Author Topic: Multiple PC Issues (Read 3510 times)

wedzmer · « **on:** October 02, 2009, 11:08:56 AM »

As instructed by Admin (questsolo), i have created a new topic concerning my problem.

OTL.exe produced two (2) files and are upload in the post...

if you may, can i post my other problems here after we have solved this current problem of my pc?
so that i can only look for one thread of all my pc problem?
the computer in my office also have other problems, and it's worst than the pc i have here at home.

thanx and hoping for your reply.

P.S.

I also have some other problems in my pc right now... every time i turn it off, a lot of pop-ups show... and i couldn't make a screenshot of it because it only shows every time i turn my pc off... something like, program not responding blah blah blah of explorer.exe or lockmoon.exe etc...

i also have tuneup utilities installed in my pc.. and if you would let me, i have some screenshots of the problems it tells me which it can't fix by itself. here are those:

OTL logfile created on: 10/2/2009 11:55:54 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\omayr.KUSINFAMILY\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.10 Mb Total Physical Memory | 125.54 Mb Available Physical Memory | 28.14% Memory free
1.69 Gb Paging File | 1.30 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.75 Gb Total Space | 16.21 Gb Free Space | 62.95% Space Free | Partition Type: NTFS
Drive D: | 26.22 Gb Total Space | 10.06 Gb Free Space | 38.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KUSINFAMILY
Current User Name: omayr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2006/03/08 22:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2005/11/11 20:40:52 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
PRC - [2005/11/11 20:40:50 | 01,093,632 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2006/03/08 22:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/03/14 17:01:40 | 16,010,752 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2006/04/24 20:54:46 | 00,335,872 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
PRC - [2006/03/29 20:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2009/08/06 06:45:31 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/04/24 18:18:42 | 00,364,544 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2009/04/21 12:39:40 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2009/10/02 23:54:56 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\omayr.KUSINFAMILY\My Documents\Downloads\OTL.exe

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found -- -- (.EsetTrialReset [Auto | Stopped])
SRV - [2006/03/29 20:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/08/06 06:45:31 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/03/08 22:42:00 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2009/05/14 23:12:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/19 09:02:36 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/06/25 08:47:12 | 01,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/08/23 17:40:48 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/04/24 18:18:42 | 00,364,544 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ [Auto | Running])
SRV - [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Disabled | Stopped])
SRV - [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Disabled | Stopped])
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2003/07/28 05:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/04/21 12:39:36 | 00,362,240 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009/04/21 12:39:40 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
SRV - [2008/11/12 16:44:18 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2005/11/11 20:40:52 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2006/01/25 10:44:52 | 00,488,448 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2006/03/08 22:49:20 | 01,506,816 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/08/06 06:45:31 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/05/14 15:41:10 | 00,114,472 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV - [2009/05/14 15:47:14 | 00,107,256 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [Auto | Running])
DRV - [2009/05/14 15:49:22 | 00,133,000 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfw.sys -- (epfw [Auto | Running])
DRV - [2009/05/14 15:49:26 | 00,033,096 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\Epfwndis.sys -- (Epfwndis [On_Demand | Running])
DRV - [2009/05/14 15:49:26 | 00,055,768 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdi.sys -- (epfwtdi [System | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/24 10:20:52 | 00,218,496 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/10/18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/06/25 08:47:02 | 00,119,080 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDFs.sys -- (InCDfs [Disabled | Running])
DRV - [2007/06/25 08:47:12 | 00,036,776 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2007/06/25 08:47:12 | 00,038,440 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDRm.sys -- (incdrm [System | Running])
DRV - [2006/04/14 15:27:44 | 00,069,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2006/03/16 13:24:06 | 04,249,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2007/10/19 13:16:30 | 02,109,976 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Running])
DRV - [2007/10/11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007/10/11 18:59:24 | 00,025,624 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/10/11 19:00:42 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/10/11 18:55:58 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Running])
DRV - [2007/10/11 18:55:58 | 01,279,000 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\System32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/07/31 15:17:04 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 15:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2006/04/14 15:27:46 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2005/10/18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/04/14 15:27:44 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys -- (zntport [Auto | Running])
DRV - [2006/04/19 10:48:48 | 00,085,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver [Auto | Running])
DRV - [2006/04/19 15:42:02 | 00,016,384 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver [Auto | Running])

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:T_PAG
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapiplorer\Main
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/30 03:14:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/20 00:33:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/19 14:49:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2009/09/08 23:41:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\mozilla\Extensions
[2009/09/08 23:41:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/25 00:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\mozilla\Extensions\[email protected]
[2009/10/02 06:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\mozilla\Firefox\Profiles\ksvsxshj.default\extensions
[2009/09/30 07:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\mozilla\Firefox\Profiles\ksvsxshj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/25 21:21:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/13 15:13:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/13 15:12:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/13 15:12:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/09/13 15:12:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 00:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 159
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.84.191.216 121.1.3.208 121.1.3.199 121.1.3.250
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents) - File not found
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/20 12:14:56 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bf9bb76c-a276-11de-811d-0016ce8ac64e}\Shell - "" = AutoRun
O33 - MountPoints2\{bf9bb76c-a276-11de-811d-0016ce8ac64e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf9bb76c-a276-11de-811d-0016ce8ac64e}\Shell\Open\Command - "" = wscript.exe .\Recycled\info.vbs
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[10 C:\WINDOWS\System32\*.tmp files]
[2009/10/01 00:05:38 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/09/30 03:14:19 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/30 03:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/09/30 02:56:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/29 23:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ESET
[2009/09/29 23:43:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\ESET
[2009/09/29 23:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/09/28 00:27:00 | 00,067,645 | ---- | C] (TrekBlue, LLC) -- C:\WINDOWS\System32\drivers\pshook11.sys
[2009/09/28 00:25:54 | 00,000,000 | ---D | C] -- C:\Program Files\INAC
[2009/09/27 02:23:36 | 00,008,539 | RHS- | C] () -- C:\WINDOWS\System32\setting.ini
[2009/09/26 23:34:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Download Manager
[2009/09/25 17:30:35 | 00,000,000 | ---D | C] -- C:\2a420226d86363a7344d60
[2009/09/25 17:28:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/09/25 17:28:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/09/25 17:28:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/25 17:28:37 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/09/25 17:28:05 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/09/25 17:28:05 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/09/25 17:28:05 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/09/25 17:28:05 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/09/25 17:28:05 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/09/25 17:28:05 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/09/25 17:28:05 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/09/25 17:28:04 | 00,000,000 | ---D | C] -- C:\2995d2e1e33890630e13
[2009/09/25 17:24:16 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/09/16 00:34:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\TUProgSt_20090916-073418.dmp
[2009/09/15 21:17:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Apple Computer
[2009/09/15 21:15:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/09/15 21:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\Apple
[2009/09/15 21:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/09/15 21:12:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\Apple Computer
[2009/09/09 16:29:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Skype
[2009/09/09 16:29:18 | 00,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/09/09 16:29:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/09/09 16:29:12 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/09/08 23:40:16 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/08 23:40:11 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/08 14:44:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/09/07 04:14:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\Temp
[2009/09/03 10:37:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\Yahoo!
[2009/09/03 10:35:29 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/05/28 00:20:51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2009/05/28 00:20:51 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2009/05/27 23:44:45 | 00,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2009/05/27 23:44:43 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2009/04/21 14:24:56 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 13:28:03 | 00,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/21 13:19:53 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/04/20 18:31:36 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/20 18:27:52 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/04/20 18:27:50 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/20 18:27:50 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/20 18:27:49 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/04/20 18:27:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/20 18:27:48 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/20 17:39:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/04/20 17:39:10 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/10/11 18:59:24 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/04 05:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 08:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[10 C:\WINDOWS\System32\*.tmp files]
[2009/10/02 23:11:14 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/10/02 23:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/10/02 19:58:39 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/02 19:57:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 19:57:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/02 19:57:44 | 46,784,1024 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/30 17:23:10 | 00,101,888 | ---- | M] () -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 04:55:59 | 01,412,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/30 03:16:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/28 00:27:00 | 00,067,645 | ---- | M] (TrekBlue, LLC) -- C:\WINDOWS\System32\drivers\pshook11.sys
[2009/09/27 22:22:03 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/27 02:23:36 | 00,008,539 | RHS- | M] () -- C:\WINDOWS\System32\setting.ini
[2009/09/25 17:48:53 | 00,432,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/25 17:48:52 | 00,488,704 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/25 17:48:52 | 00,067,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/25 17:32:18 | 00,018,632 | ---- | M] () -- C:\Documents and Settings\omayr.KUSINFAMILY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/25 00:09:54 | 02,320,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\TUKernel.exe
[2009/09/25 00:09:54 | 00,000,389 | RHS- | M] () -- C:\boot .ini
[2009/09/16 00:34:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\TUProgSt_20090916-073418.dmp
[2009/09/09 19:09:35 | 00,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2009/09/08 23:40:16 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/03 10:35:29 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
< End of report >
ï»¿

OTL Extras logfile created on: 10/2/2009 11:55:54 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\omayr.KUSINFAMILY\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.10 Mb Total Physical Memory | 125.54 Mb Available Physical Memory | 28.14% Memory free
1.69 Gb Paging File | 1.30 Gb Available in Paging File | 76.91% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 25.75 Gb Total Space | 16.21 Gb Free Space | 62.95% Space Free | Partition Type: NTFS
Drive D: | 26.22 Gb Total Space | 10.06 Gb Free Space | 38.36% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KUSINFAMILY
Current User Name: omayr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Installation\Setupx.exe" = E:\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\DOCUME~1\OMAYR~1.KUS\LOCALS~1\Temp\Rar$EX01.625\Kaspersky AntiVirus 2009 KEYGEN.exe" = C:\DOCUME~1\OMAYR~1.KUS\LOCALS~1\Temp\Rar$EX01.625\Kaspersky AntiVirus 2009 KEYGEN.exe:*:Enabled:UST2009 -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(tm) 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FF67F80-BD1F-4142-B95A-8A0C044AA4F8}" = ATI Catalyst Control Center
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}" = Atheros Wireless LAN
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"The Hadith Software_is1" = The Hadith Software Version 1.0
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/1/2009 7:54:01 AM | Computer Name = KUSINFAMILY | Source = ESENT | ID = 490
Description = svchost (408) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/2/2009 12:07:47 PM | Computer Name = KUSINFAMILY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/2/2009 12:08:04 PM | Computer Name = KUSINFAMILY | Source = Application Hang | ID = 1001
Description = Fault bucket 1437517761.

[ System Events ]
Error - 10/2/2009 4:58:05 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/2/2009 4:58:33 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 10/2/2009 4:58:59 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/2/2009 4:58:59 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 10/2/2009 6:43:34 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 10/2/2009 6:44:53 PM | Computer Name = KUSINFAMILY | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 0095f1a0, parameter2 00000002, parameter3
00000001, parameter4 f75f48ce.

Error - 10/2/2009 6:46:19 PM | Computer Name = KUSINFAMILY | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00a1f1a0, parameter2 00000002, parameter3
00000001, parameter4 f75f48ce.

Error - 10/2/2009 6:58:11 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 10/2/2009 7:39:54 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 10/2/2009 10:59:01 PM | Computer Name = KUSINFAMILY | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

[ TuneUp Events ]
Error - 8/14/2009 11:33:42 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-14 08:33:41', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','892',0)

Error - 8/24/2009 5:52:50 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = Error getting process list. Error Code: 0x8

Error - 9/5/2009 5:52:09 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-05 02:52:09', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','3420',0)

Error - 9/10/2009 6:46:50 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-10 03:46:49', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','1604',0)

Error - 9/10/2009 7:21:54 PM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = Error getting process list. Error Code: 0x8

Error - 9/11/2009 11:51:02 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-11 08:51:02', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','2860',0)

Error - 9/11/2009 11:53:57 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-11 08:53:57', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','2772',0)

Error - 9/12/2009 6:04:24 PM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-12 15:04:24', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','2460',0)

Error - 9/18/2009 7:39:03 PM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-18 16:39:02', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','2616',0)

Error - 9/25/2009 12:38:49 AM | Computer Name = KUSINFAMILY | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "an": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-24 21:38:49', '\device\harddiskvolume1\program
files\the noble qur'an v3.0\quran.exe','1748',0)

< End of report >

EDIT>> I've included both OTL.txt and Extras.txt in your reply as it's easier to follow

guestolo · « **Reply #1 on:** October 02, 2009, 07:04:00 PM »

What I see right away is the following:
ESET Smart Security
Avira AntiVir Personal

Having more than one AntiVirus software installed and running in the background can cause system slowdowns and incompatibilities
I suggest that you keep the one your happiest with and uninstall the other

Rebooting the computer after removal

Back in Windows
Run OTL.exe

Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Quote
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
O2 - BHO: (no name) - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - Reg Error: Key error. File not found

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Installation\Setupx.exe" =-
"C:\DOCUME~1\OMAYR~1.KUS\LOCALS~1\Temp\Rar$EX01.625\Kaspersky AntiVirus 2009 KEYGEN.exe" =-

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, please post the log that OTL produces

Also, download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#2E8B57\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#2E8B57\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

wedzmer · « **Reply #2 on:** October 09, 2009, 11:17:42 AM »

What I see right away is the following:
ESET Smart Security
Avira AntiVir Personal

Having more than one AntiVirus software installed and running in the background can cause system slowdowns and incompatibilities
I suggest that you keep the one your happiest with and uninstall the other

Rebooting the computer after removal

Back in Windows
Run OTL.exe

Under the [color=\"#0000ff\"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Then click the [color=\"#ff0000\"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, please post the log that OTL produces

Also, download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#2e8b57\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#2e8b57\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.[/quote]

I already did these....

and here's the result of the full scan you asked me:

[code]Malwarebytes' Anti-Malware 1.41
Database version: 2929
Windows 5.1.2600 Service Pack 2

10/9/2009 11:43:51 PM
mbam-log-2009-10-09 (23-43-51).txt

Scan type: Full Scan (F:\|)
Objects scanned: 96268
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 22
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 9
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
I already removed it as you told... and reboot my pc after...

what's next?

wedzmer · « **Reply #3 on:** October 09, 2009, 12:05:51 PM »

Here's the Log.txt from ATF-Cleaner.exe
I forgot to post it in my other reply and I don't know how to edit my previous post.
And can you please remove the reply of this other guy who lacks attention from the world? Thanx

ComboFix 09-10-08.04 - omayr 10/10/2009 0:41.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.123 [GMT -7:00]
Running from: F:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\6326f5.msp
c:\windows\system32\setting.ini

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 05:59 . 2009-10-10 05:59   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\Malwarebytes
2009-10-10 05:59 . 2009-09-10 21:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-10 05:58 . 2009-10-10 05:58   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-10 05:58 . 2009-09-10 21:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-10 05:58 . 2009-10-10 05:59   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-10 05:37 . 2009-10-10 05:37   --------   d-----w-   C:\_OTL
2009-10-09 22:37 . 2009-10-09 22:37   --------   d-----w-   c:\program files\InterActual
2009-10-06 04:55 . 2009-10-06 05:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\Speedbit
2009-10-01 07:05 . 2009-10-01 07:05   --------   d-----w-   c:\program files\CleanUp!
2009-09-30 10:02 . 2009-09-30 10:02   --------   d-----w-   c:\windows\ServicePackFiles
2009-09-30 09:56 . 2009-09-30 09:56   --------   d-----w-   c:\program files\Trend Micro
2009-09-30 06:43 . 2009-09-30 06:43   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\ESET
2009-09-30 06:43 . 2009-09-30 06:43   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\ESET
2009-09-30 06:42 . 2009-09-30 06:42   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-30 06:36 . 2009-09-30 06:36   --------   d-----w-   c:\program files\ESET
2009-09-28 07:27 . 2009-09-28 07:27   67645   ----a-w-   c:\windows\system32\drivers\pshook11.sys
2009-09-28 07:25 . 2009-09-28 09:38   --------   d-----w-   c:\program files\INAC
2009-09-27 06:34 . 2009-09-27 09:08   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\Download Manager
2009-09-26 00:30 . 2009-09-26 00:30   --------   d-----w-   C:\2a420226d86363a7344d60
2009-09-26 00:28 . 2009-09-26 00:28   --------   d-----w-   c:\windows\system32\XPSViewer
2009-09-26 00:28 . 2009-09-26 00:28   --------   d-----w-   c:\program files\MSBuild
2009-09-26 00:28 . 2009-09-26 00:28   --------   d-----w-   c:\program files\Reference Assemblies
2009-09-26 00:28 . 2008-07-06 12:06   89088   -c----w-   c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-26 00:28 . 2008-07-06 12:06   575488   -c----w-   c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-26 00:28 . 2008-07-06 12:06   575488   ------w-   c:\windows\system32\xpsshhdr.dll
2009-09-26 00:28 . 2008-07-06 12:06   1676288   -c----w-   c:\windows\system32\dllcache\xpssvcs.dll
2009-09-26 00:28 . 2008-07-06 12:06   1676288   ------w-   c:\windows\system32\xpssvcs.dll
2009-09-26 00:28 . 2008-07-06 12:06   117760   ------w-   c:\windows\system32\prntvpt.dll
2009-09-26 00:28 . 2008-07-06 10:50   597504   -c----w-   c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-26 00:28 . 2009-09-26 00:28   --------   d-----w-   C:\2995d2e1e33890630e13
2009-09-26 00:24 . 2009-09-26 00:24   --------   d-----w-   c:\program files\MSXML 6.0
2009-09-22 02:54 . 2009-09-22 02:54   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-09-16 04:17 . 2009-09-16 07:51   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\Apple Computer
2009-09-16 04:15 . 2009-09-19 21:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-16 04:15 . 2009-09-16 04:15   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\Apple
2009-09-16 04:13 . 2009-09-16 04:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2009-09-16 04:12 . 2009-09-16 04:17   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 05:30 . 2009-09-09 23:29   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\Skype
2009-10-10 04:30 . 2009-07-11 15:15   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\skypePM
2009-10-09 06:46 . 2009-06-07 08:22   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\BitTorrent
2009-09-30 06:36 . 2009-08-30 09:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\ESET
2009-09-30 02:53 . 2009-05-15 06:11   --------   d-----w-   c:\program files\Common Files\Adobe
2009-09-30 02:43 . 2009-04-21 19:39   --------   d-----w-   c:\program files\TuneUp Utilities 2009
2009-09-26 00:32 . 2009-04-21 01:21   18632   -c--a-w-   c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-25 07:09 . 2009-04-21 22:13   2320128   ----a-w-   c:\windows\system32\TUKernel.exe
2009-09-24 17:31 . 2009-04-22 14:53   --------   d-----w-   c:\documents and settings\omayr.KUSINFAMILY\Application Data\Yahoo!
2009-09-16 04:42 . 2009-05-15 06:22   --------   d-----w-   c:\program files\Bonjour
2009-09-13 05:17 . 2009-07-30 07:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-10 23:11 . 2009-06-07 08:21   --------   d-----w-   c:\program files\BitTorrent
2009-09-09 23:29 . 2009-09-09 23:29   --------   d-----w-   c:\program files\Common Files\Skype
2009-09-09 23:29 . 2009-09-09 23:29   --------   d-----r-   c:\program files\Skype
2009-09-09 23:29 . 2009-07-11 14:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2009-09-08 21:44 . 2009-04-21 01:28   --------   d-----w-   c:\program files\Google
2009-09-07 11:33 . 2009-07-09 00:34   --------   d-----w-   c:\program files\Mozilla Firefox 3.5 Beta 4
2009-08-19 16:03 . 2009-08-19 16:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-08-11 17:09 . 2009-08-11 17:09   --------   d-----w-   c:\program files\Windows Media Connect 2
2009-08-07 02:24 . 2009-04-20 19:11   327896   ----a-w-   c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2009-04-20 19:11   209632   ----a-w-   c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2009-04-20 19:11   35552   ----a-w-   c:\windows\system32\wups.dll
2009-08-07 02:24 . 2008-10-16 21:09   44768   ----a-w-   c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2009-04-20 19:11   53472   ----a-w-   c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 12:00   96480   ----a-w-   c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2009-04-20 19:11   575704   ----a-w-   c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2009-04-20 19:11   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
2009-08-06 13:45 . 2009-07-30 07:39   55656   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:11 . 2004-08-04 12:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00   82432   ----a-w-   c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 12:00   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
.

------- Sigcheck -------

[-] 2009-04-21 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-04-22 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-03-15 16010752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SecurDisc"=c:\program files\Nero\Nero 7\InCD\NBHGui.exe
"Broadcom Wireless Manager UI"=c:\windows\system32\WLTRAY.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe
"Acer ePresentation HPD"=c:\acer\Empowering Technology\ePresentation\ePresentation.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ePower_DMC"=c:\acer\Empowering Technology\ePower\ePower_DMC.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Boot"=c:\acer\Empowering Technology\ePower\Boot.exe
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/30/2009 12:39 AM 108289]
R2 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [5/28/2009 12:22 AM 16384]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [5/28/2009 12:22 AM 85248]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [4/21/2009 12:39 PM 603904]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
S2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 23:28]

2009-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-19 16:02]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\omayr.KUSINFAMILY\Application Data\Mozilla\Firefox\Profiles\xx8m55fv.default\
FF - plugin: c:\documents and settings\omayr.KUSINFAMILY\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 00:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:00000000
"ProductBase"=dword:00000001
"ProductCode"="{71CBF9BB-7E07-4A9D-BF30-84C11810B242}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.0.437.0"
"UniqueId"="007978DC4AC2FD8E"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."
"FixId"=dword:00000005
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1744)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-10-10 0:47
ComboFix-quarantined-files.txt 2009-10-10 07:47

Pre-Run: 17,619,996,672 bytes free
Post-Run: 17,601,941,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=TA46C4 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=TA46C4-BAK

228   --- E O F ---   2009-10-04 03:05

guestolo · « **Reply #4 on:** October 09, 2009, 07:46:13 PM »

Please use the ADD REPLY button on the bottom of the reply box
It's do hard to read the reply's your giving

guestolo · « **Reply #5 on:** October 10, 2009, 10:13:04 AM »

Quote

Running from: F:\ComboFix.exe

That's where combofix is running from
Remember, I posted specifically
to run ComboFix from your Desktop

I'm getting a bit confused from having 2 posts going about the same computer
Can you post back in the other thread you started on your PC at work
we'll take it from there
Keep me informed how things are now running

wedzmer · « **Reply #6 on:** October 11, 2009, 11:31:59 AM »

[quote name=\'guestolo\' post=\'465621\' date=\'Oct 10 2009, 10:13 AM\']That's where combofix is running from
Remember, I posted specifically
to run ComboFix from your Desktop

I'm getting a bit confused from having 2 posts going about the same computer
Can you post back in the other thread you started on your PC at work
we'll take it from there
Keep me informed how things are now running[/quote]

i wasn't suppose to run combo fix here because you didn't include it in the instructions here in the thread. i treat my topics differently because they have different issues. and sorry if i got you confused. but let me please clarify myself.

1st.. When i started posting, as you may remember, it was about the missing folder options. depriving to view my hidden files. that's somehow fix already as we have followed the instructions here in the thread. the only problem i have right now here in my HOME PC is that every time i turn it off, a lot of pop ups show like: LOCKMON.exe isn't responding properly blah blah blah with two (2) buttons below END NOW and CANCEL. Then it just disappears and another pop up shows with the same warning with a different name like REALTEK AUDIO HD MANAGER, and another like AVIRA and ESET and another so on. about 4 - 5 pop ups show before it turns off.

2nd.. about the other post i made in a different topic. it's about the major problems i am encountering in my OFFICE PC. My OFFICE PC and HOME PC are different computers. I communicate to you using my HOME PC because my OFFICE PC doesn't have any internet connection. Our boss is so strict about net surfing during office hours, that's why. But since it's a Non-Government Office and we are all volunteers for a cause on helping the community, we can't afford for a technician to fix the PC, that's why I'm asking for your assistance.

I hope I had made myself clear.

thanx for your time and effort. i highly appreciate it.

guestolo · « **Reply #7 on:** October 11, 2009, 12:21:56 PM »

Ok, let's deal with this computer
Back to what I posted earlier

Quote

What I see right away is the following:
ESET Smart Security
Avira AntiVir Personal

Having more than one AntiVirus software installed and running in the background can cause system slowdowns and incompatibilities
I suggest that you keep the one your happiest with and uninstall the other

Rebooting the computer after removal

With that said, we don't need the incompatibility of 2 antivirus software on top of other problems
Again, Uninstall one and then reboot the computer

Come back here and do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe to launch program.
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs
Let me know of any problems your still experiencing, Only with this computer for now

wedzmer · « **Reply #8 on:** October 12, 2009, 10:01:37 AM »

[quote name=\'guestolo\' post=\'465646\' date=\'Oct 11 2009, 12:21 PM\']Ok, let's deal with this computer
Back to what I posted earlier

With that said, we don't need the incompatibility of 2 antivirus software on top of other problems
Again, Uninstall one and then reboot the computer

Let me know of any problems your still experiencing, Only with this computer for now[/quote]

Ok, i have uninstalled AVIRA anti virus, and now I'm left with ESET because it has an anti-spyware.

here are the txt files as i have uploaded both files.

what's next to do?

Logfile of random's system information tool 1.06 (written by random/random)
Run by omayr at 2009-10-12 22:56:26
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (64%) free of 26 GB
Total RAM: 446 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:35 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\omayr.KUSINFAMILY\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\omayr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4963 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-07-30 159472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]
"eLockMonitor"=C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe [2006-04-21 16384]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-08 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.reg - edit -
.reg - open - "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2009-10-12 22:56:26 ----D---- C:\rsit
2009-10-10 00:55:59 ----SHD---- C:\RECYCLER
2009-10-10 00:47:55 ----D---- C:\WINDOWS\temp
2009-10-10 00:47:52 ----A---- C:\ComboFix.txt
2009-10-10 00:40:27 ----A---- C:\Boot.bak
2009-10-10 00:40:22 ----RASHD---- C:\cmdcons
2009-10-10 00:36:32 ----A---- C:\WINDOWS\zip.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\SWSC.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\SWREG.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\sed.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\PEV.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-10 00:36:32 ----A---- C:\WINDOWS\grep.exe
2009-10-10 00:36:20 ----D---- C:\WINDOWS\ERDNT
2009-10-10 00:35:01 ----D---- C:\Qoobox
2009-10-09 22:59:09 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Malwarebytes
2009-10-09 22:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-09 22:58:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-09 22:37:18 ----D---- C:\_OTL
2009-10-09 15:50:53 ----A---- C:\WINDOWS\iPlayer.INI
2009-10-09 15:37:25 ----D---- C:\Program Files\InterActual
2009-10-06 22:26:16 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 21:55:19 ----D---- C:\Documents and Settings\All Users\Application Data\Speedbit
2009-10-03 13:15:20 ----A---- C:\DVDPATH.TXT
2009-10-01 00:05:38 ----D---- C:\Program Files\CleanUp!
2009-09-30 13:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-30 03:16:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-30 03:14:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-30 03:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-30 03:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-30 03:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-30 03:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-30 03:06:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-30 03:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-30 03:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-09-30 03:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-30 03:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-30 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-30 03:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-30 03:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-30 03:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-30 03:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-30 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-30 03:02:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-30 03:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-30 03:01:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-30 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-30 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-30 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-30 02:56:55 ----D---- C:\Program Files\Trend Micro
2009-09-29 23:43:48 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\ESET
2009-09-29 23:36:31 ----D---- C:\Program Files\ESET
2009-09-28 00:25:54 ----D---- C:\Program Files\INAC
2009-09-26 23:34:41 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Download Manager
2009-09-25 17:51:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-25 17:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-25 17:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-25 17:30:35 ----D---- C:\2a420226d86363a7344d60
2009-09-25 17:28:54 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-25 17:28:49 ----D---- C:\Program Files\MSBuild
2009-09-25 17:28:46 ----D---- C:\WINDOWS\system32\en-US
2009-09-25 17:28:37 ----D---- C:\Program Files\Reference Assemblies
2009-09-25 17:28:05 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-25 17:28:05 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-25 17:28:05 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-25 17:28:04 ----D---- C:\2995d2e1e33890630e13
2009-09-25 17:24:22 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-09-25 17:24:16 ----D---- C:\Program Files\MSXML 6.0
2009-09-25 17:22:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-25 17:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-15 21:17:41 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Apple Computer
2009-09-15 21:15:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-09-15 21:13:29 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

======List of files/folders modified in the last 1 months======

2009-10-12 22:56:27 ----D---- C:\WINDOWS\Prefetch
2009-10-12 22:53:27 ----D---- C:\WINDOWS
2009-10-12 22:53:14 ----SD---- C:\WINDOWS\Tasks
2009-10-12 22:52:31 ----RD---- C:\Program Files
2009-10-12 22:51:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-12 22:50:25 ----D---- C:\WINDOWS\system32\drivers
2009-10-12 22:15:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-12 08:45:29 ----D---- C:\WINDOWS\system32
2009-10-12 06:16:58 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Skype
2009-10-12 03:48:03 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\skypePM
2009-10-12 01:06:53 ----SD---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Microsoft
2009-10-11 12:46:59 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\BitTorrent
2009-10-10 00:45:59 ----A---- C:\WINDOWS\system.ini
2009-10-10 00:45:29 ----SHD---- C:\WINDOWS\Installer
2009-10-10 00:43:57 ----D---- C:\WINDOWS\AppPatch
2009-10-10 00:43:50 ----D---- C:\Program Files\Common Files
2009-10-10 00:40:27 ----RASH---- C:\boot. ini
2009-10-09 15:51:33 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-09 15:40:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-07 06:59:52 ----D---- C:\WINDOWS\Minidump
2009-10-04 07:55:06 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-03 17:32:52 ----A---- C:\WINDOWS\win.ini
2009-10-03 17:27:21 ----D---- C:\WINDOWS\system32\config
2009-10-02 13:54:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-02 13:02:52 ----HD---- C:\WINDOWS\inf
2009-10-02 13:02:52 ----D---- C:\WINDOWS\Help
2009-09-30 07:33:32 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-30 04:55:45 ----D---- C:\Program Files\Outlook Express
2009-09-30 03:16:44 ----A---- C:\WINDOWS\imsins.BAK
2009-09-30 03:14:25 ----D---- C:\WINDOWS\Debug
2009-09-30 03:08:59 ----D---- C:\Program Files\Internet Explorer
2009-09-30 03:08:02 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-29 23:36:31 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-29 20:05:38 ----D---- C:\WINDOWS\WinSxS
2009-09-29 20:03:59 ----D---- C:\Program Files\Adobe
2009-09-29 19:53:28 ----D---- C:\Program Files\Common Files\Adobe
2009-09-29 19:43:37 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-09-29 01:57:16 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Adobe
2009-09-25 23:46:07 ----RSD---- C:\WINDOWS\assembly
2009-09-25 17:48:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-25 17:28:44 ----RSD---- C:\WINDOWS\Fonts
2009-09-25 17:25:53 ----D---- C:\WINDOWS\system32\mui
2009-09-25 00:09:54 ----A---- C:\WINDOWS\system32\TUKernel.exe
2009-09-24 10:31:28 ----D---- C:\Documents and Settings\omayr.KUSINFAMILY\Application Data\Yahoo!
2009-09-19 14:47:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-15 21:42:46 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
R2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-25 488448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-08 1506816]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]
S3 catchme;catchme; \??\C:\DOCUME~1\OMAYR~1.KUS\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-08 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 LockServ;LockServ; C:\Acer\Empowering Technology\eLock\LockServ.exe [2006-04-24 364544]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-04-21 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\reset.exe /s []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-19 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-04-21 362240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-12 22:56:39

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x9 -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\Setup.exe" -l0x9
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}\setup.exe" -l0x9 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Atheros Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D70DE630-0D13-4394-A15B-5ACE6CF2A18D}\Setup.exe" -l0x9 UNINSTALL
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{6FF67F80-BD1F-4142-B95A-8A0C044AA4F8}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB916089)-->"C:\WINDOWS\$NtUninstallKB916089$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Java(tm) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Malwarebytes' Anti-Malware-->"F:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Essentials-->MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skypeï¿½ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
The Hadith Software Version 1.0-->"C:\Program Files\Islamasoft Solutions\The Hadith Software\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-09-30]
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 [2009-09-30]
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) [2009-09-30]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-09-30]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html [2009-09-30]
O2 - BHO: (no name) - {AE4F4014-3BF4-4CEB-B46C-3730A2340C4E} - (no file) [2009-09-30]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2009-09-30]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html [2009-09-30]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com [2009-09-30]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ [2009-09-30]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-30]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-30]
O3 - Toolbar: (no name) - {6F4F95AF-1647-4B72-A632-055405455423} - (no file) [2009-09-30]
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2009-09-30]
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-09-30]
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2009-09-30]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-09-30]
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2009-09-30]
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2009-09-30]
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2009-09-30]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [2009-09-30]
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide [2009-09-30]
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2009-09-30]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-09-30]

======Security center information======

AV: ESET Smart Security 4.0
FW: ESET Personal firewall

======System event log======

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17179
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17178
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17177
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17176
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

Computer Name: KUSINFAMILY
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 17175
Source Name: Cdrom
Time Written: 20091003131954.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: KUSINFAMILY
Event Code: 490
Message: svchost (408) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Record Number: 20
Source Name: ESENT
Time Written: 20091001045401.000000-420
Event Type: error
User:

Computer Name: KUSINFAMILY
Event Code: 1517
Message: Windows saved user KUSINFAMILY\omayr registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 12
Source Name: Userenv
Time Written: 20091001011805.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KUSINFAMILY
Event Code: 4113
Message:
Record Number: 11
Source Name: Avira AntiVir
Time Written: 20091001003145.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KUSINFAMILY
Event Code: 4113
Message:
Record Number: 10
Source Name: Avira AntiVir
Time Written: 20091001003142.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KUSINFAMILY
Event Code: 4113
Message:
Record Number: 9
Source Name: Avira AntiVir
Time Written: 20091001003136.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

guestolo · « **Reply #9 on:** October 12, 2009, 11:09:53 AM »

Are you still experiencing any problems with this computer?
Can I also have you open MalwareBytes AntiMalware
Check for updates, then run another quick scan
Remove anything if found and post it's log

wedzmer · « **Reply #10 on:** October 13, 2009, 11:35:35 AM »

[quote name=\'guestolo\' post=\'465662\' date=\'Oct 12 2009, 11:09 AM\']Are you still experiencing any problems with this computer?[/quote]

These are the problems I'm still encountering in this PC.

1. After I did what you asked me last night... About Running the Random System Information Tool (RSIT), my PC rebooted twice today. Once later this morning when I turned it on, after I used it for a few minutes, it just rebooted by itself without me doing anything to it. And it happened again later tonight before I replied here in your message. I don't know what's wrong with it. I just followed your instructions thoroughly.

2. I'm still bugged with the same problem every time I turn off my PC. The pop-ups of PROGRAM NOT RESPONDING is still there even though I did unstill the other anti-virus I'm using. And I forgot to tell you that even before when I was still using 1 anti-virus (AVIRA), I was already experiencing this problem. And it just continued until I installed another one (ESET).

[quote name=\'guestolo\' post=\'465662\' date=\'Oct 12 2009, 11:09 AM\']Can I also have you open MalwareBytes AntiMalware
Check for updates, then run another quick scan
Remove anything if found and post it's log[/quote]

Here's the LOG it showed up:

Code: [Select]

Malwarebytes' Anti-Malware 1.41
Database version: 2954
Windows 5.1.2600 Service Pack 2

10/14/2009 12:29:45 AM
mbam-log-2009-10-14 (00-29-45).txt

Scan type: Quick Scan
Objects scanned: 101187
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

No detections were found.. But still, problems aren't totally fixed..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #11 on:** October 13, 2009, 09:47:41 PM »

Quote

The pop-ups of PROGRAM NOT RESPONDING is still there even though I did unstill the other anti-virus I'm using.

Please keep me informed of What programs are not responding
Sometimes things have a way of fixing themselves, and a new problem arises
So please keep me updated

wedzmer · « **Reply #12 on:** October 14, 2009, 10:19:35 AM »

[quote name=\'guestolo\' post=\'465690\' date=\'Oct 13 2009, 09:47 PM\']Please keep me informed of What programs are not responding
Sometimes things have a way of fixing themselves, and a new problem arises
So please keep me updated[/quote]

It has 6 different pop-ups before it shuts down and I can't memorize it all, but here's some of the few that shows in the pop-up that aren't responding.

1. LockMon.exe
2. explorer.exe
3. Realtek HD Audio Manager

still have 3 more that I forgot.. but if I turn it off right now.. I'll try to post there names as well.

And another thing, about my first post in this thread, the one with images regarding the Tune Up Utilities, it's not yet fixed.. Can you help me figure that out?

guestolo · « **Reply #13 on:** October 14, 2009, 09:17:53 PM »

Quote

And another thing, about my first post in this thread, the one with images regarding the Tune Up Utilities, it's not yet fixed.. Can you help me figure that out?

I don't use those utilities, but I'll interpet best I can
First image: It gives no info, so I have no report
Second Image: Recommends more System Memory, this is hardware, do you want to update your memory?
Third Image: Not to worry, I don't recommend always cleaning your Prefetch folder
But occassionally will not hurt, That folder will be repopulated after a few restarts and opening of programs
Don't let it alarm you

I'm not a big fan of TuneUp utilitities if it includes a registry cleaner that is not used properly
Does it have one built in?

Quote

1. After I did what you asked me last night... About Running the Random System Information Tool (RSIT), my PC rebooted twice today. Once later this morning when I turned it on, after I used it for a few minutes, it just rebooted by itself without me doing anything to it. And it happened again later tonight before I replied here in your message. I don't know what's wrong with it. I just followed your instructions thoroughly.

RSIT.exe doesn't fix anything, it just creates a report of what is running on your system
When was the last time you opened up the side cover of your computer, when it's shut down totally and cleaned it out, is it clean inside the box?

Can you also do the following
Sysprot Antirootkit
Please download [color=\"#0000FF\"]Sysprot Antirootki[/color]t from the linik
and save to your Desktop

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

wedzmer · « **Reply #14 on:** October 16, 2009, 10:58:13 AM »

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']Second Image: Recommends more System Memory, this is hardware, do you want to update your memory?[/quote]
can i update my memory without reformatting or installing new (external) mem?

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']I'm not a big fan of TuneUp utilitities if it includes a registry cleaner that is not used properly
Does it have one built in?[/quote]
Yes, why?

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']When was the last time you opened up the side cover of your computer, when it's shut down totally and cleaned it out, is it clean inside the box?[/quote]

I'm using a laptop, I don't open anything inside it.. I haven't even touched the screws

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

[quote name=\'guestolo\' post=\'465721\' date=\'Oct 14 2009, 09:17 PM\']Can you also do the following
Sysprot Antirootkit
Please download [color=\"#0000ff\"]Sysprot Antirootki[/color]t from the linik
and save to your Desktop

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

[/quote]

Here's the log.txt it created...

I uploaded it...

And another thing... I noticed that my pc has been making a lot of weird things.. Like for example, for the last two days, when I turn it off, I click on shut down, but, it restarts by itself. I'm pretty sure I clicked SHUT DOWN. It happened twice already. The last time was awhile ago.

guestolo · « **Reply #15 on:** October 17, 2009, 02:12:11 PM »

Quote

Can i update my memory without reformatting or installing new (external) mem?

Yes, what is the Exact Make/model of your laptop

Sometimes, not always, registry cleaners can do more harm than good

Quote

I'm using a laptop, I don't open anything inside it.. I haven't even touched the screws

Are all the vents on the sides and bottom of laptop clear of dust and debris
Just trying to eliminate a Heat issue

Can you also do the following,
Right click on MyComputer>>Left click Properties
Open the ADVANCED tab>>click on Settings under "Startup and Recovery"
Untick "Automatically Restart" under 'system failure'
OK out of there

Maybe next time, instead of the computer restarting it may Blue Screen
and you can take note of the Exact error message and post it back here

In addition, can you open OTL.txt again
Ensure that "Use Safelist" is checked under EXTRA REGISTRY
Then run a Scan again and post the logs back here

wedzmer · « **Reply #16 on:** October 21, 2009, 10:40:39 AM »

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Yes, what is the Exact Make/model of your laptop

Sometimes, not always, registry cleaners can do more harm than good[/quote]

The one below the monitor of my laptop says that it's Acer TravelMate 2450 but the sticker says Acer TravelMate 2451WLMi
I hope the two answers I gave you wouldn't make much difference.

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Are all the vents on the sides and bottom of laptop clear of dust and debris
Just trying to eliminate a Heat issue[/quote]

I just opened my laptop this morning..lol
Damn it was so dusty.. I just hope it would somehow sooth up the process....

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Can you also do the following,
Right click on MyComputer>>Left click Properties
Open the ADVANCED tab>>click on Settings under "Startup and Recovery"
Untick "Automatically Restart" under 'system failure'
OK out of there[/quote]

Done doing that...

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']Maybe next time, instead of the computer restarting it may Blue Screen
and you can take note of the Exact error message and post it back here[/quote]

It happens so fast.. not about 2 seconds longer.

[quote name=\'guestolo\' post=\'465762\' date=\'Oct 17 2009, 02:12 PM\']In addition, can you open OTL.txt again
Ensure that "Use Safelist" is checked under EXTRA REGISTRY
Then run a Scan again and post the logs back here[/quote]

I have uploaded both logs in this post.. Hope you'd check 'em out too..

Thanx for the continued help sir!

guestolo · « **Reply #17 on:** October 21, 2009, 11:29:18 PM »

Quote

I just opened my laptop this morning..lol
Damn it was so dusty.. I just hope it would somehow sooth up the process....

I'm not sure what you mean by that, you open the inside of the laptop and found it really dusty
Did you clean it with a can of compressed air?

Quote

It happens so fast.. not about 2 seconds longer.

Yes, but if you set Windows to not Automatically restart, it won't restart and freeze on the Blue Screen so you may be able to take note of an error message

wedzmer · « **Reply #18 on:** October 25, 2009, 10:36:08 AM »

[quote name=\'guestolo\' post=\'465868\' date=\'Oct 21 2009, 11:29 PM\']Yes, but if you set Windows to not Automatically restart, it won't restart and freeze on the Blue Screen so you may be able to take note of an error message[/quote]

I already did that.. but still, i'm experiencing the same problem..

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

how do i actually use that recovery console you asked me to install?

guestolo · « **Reply #19 on:** October 25, 2009, 01:28:41 PM »

Since I'm getting confused with both computers you have logs for
Can I have you do the following
Keep in mind, anything to do with the Work PC, keep all responses to that topic
Anything to do with this home Pc
Keep responses here

You should have a copy of ComboFix on your desktop of this home computer
Delete it
ReDownload ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

News:

Author Topic: Multiple PC Issues (Read 3510 times)