3.43-9B-->"C:\Program Files\WinHTTrack\unins000.exe"
    Xenu's Link Sleuth-->C:\Program Files\Xenu\uninst.exe
    XMind-->C:\Program Files\XMind\uninstall.exe
    XPC Tools-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Shuttle\XPC Tools\Uninst.isu"
    XSitePro2-->"C:\WINDOWS\XSitePro2 Uninstaller.exe"
    Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Widgets SDK-->C:\PROGRA~1\Yahoo!\Widgets\YAHOO!~1\UNINST~1.EXE
    Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

    =====HijackThis Backups=====

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI6A65~1\Office14\URLREDIR.DLL [2010-04-18]
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI6A65~1\Office14\GROOVEEX.DLL [2010-04-18]

    ======Security center information======

    AV: ESET Smart Security 4.0
    FW: ESET Personal firewall

    ======System event log======

    Computer Name: BLUE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

    Record Number: 1737
    Source Name: Disk
    Time Written: 20100219130142.000000-480
    Event Type: warning
    User:

    Computer Name: BLUE
    Event Code: 57
    Message: The system failed to flush data to the transaction log. Corruption may occur.

    Record Number: 1736
    Source Name: Ftdisk
    Time Written: 20100219130142.000000-480
    Event Type: warning
    User:

    Computer Name: BLUE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

    Record Number: 1735
    Source Name: Disk
    Time Written: 20100219130142.000000-480
    Event Type: warning
    User:

    Computer Name: BLUE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

    Record Number: 1734
    Source Name: Disk
    Time Written: 20100219130142.000000-480
    Event Type: warning
    User:

    Computer Name: BLUE
    Event Code: 51
    Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

    Record Number: 1733
    Source Name: Disk
    Time Written: 20100219130142.000000-480
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: BLUE
    Event Code: 1000
    Message: Faulting application firefox.exe, version 1.9.1.3642, faulting module xul.dll, version 1.9.1.3642, fault address 0x0007a49b.

    Record Number: 643
    Source Name: Application Error
    Time Written: 20100213234635.000000-480
    Event Type: error
    User:

    Computer Name: BLUE
    Event Code: 1000
    Message: Faulting application market samurai.exe, version 0.0.0.0, faulting module adobe air.dll, version 1.5.3.9130, fault address 0x000f004f.

    Record Number: 642
    Source Name: Application Error
    Time Written: 20100213212801.000000-480
    Event Type: error
    User:

    Computer Name: BLUE
    Event Code: 1000
    Message: Faulting application skype.exe, version 4.1.0.179, faulting module unknown, version 0.0.0.0, fault address 0x0000000b.

    Record Number: 640
    Source Name: Application Error
    Time Written: 20100213172530.000000-480
    Event Type: error
    User:

    Computer Name: BLUE
    Event Code: 1000
    Message: Faulting application firefox.exe, version 1.9.1.3642, faulting module jvm.dll, version 16.0.0.13, fault address 0x000c7cf2.

    Record Number: 639
    Source Name: Application Error
    Time Written: 20100213123015.000000-480
    Event Type: error
    User:

    Computer Name: BLUE
    Event Code: 1000
    Message: Faulting application skype.exe, version 4.1.0.179, faulting module unknown, version 0.0.0.0, fault address 0x0000000b.

    Record Number: 638
    Source Name: Application Error
    Time Written: 20100213101200.000000-480
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%;%SystemRoot%\system32;%SystemRoot%\system32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=1f00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SystemRoot"=C:\WINDOWS

    -----------------EOF-----------------
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/917704

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice