Active Slow machine - Freeze ups

crunchie · 2010/10/30

Download and run Winsockfix from here http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

Have you tried resetting your modem/router?

wrathall · 2010/10/31

Ran winsock fix. Starting to see some improvements, Firefox still slow starting but nowhere near as slow as it was. My email just sent out another email by itself.

You're getting there!!!

Thank you

(just tried posting and was trying to redirect again)

crunchie · 2010/10/31

Download [color= "blue"]random's system information tool (RSIT)[/color] by [color= "#6600cc"]random/random[/color] from >>[color= "red"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.

Click Continue at the disclaimer screen.

Your firewall may alert you that RSIT is requesting Internet access. Please allow it.

Once it has finished, two logs will open: log.txt[color= "red"]<-- this will be maximized[/color] and info.txt[color= "red"]<-- this will be minimized[/color].

wrathall · 2010/11/01

Logfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-11-01 08:47:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 347 GB (73%) free of 477 GB
Total RAM: 502 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:17 AM, on 11/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Safety Minder BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.48\coIEPlg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1072873752953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219257687734
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Update Service (gupdate1ca24fdf82ceca0) (gupdate1ca24fdf82ceca0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LOXPZYMQO - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\LOXPZYMQO.exe (file missing)
O23 - Service: MGMIHS - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\MGMIHS.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: Norton Online (NOF) - Symantec Corporation - C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - c:\windows\softwaredistribution\download\install\STacSV.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XLBTEKWV - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\XLBTEKWV.exe (file missing)

--
End of file - 8170 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{EFBC97A8-1A51-4A9C-85AB-79E29AAD98E3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL [2010-05-13 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8E07826-0971-4f16-B133-047B88034E89}]
Norton Safety Minder - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.0.0.48\coIEPlg.dll [2010-05-25 422768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-03 396144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"SunJavaUpdateSched "=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM "=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=
scecli

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=323
"NoDriveAutoRun "=67108863
"NoDrives "=0
"NoRecentDocsNetHood "=1
"MaxRecentDocs "=5

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting "=1
"NoDriveAutoRun "=67108863
"NoDriveTypeAutoRun "=323
"NoDrives "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe "= "C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:*:Enabled:mysqld-nt.exe 5.0.38 "
"C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe "= "C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe:*:Enabled:SimplyConnectionManager.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe "= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe "= "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice "
"C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe "= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "

======List of files/folders created in the last 1 months======

2010-11-01 08:47:55 ----D---- C:\rsit
2010-10-31 09:39:24 ----A---- C:\WINDOWS\resetlog.txt
2010-10-29 08:57:48 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2010-10-27 11:17:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-10-27 08:29:54 ----A---- C:\TDSSKiller.2.4.5.1_27.10.2010_08.29.54_log.txt
2010-10-19 07:27:15 ----SHD---- C:\RECYCLER
2010-10-18 08:32:59 ----A---- C:\ComboFix.txt
2010-10-18 08:04:42 ----A---- C:\WINDOWS\zip.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\SWSC.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\SWREG.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\sed.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\PEV.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\NIRCMD.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\MBR.exe
2010-10-18 08:04:42 ----A---- C:\WINDOWS\grep.exe
2010-10-15 08:18:55 ----D---- C:\WINDOWS\system32\drivers\NIS
2010-10-15 08:18:25 ----D---- C:\Program Files\Norton Internet Security
2010-10-13 08:03:02 ----D---- C:\Program Files\ESET
2010-10-12 23:20:07 ----D---- C:\Documents and Settings\Owner\Application Data\OpenCandy
2010-10-12 23:20:03 ----D---- C:\Program Files\SIW
2010-10-04 20:44:28 ----D---- C:\Program Files\Common Files\Java
2010-10-04 20:43:58 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-04 20:43:58 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-04 20:43:58 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-11-01 08:48:17 ----D---- C:\Program Files\Trend Micro
2010-11-01 08:47:57 ----D---- C:\WINDOWS\Prefetch
2010-11-01 08:47:46 ----D---- C:\WINDOWS\temp
2010-11-01 05:41:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-10-31 20:33:00 ----D---- C:\Program Files\Mozilla Firefox
2010-10-31 10:11:26 ----SHD---- C:\System Volume Information
2010-10-31 10:11:15 ----SD---- C:\WINDOWS\Tasks
2010-10-31 09:39:30 ----D---- C:\WINDOWS\system32\drivers\etc
2010-10-31 09:39:24 ----D---- C:\WINDOWS
2010-10-30 21:00:14 ----D---- C:\Program Files\LimeWire
2010-10-30 14:45:13 ----D---- C:\WINDOWS\system32
2010-10-30 12:02:06 ----D---- C:\WINDOWS\system32\drivers
2010-10-27 11:33:05 ----RD---- C:\WINDOWS\Web
2010-10-27 11:33:05 ----RD---- C:\Program Files
2010-10-27 11:31:44 ----SHD---- C:\WINDOWS\Installer
2010-10-27 11:31:44 ----D---- C:\Config.Msi
2010-10-27 11:19:32 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2010-10-27 11:18:17 ----D---- C:\WINDOWS\system32\CatRoot
2010-10-26 17:58:22 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-24 09:29:31 ----A---- C:\WINDOWS\ODBC.INI
2010-10-19 19:34:58 ----D---- C:\WINDOWS\Debug
2010-10-19 19:20:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-18 08:33:11 ----D---- C:\Qoobox
2010-10-18 08:24:44 ----A---- C:\WINDOWS\system.ini
2010-10-18 08:17:16 ----D---- C:\WINDOWS\AppPatch
2010-10-18 08:17:10 ----D---- C:\Program Files\Common Files
2010-10-15 13:00:52 ----D---- C:\Program Files\NortonInstaller
2010-10-15 11:21:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-10-15 08:22:44 ----D---- C:\Program Files\Symantec
2010-10-15 08:22:43 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2010-10-15 08:18:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-10-13 08:03:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-10-11 08:06:44 ----D---- C:\Program Files\Common Files\Adobe
2010-10-11 08:06:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-10-06 19:28:18 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-10-04 20:43:51 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2009-06-04 330264]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-08-29 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS [2010-05-06 361904]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101028.001\IDSxpx86.sys []
R3 MRVW245;Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x); C:\WINDOWS\system32\DRIVERS\MRVW245.sys [2006-11-27 499328]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101031.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101031.002\NAVEX15.SYS []
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2009-08-21 6144]
R3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-11-03 36484]
R3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2005-03-15 21248]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS [2010-04-21 325680]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-04-10 1271032]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S2 RPSKT;Security Services Driver (x86); C:\WINDOWS\system32\DRIVERS\rp_skt32.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-05 241296]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-25 47360]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder; C:\WINDOWS\System32\Drivers\NSM\0200000.030\SymRdr.SYS [2010-05-10 180912]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-02-28 69632]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 NOF;Norton Online; C:\Program Files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe [2010-05-23 126904]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager; C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe [2008-09-19 16680]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1ca24fdf82ceca0;Google Update Service (gupdate1ca24fdf82ceca0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-24 133104]
S2 STacSV;Audio Service; c:\windows\softwaredistribution\download\install\STacSV.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LOXPZYMQO;LOXPZYMQO; C:\DOCUME~1\Owner\LOCALS~1\Temp\LOXPZYMQO.exe []
S3 MGMIHS;MGMIHS; C:\DOCUME~1\Owner\LOCALS~1\Temp\MGMIHS.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 XLBTEKWV;XLBTEKWV; C:\DOCUME~1\Owner\LOCALS~1\Temp\XLBTEKWV.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

wrathall · 2010/11/01

info.txt logfile of random's system information tool 1.08 2010-11-01 08:48:28

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent--> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player 11.5--> "C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe "
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CDA437D-FB09-4E7D-932D-2FB045AC5C2D}\setup.exe" -l0x9 -uninst
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
Bejeweled 2 Deluxe 1.1.3.2523-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log "
Brain Games Mahjongg-->C:\PROGRA~1\ONHAND~1\BRAING~1\UNWISE.EXE C:\PROGRA~1\ONHAND~1\BRAING~1\INSTALL.LOG
CCleaner--> "C:\Program Files\CCleaner\uninst.exe "
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D-Link RangeBooster N DWA-142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A385AA5D-4B9C-4BB4-A3D9-8BA006D6E831}\setup.exe" -l0x9 -removeonly
DVD Shrink 3.2--> "C:\Program Files\DVD Shrink\unins000.exe "
DVD Solution--> "C:\Program Files\Uninstall_CDS.exe "
eGames Collector's Edition-->C:\eGames\COLLEC~1\UNWISE.EXE C:\eGames\COLLEC~1\INSTALL.LOG
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=" "
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=" "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB2158563)--> "C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB961118)--> "C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB970653-v3)--> "C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB976098-v2)--> "C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB979306)--> "C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB981793)--> "C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe "
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Network Connections 14.2.100.0-->MsiExec.exe /i{EEEFE7A9-293E-4F5F-A114-81731A9C3826} ARPREMOVE=1
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
LG MC USB U330 driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}\setup.exe" -l0x9 -removeonly
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0--> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSRedist-->MsiExec.exe /I{328687A2-2504-49FA-AE3E-08B0DEDB51EC}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{F929096B-54A0-4C5C-B125-1E7EB1917412}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.8.0.5\InstStub.exe /X
Norton Online-->C:\Program Files\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NOF\LicenseType\2.0.0.71\InstStub.exe /X
Norton Safety Minder-->C:\Program Files\NortonInstaller\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\AddOns\NSM\2.0.0.48\InstStub.exe /X
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTax 2008-->MsiExec.exe /X{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}
Real Alternative 2.0.2 Lite--> "C:\Program Files\Real Alternative\unins000.exe "
RPS CRT-->MsiExec.exe /I{D879192D-3EB9-4A94-8444-66537AB64B64}
Samsung USB Driver (MCCI 4.34) WHQL v3.4-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}
Security Update for Windows Internet Explorer 8 (KB2183461)--> "C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB971961)--> "C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB972260)--> "C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB974455)--> "C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB976325)--> "C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB978207)--> "C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB981332)--> "C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 8 (KB982381)--> "C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB952069)--> "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB954155)--> "C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB968816)--> "C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB973540)--> "C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB975558)--> "C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB978695)--> "C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB954154)--> "C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2079403)--> "C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2115168)--> "C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2121546)--> "C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2160329)--> "C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2229593)--> "C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2259922)--> "C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2286198)--> "C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe "
Security Update for Windows XP (KB2347290)--> "C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923561)--> "C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)--> "C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952004)--> "C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954600)--> "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956572)--> "C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956744)--> "C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956802)--> "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956844)--> "C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958687)--> "C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958869)--> "C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe "
Security Update for Windows XP (KB959426)--> "C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe "
Security Update for Windows XP (KB960225)--> "C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe "
Security Update for Windows XP (KB960803)--> "C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB960859)--> "C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe "
Security Update for Windows XP (KB961371-v2)--> "C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB961501)--> "C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe "
Security Update for Windows XP (KB968537)--> "C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe "
Security Update for Windows XP (KB969059)--> "C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe "
Security Update for Windows XP (KB969947)--> "C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe "
Security Update for Windows XP (KB970238)--> "C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe "
Security Update for Windows XP (KB970430)--> "C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe "
Security Update for Windows XP (KB971468)--> "C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe "
Security Update for Windows XP (KB971486)--> "C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe "
Security Update for Windows XP (KB971557)--> "C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe "
Security Update for Windows XP (KB971633)--> "C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe "
Security Update for Windows XP (KB971657)--> "C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe "
Security Update for Windows XP (KB972260)--> "C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe "
Security Update for Windows XP (KB972270)--> "C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe "
Security Update for Windows XP (KB973346)--> "C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe "
Security Update for Windows XP (KB973354)--> "C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe "
Security Update for Windows XP (KB973507)--> "C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe "
Security Update for Windows XP (KB973525)--> "C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe "
Security Update for Windows XP (KB973869)--> "C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe "
Security Update for Windows XP (KB973904)--> "C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe "
Security Update for Windows XP (KB974112)--> "C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe "
Security Update for Windows XP (KB974318)--> "C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe "
Security Update for Windows XP (KB974392)--> "C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe "
Security Update for Windows XP (KB974571)--> "C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe "
Security Update for Windows XP (KB975025)--> "C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe "
Security Update for Windows XP (KB975467)--> "C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe "
Security Update for Windows XP (KB975560)--> "C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe "
Security Update for Windows XP (KB975561)--> "C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe "
Security Update for Windows XP (KB975562)--> "C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB975713)--> "C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe "
Security Update for Windows XP (KB977165)--> "C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe "
Security Update for Windows XP (KB977816)--> "C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe "
Security Update for Windows XP (KB977914)--> "C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978037)--> "C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978251)--> "C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978262)--> "C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978338)--> "C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978542)--> "C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978601)--> "C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe "
Security Update for Windows XP (KB978706)--> "C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB979309)--> "C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe "
Security Update for Windows XP (KB979482)--> "C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe "
Security Update for Windows XP (KB979559)--> "C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe "
Security Update for Windows XP (KB979683)--> "C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB980195)--> "C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe "
Security Update for Windows XP (KB980218)--> "C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe "
Security Update for Windows XP (KB980232)--> "C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe "
Security Update for Windows XP (KB980436)--> "C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB981322)--> "C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe "
Security Update for Windows XP (KB981852)--> "C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe "
Security Update for Windows XP (KB981997)--> "C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe "
Security Update for Windows XP (KB982214)--> "C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB982665)--> "C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe "
Security Update for Windows XP (KB982802)--> "C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe "
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Simply Accounting by Sage 2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C54856BC-3549-4ADE-AD4B-BC48C336DF5A}\setup.exe" -l0x9 -removeonly
SIW version 2010.07.14--> "C:\Program Files\SIW\unins000.exe "
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
SUPERAntiSpyware--> "C:\Program Files\SUPERAntiSpyware\Uninstall.exe "
Text-To-Speech-Runtime-->MsiExec.exe /X{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}
TomTom HOME 2.7.5.2014-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=" "
Update for Windows Internet Explorer 8 (KB972636)--> "C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe "
Update for Windows Internet Explorer 8 (KB976662)--> "C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe "
Update for Windows Internet Explorer 8 (KB976749)--> "C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe "
Update for Windows Internet Explorer 8 (KB980182)--> "C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe "
Update for Windows XP (KB2141007)--> "C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Update for Windows XP (KB955759)--> "C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe "
Update for Windows XP (KB955839)--> "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe "
Update for Windows XP (KB961503)--> "C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe "
Update for Windows XP (KB967715)--> "C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe "
Update for Windows XP (KB968389)--> "C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe "
Update for Windows XP (KB971737)--> "C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe "
Update for Windows XP (KB973687)--> "C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe "
Update for Windows XP (KB973815)--> "C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe "
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=" "
Windows Internet Explorer 8--> "C:\WINDOWS\ie8\spuninst\spuninst.exe "
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Zuma's Revenge!-->C:\Program Files\PopCap Games\Zuma's Revenge\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma's Revenge\Install.log "

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: OWNER-RFH54E5YG
Event Code: 8003
Message: The master browser has received a server announcement from the computer DANA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4AA60DF7-7C0B-4FBB-8.
The master browser is stopping or an election is being forced.

Record Number: 56871
Source Name: MRxSmb
Time Written: 20101009172149.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
NetworkX

Record Number: 56847
Source Name: Service Control Manager
Time Written: 20101009171750.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 7000
Message: The Audio Service service failed to start due to the following error:
The system cannot find the path specified.

Record Number: 56846
Source Name: Service Control Manager
Time Written: 20101009171749.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 7000
Message: The Security Services Driver (x86) service failed to start due to the following error:
The system cannot find the file specified.

Record Number: 56845
Source Name: Service Control Manager
Time Written: 20101009171749.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 8003
Message: The master browser has received a server announcement from the computer DANA-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4AA60DF7-7C0B-4FBB-8.
The master browser is stopping or an election is being forced.

Record Number: 56841
Source Name: MRxSmb
Time Written: 20101009165330.000000-180
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-RFH54E5YG
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 868
Source Name: Application Hang
Time Written: 20100927221928.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

Record Number: 807
Source Name: crypt32
Time Written: 20100926170706.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: Access is denied.

Record Number: 804
Source Name: crypt32
Time Written: 20100926170705.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 618
Source Name: Application Hang
Time Written: 20100920210306.000000-180
Event Type: error
User:

Computer Name: OWNER-RFH54E5YG
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Record Number: 600
Source Name: crypt32
Time Written: 20100920090053.000000-180
Event Type: error
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION "=0401
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP

-----------------EOF-----------------

crunchie · 2010/11/01

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktop
You'll see a black screen flash,thats normal.

@echo off
sc stop XLBTEKWV
sc stop LOXPZYMQO
sc stop MGMIHS
sc delete XLBTEKWV
sc delete LOXPZYMQO
sc delete MGMIHS
Click to expand...

Restart your PC.

============

1. Please open Notepad

Click Start , then Run

Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::

File::
C:\DOCUME~1\Owner\LOCALS~1\Temp\LOXPZYMQO.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\XLBTEKWV.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\MGMIHS.exe
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

===============

Please download Rootkit Unhooker . Save it to your desktop.

Now double-click on RKUnhookerLE.exe to run it.

Click the Report tab, then click Scan.

Checkmark Drivers, Stealth. Uncheck the rest. Click OK.

Wait till the scanner has finished and then click File, Save Report.

Save the report to some known location. Click Close.

Copy the entire content of the report and paste it in a reply here.

Note. You may get this warning it is ok, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay? "

wrathall · 2010/11/01

ComboFix 10-10-31.04 - Owner 11/01/2010 10:30:22.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.100 [GMT -3:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\docume~1\Owner\LOCALS~1\Temp\LOXPZYMQO.exe "
"c:\docume~1\Owner\LOCALS~1\Temp\MGMIHS.exe "
"c:\docume~1\Owner\LOCALS~1\Temp\XLBTEKWV.exe "
.

((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 11:47 . 2010-11-01 11:48 -------- d-----w- C:\rsit
2010-10-27 14:17 . 2010-11-01 13:28 -------- d-----w- c:\windows\system32\CatRoot2
2010-10-24 22:29 . 2010-10-24 22:29 -------- d-----w- c:\documents and settings\Kullen\Application Data\ArcSoft
2010-10-15 11:18 . 2010-10-15 20:24 -------- d-----w- c:\windows\system32\drivers\NIS
2010-10-15 11:18 . 2010-10-15 11:18 -------- d-----w- c:\program files\Norton Internet Security
2010-10-13 11:03 . 2010-10-13 11:03 -------- d-----w- c:\program files\ESET
2010-10-13 02:20 . 2010-10-13 02:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\OpenCandy
2010-10-13 02:20 . 2010-10-13 02:20 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenCandy
2010-10-13 02:20 . 2010-10-13 02:20 -------- d-----w- c:\program files\SIW
2010-10-04 23:44 . 2010-10-04 23:44 -------- d-----w- c:\program files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-15 11:22 . 2010-06-28 20:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-15 11:22 . 2010-06-28 20:42 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-21 21:20 . 2010-08-21 12:14 144556 ----a-w- C:\MGlogs.zip
2010-09-07 20:13 . 2010-09-07 20:14 812344 ----a-w- c:\documents and settings\HJTInstall.exe
2010-08-21 12:12 . 2010-08-21 12:13 2398955 ----a-w- C:\MGtools.exe
2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2004-10-01 18:00 . 2009-08-25 13:55 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-08-20 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-22_16.13.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-01 13:34 . 2010-11-01 13:34 16384 c:\windows\temp\Perflib_Perfdata_638.dat
+ 2010-11-01 13:16 . 2010-11-01 13:16 16384 c:\windows\temp\Perflib_Perfdata_5d8.dat
+ 2010-11-01 13:49 . 2010-11-01 13:49 16384 c:\windows\temp\Perflib_Perfdata_4f0.dat
+ 2010-11-01 13:48 . 2010-11-01 13:48 16384 c:\windows\temp\Perflib_Perfdata_490.dat
- 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
+ 2009-08-21 15:47 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2009-08-21 15:47 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2010-10-15 17:28 . 2010-04-22 02:29 43696 c:\windows\system32\drivers\NIS\1108000.005\srtspx.sys
+ 2010-10-22 16:21 . 2010-10-31 00:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-13 00:16 . 2010-10-31 00:20 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-09-13 00:16 . 2010-09-18 16:13 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-10-22 16:21 . 2010-10-31 00:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-10-07 03:02 . 2010-10-07 03:02 21504 c:\windows\Installer\e6c2c8.msi
+ 2010-09-29 21:58 . 2010-04-21 13:28 46080 c:\windows\$NtUninstallKB2158563$\tzchange.exe
+ 2010-09-29 21:58 . 2010-06-23 00:54 16896 c:\windows\$NtUninstallKB2158563$\spuninst\tzchange.dll
+ 2010-10-04 23:43 . 2010-07-17 08:00 153376 c:\windows\system32\javaws.exe
- 2010-07-01 21:27 . 2010-04-12 20:29 153376 c:\windows\system32\javaws.exe
+ 2010-10-04 23:43 . 2010-07-17 08:00 145184 c:\windows\system32\javaw.exe
- 2010-07-01 21:27 . 2010-04-12 20:29 145184 c:\windows\system32\javaw.exe
+ 2010-10-04 23:43 . 2010-07-17 08:00 145184 c:\windows\system32\java.exe
- 2010-07-01 21:27 . 2010-04-12 20:29 145184 c:\windows\system32\java.exe
+ 2010-10-15 17:28 . 2010-05-06 04:01 339504 c:\windows\system32\drivers\NIS\1108000.005\symtdiv.sys
+ 2010-10-15 17:28 . 2010-05-06 04:01 361904 c:\windows\system32\drivers\NIS\1108000.005\symtdi.sys
+ 2010-10-15 17:28 . 2010-04-22 03:02 173104 c:\windows\system32\drivers\NIS\1108000.005\symefa.sys
+ 2010-10-15 17:28 . 2009-08-30 00:17 328752 c:\windows\system32\drivers\NIS\1108000.005\symds.sys
+ 2010-10-15 17:28 . 2010-04-22 02:29 325680 c:\windows\system32\drivers\NIS\1108000.005\srtsp.sys
+ 2010-10-15 17:28 . 2010-04-29 05:03 116784 c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys
+ 2010-10-15 17:28 . 2010-02-26 00:22 501888 c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys
+ 2010-07-01 21:27 . 2010-07-17 08:00 423656 c:\windows\system32\deployJava1.dll
+ 2010-10-04 23:44 . 2010-10-04 23:44 180224 c:\windows\Installer\2c122ad.msi
+ 2010-09-29 21:58 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2158563$\spuninst\updspapi.dll
+ 2010-09-29 21:58 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2158563$\spuninst\spuninst.exe
+ 2010-10-11 11:07 . 2010-10-11 11:07 3940864 c:\windows\Installer\20f5c9.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3 "= "advpack.dll" [2009-03-08 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood "= 1 (0x1)
"MaxRecentDocs "= 5 (0x5)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 07:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe "=c:\windows\system32\ctfmon.exe
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
"HotKeysCmds "=c:\windows\system32\hkcmd.exe
"RemoteControl "= "c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe "
"ConnectionManager "=c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
"AVP "= "c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe "=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\symds.sys [10/15/2010 2:28 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\symefa.sys [10/15/2010 2:28 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [10/2/2010 12:00 AM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\cchpx86.sys [10/15/2010 2:28 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 3:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 3:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\ironx86.sys [10/15/2010 2:28 PM 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [10/15/2010 2:27 PM 126392]
R2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.0.0.71\ccsvchst.exe [7/6/2010 8:32 PM 126904]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/21/2009 12:20 PM 16680]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 11:41 AM 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/15/2010 8:29 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101028.001\IDSXpx86.sys [10/29/2010 7:41 AM 341880]
S2 gupdate1ca24fdf82ceca0;Google Update Service (gupdate1ca24fdf82ceca0);c:\program files\Google\Update\GoogleUpdate.exe [8/24/2009 6:00 PM 133104]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\system32\drivers\NSM\0200000.030\symrdr.sys [7/6/2010 8:32 PM 180912]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\uwylqqnr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cbc.ca/ns/|http://www.sympatico.ca/
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\components\coFFFw.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \ "NIS\" /m \ "c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1 "
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NOF]
"ImagePath "= "\ "c:\program files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe\" /s \ "NOF\" /m \ "c:\program files\Norton Online\Engine\2.0.0.71\diMaster.dll\" /prefetch:1 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(440)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2010-11-01 10:59:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-01 13:58
ComboFix2.txt 2010-10-18 11:32
ComboFix3.txt 2010-09-22 16:22
ComboFix4.txt 2010-09-20 15:00
ComboFix5.txt 2010-11-01 13:25

Pre-Run: 363,427,848,192 bytes free
Post-Run: 363,357,601,792 bytes free

- - End Of File - - 7294335B9CB9C5148B9F7C5322593513

wrathall · 2010/11/01

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF6E11000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xA0143000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101031.002\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0xAA66F000 C:\WINDOWS\system32\drivers\sthda.sys 1216512 bytes (IDT, Inc., IDT PC Audio)
0xA0727000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xF81FD000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xA6650000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xF8091000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA66FC000 C:\WINDOWS\system32\drivers\NIS\1108000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x9F59A000 C:\WINDOWS\system32\DRIVERS\MRVW245.sys 499712 bytes (Marvell Semiconductor, Inc, NDIS 5.1 driver)
0xAA1B8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA6798000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF32C4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA4A0000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAA3CC000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101028.001\IDSxpx86.sys 360448 bytes (Symantec Corporation, IDS Core Driver)
0xA0291000 C:\WINDOWS\System32\Drivers\NIS\1108000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xA0680000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xAA449000 C:\WINDOWS\System32\Drivers\NIS\1108000.005\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xF8187000 SYMDS.SYS 352256 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9F74B000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF3322000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8345000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF8064000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF8148000 SYMEFA.SYS 184320 bytes
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0x9F680000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA250000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6DD5000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA3A4000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF82EF000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xAA33D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA424000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x9F614000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA64B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6DB1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF65A5000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA382000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAA27B000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF81DD000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8315000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xAA363000 C:\WINDOWS\system32\drivers\NIS\1108000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xA677B000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF804A000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF82D7000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF8131000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF658E000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA00A2000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA012F000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101031.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF6A72000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6DFD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA4F9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF811E000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF8175000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8334000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF64DD000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA15CB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF85C4000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8484000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF86B4000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF650E000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF85D4000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF3F9A000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF64FE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8494000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF84D4000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7418000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF85E4000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF84B4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF655E000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xF8604000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF3FAA000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF85B4000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF84A4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF85F4000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8474000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF652E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF3FBA000 C:\WINDOWS\system32\drivers\NIS\1108000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF653E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF84C4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8564000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8614000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF3FCA000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9EA7B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8544000 C:\WINDOWS\system32\DRIVERS\SMBios.sys 36864 bytes (Intel Corporation, Intel(R) System Management BIOS Driver)
0xF3736000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xAA514000 C:\ComboFix\catchme.sys 32768 bytes
0xF8724000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF87A4000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA0CE8000 C:\WINDOWS\system32\drivers\osaio.sys 28672 bytes (Avocent/OSA Technologies Inc., OSA I/O Port Driver)
0xF86F4000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF3B6D000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF87DC000 C:\WINDOWS\system32\DRIVERS\intelsmb.sys 24576 bytes (Intel Corporation, System Management Bus 2.0 (SMBus) Driver)
0xF87D4000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8774000 C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys 24576 bytes
0xF87CC000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF872C000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF876C000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8714000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF871C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF86FC000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8864000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF886C000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF87E4000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA17A3000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7FED000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF409D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7B4F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8884000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA1724000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7B47000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA070F000 C:\WINDOWS\system32\drivers\OsaFsLoc.sys 12288 bytes (OSA Technologies, Filesystem Lock driver)
0xF8950000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8986000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8978000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF8984000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8974000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8988000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8A02000 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0xF8982000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xA18B9000 C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 8192 bytes
0xF898A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8A0A000 C:\WINDOWS\system32\drivers\SIODRV.SYS 8192 bytes (Intel Corporation, SuperIO Driver for Windows NT(R))
0xF897A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF897E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8976000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8AC4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8A78000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF36E6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8A3C000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Thanks

crunchie · 2010/11/02

Those logs look ok. Any change at all?

wrathall · 2010/11/02

Everything seems to be running fine except that there was the email issue and streaming video is very very lagging. Was the email fixed with the last set of instructions do you think?

crunchie · 2010/11/02

You will have to let me know about the emails.
The laggy video..............looks like a connection issue, but I'm not sure why.

wrathall · 2010/11/02

Everything seems good. I guess we can called it fixed. If the emails continue, I'll let you know. Thank you for all your help!!!

crunchie · 2010/11/02

Ok. I'll leave this active for a day or so and wait to hear from you before I mark it solved .

crunchie · 2010/11/09

How is it?

Log in or Sign up

Active Slow machine - Freeze ups

crunchie Inactive

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

crunchie Inactive

crunchie Inactive

Share This Page

Log in or Sign up

Active Slow machine - Freeze ups

crunchie Inactive

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

crunchie Inactive

wrathall Inactive Thread Starter

crunchie Inactive

crunchie Inactive

Share This Page

Useful Searches