0

Hi, SUPERAntiSpyware Professional keeps finding this trojan "Trojan.Smitfraud Variant-Gen/PP" virus and every time I remove it and restart the pc it keeps coming back. I also tried runing SAS as administrator but still after it removes the trojan, it comes back after restard. MBAM doesn't find anything thou.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:14 PM, on 9/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.77\aaCenter.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tildes Biuras - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files (x86)\Tildes Biuras\IEjosla.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Tildes Biuras - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files (x86)\Tildes Biuras\IEjosla.dll
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [DicBrowser] C:\Program Files (x86)\Tildes Biuras\DicBrowser.exe /startup
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Translate with Tilde Dictionary - res://C:\Program Files (x86)\Tildes Biuras\DicBrowserBHO.dll/201
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.measureup.com/testauth/icaweb.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10318 bytes

MBMA Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2766
Windows 6.0.6001 Service Pack 1

9/9/2009 10:54:19 PM
mbam-log-2009-09-09 (22-54-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 265008
Time elapsed: 49 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


SUPERAntiSpyware Professional Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/09/2009 at 10:45 PM

Application Version : 4.28.1010

Core Rules Database Version : 4091
Trace Rules Database Version: 2031

Scan type : Complete Scan
Total Scan Time : 00:41:38

Memory items scanned : 463
Memory threats detected : 0
Registry items scanned : 5857
Registry threats detected : 4
File items scanned : 36614
File threats detected : 0

Trojan.Smitfraud Variant-Gen/PP
HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid
HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid32
HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib

4
Contributors
68
Replies
69
Views
8 Years
Discussion Span
Last Post by g3nX
0

Hi welcome to Daniweb,
Please download SmitfraudFix
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

0

Ok here is the log, im not sure if it's the full log because once i pressed 1 and enter the program disappeared and made a log in C:\rapport.txt

SmitFraudFix v2.423

Scan done at 22:34:01.99, Thu 09/10/2009
Run from C:\Users\0wner\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AASP\1.00.77\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\0wner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\0WNER~1\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\0wner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\0WNER~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files (x86)

0

The log is correct, but it doesn't show a smitfraud infection anywhere.
Have you tried running SAS in Safe Mode to see if it would remove the files that way?
I have checked throughout their website and have seen these same files noted, though never as Smitfraud. I found no fixes on there either.
Try running in Safe Mode and see what happens.

0

ya I tried scaning with SAS and all the other programs in safe mode multiple times... SAS finds that infection and removes it, but after restart I do SAS scan again and the infection is there again! :(

0

Are you running a Vista 32bit or 64bit system?

What Vista edition are you running?

Windows Vista Home Basic
Windows Vista Home Premium
Windows Vista Business
Windows Vista Ultimate

How long have you had this version of SAS on your system. When did you purchase the program? Did you download it directly from the SAS website?
From what I have found on their forum there have been many problems with actually the last two versions of SAS PRO

Edited by jholland1964: n/a

0

I am using Windows Vista Ultimate 64bit and been using SAS for around 6 months. Got it from their website. In begining of this week I updated to the latest version. The previous version also detected that infection.

0

I am using Windows Vista Ultimate 64bit and been using SAS for around 6 months. Got it from their website. In begining of this week I updated to the latest version. The previous version also detected that infection.

If you will note I said that according to many posts on SAS website there have been many people with various types of difficulties with both of these versions.
Now according to recommendations found on their website it is recommended that a total uninstall of SAS be done, using their Uninstall tool
http://www.superantispyware.com/downloads/SASUNINST.EXE
After this is done then they recommend that a completely new copy of SAS be downloaded and installed from their website and then see if the problems happen again. If so, then really I would recommend that you contact SAS for assistance with this, especially since you have the paid version and you should be able to receive support from them.
I cannot say positively that you do not have this trojan on the system but since none of the other programs detect them then it could be that this is a false positive, especially since the tool designed specifically to detect a Smitfraud infection, Smitfraudfix, did not detect it on your system either.

You can also request help from SAS HERE

Edited by jholland1964: n/a

0

I see. I will try uninstalling SAS and getting a fresh copy from them. What about MBMA, it keeps popping up that its blocking infected IPs like every minute ?
By the way, I heard that smitfraud fix doesn't work on 64bit computers. Is that true?

Edited by g3nX: n/a

0

Also, someone recommended to run RSIT (random's system information tool)
Here are the logs:
log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by ¤0wner at 2009-09-11 13:15:48
Microsoft® Windows Vista™ Ultimate  Service Pack 1
System drive C: has 47 GB (33%) free of 143 GB
Total RAM: 6134 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:49, on 9/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.77\aaCenter.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\¤0wner\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\¤0wner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tildes Biuras - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files (x86)\Tildes Biuras\IEjosla.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Tildes Biuras - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files (x86)\Tildes Biuras\IEjosla.dll
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Translate with Tilde Dictionary - res://C:\Program Files (x86)\Tildes Biuras\DicBrowserBHO.dll/201
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix: 
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - [url]http://www.measureup.com/testauth/icaweb.cab[/url]
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - [url]http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10342 bytes

======Scheduled tasks folder======

C:\Windows\tasks\SmartDefrag.job
C:\Windows\tasks\User_Feed_Synchronization-{AEFD2DFF-6E9E-4138-BF94-F4A09C6BA9FE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E6700F0-0F85-40fd-8022-7EB60AB46F10}]
Tildes Biuras - C:\Program Files (x86)\Tildes Biuras\IEjosla.dll [2009-02-05 534776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-09-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{1E6700F0-0F85-40fd-8022-7EB60AB46F10} - Tildes Biuras - C:\Program Files (x86)\Tildes Biuras\IEjosla.dll [2009-02-05 534776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TurboV"=C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [2008-10-21 4040192]
"Ai Nap"=C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [2008-05-26 1423360]
"QFan Help"=C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up help"=C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
""= []
"CTxfiHlp"=C:\Windows\system32\CTXFIHLP.EXE [2009-06-04 25600]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-09-10 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2009-09-04 288560]
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-09-04 1994480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-09-11 13:15:48 ----D---- C:\rsit
2009-09-10 22:32:38 ----A---- C:\Windows\system32\tmp.txt
2009-09-10 22:32:37 ----A---- C:\rapport.txt
2009-09-10 22:32:30 ----A---- C:\Windows\system32\WS2Fix.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\VCCLSID.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\VACFix.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\o4Patch.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\IEDFix.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-09-10 22:32:30 ----A---- C:\Windows\system32\404Fix.exe
2009-09-10 22:32:29 ----A---- C:\Windows\system32\swxcacls.exe
2009-09-10 22:32:29 ----A---- C:\Windows\system32\swsc.exe
2009-09-10 22:32:29 ----A---- C:\Windows\system32\swreg.exe
2009-09-10 22:32:29 ----A---- C:\Windows\system32\SrchSTS.exe
2009-09-10 22:32:29 ----A---- C:\Windows\system32\Process.exe
2009-09-10 22:32:29 ----A---- C:\Windows\system32\dumphive.exe
2009-09-10 22:12:21 ----A---- C:\Windows\system32\javaws.exe
2009-09-10 22:12:21 ----A---- C:\Windows\system32\javaw.exe
2009-09-10 22:12:21 ----A---- C:\Windows\system32\java.exe
2009-09-10 22:03:16 ----D---- C:\Program Files (x86)\Xilisoft
2009-09-09 22:23:13 ----D---- C:\Program Files (x86)\Trend Micro
2009-09-09 16:09:07 ----A---- C:\Windows\system32\tzres.dll
2009-09-09 16:07:36 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 16:07:36 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 16:07:36 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 16:07:36 ----A---- C:\Windows\system32\finger.exe
2009-09-09 16:07:36 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 16:07:35 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 16:07:35 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 16:07:35 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 16:07:35 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 16:07:23 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 16:07:22 ----A---- C:\Windows\system32\mf.dll
2009-09-09 16:07:20 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 16:07:20 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 16:07:20 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 16:07:19 ----A---- C:\Windows\system32\jscript.dll
2009-09-07 12:50:28 ----D---- C:\Users\¤0wner\AppData\Roaming\Malwarebytes
2009-09-07 12:50:24 ----D---- C:\ProgramData\Malwarebytes
2009-09-07 12:50:24 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-09-06 19:12:26 ----D---- C:\Program Files (x86)\FairUse Wizard 2
2009-08-13 22:48:59 ----A---- C:\Windows\system32\wdigest.dll
2009-08-13 22:48:59 ----A---- C:\Windows\system32\secur32.dll
2009-08-13 22:48:59 ----A---- C:\Windows\system32\schannel.dll
2009-08-13 22:48:59 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-13 22:48:59 ----A---- C:\Windows\system32\kerberos.dll
2009-08-13 22:48:58 ----A---- C:\Windows\system32\atl.dll
2009-08-13 22:48:56 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 22:48:46 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 22:48:45 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 22:48:45 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 22:48:44 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-13 22:48:44 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 22:48:42 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 19:14:32 ----D---- C:\Program Files (x86)\DAEMON Tools Toolbar
2009-08-12 19:14:31 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2009-08-12 18:21:37 ----D---- C:\Program Files (x86)\FileHippo.com

======List of files/folders modified in the last 1 months======

2009-09-11 13:15:49 ----D---- C:\Windows\Prefetch
2009-09-11 13:15:48 ----D---- C:\Windows\Temp
2009-09-11 13:15:30 ----D---- C:\Users\¤0wner\AppData\Roaming\uTorrent
2009-09-11 13:05:56 ----D---- C:\Users\¤0wner\AppData\Roaming\Skype
2009-09-11 13:05:54 ----D---- C:\Users\¤0wner\AppData\Roaming\skypePM
2009-09-11 13:05:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-09-11 12:24:59 ----SHD---- C:\System Volume Information
2009-09-11 09:00:21 ----D---- C:\Windows\System32
2009-09-11 09:00:21 ----D---- C:\Windows\inf
2009-09-11 08:53:47 ----SHD---- C:\Windows\Installer
2009-09-11 08:53:42 ----D---- C:\ProgramData\VMware
2009-09-11 08:53:10 ----D---- C:\Windows
2009-09-10 22:34:03 ----D---- C:\Windows\SysWOW64
2009-09-10 22:12:17 ----A---- C:\Windows\system32\deploytk.dll
2009-09-10 22:03:16 ----RD---- C:\Program Files (x86)
2009-09-10 13:29:12 ----D---- C:\Users\¤0wner\AppData\Roaming\vlc
2009-09-09 20:15:14 ----D---- C:\Windows\rescache
2009-09-09 16:21:25 ----D---- C:\Windows\Debug
2009-09-09 16:17:24 ----D---- C:\Windows\system32\en-US
2009-09-09 16:17:24 ----D---- C:\Windows\ehome
2009-09-09 16:17:24 ----D---- C:\Program Files (x86)\Internet Explorer
2009-09-09 16:09:29 ----D---- C:\Windows\winsxs
2009-09-09 15:53:37 ----D---- C:\Users\¤0wner\AppData\Roaming\SUPERAntiSpyware.com
2009-09-09 15:53:37 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-09-09 15:53:24 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-09-08 15:13:14 ----D---- C:\Program Files (x86)\Steam
2009-09-08 14:53:28 ----D---- C:\Program Files (x86)\mIRC
2009-09-07 12:50:25 ----D---- C:\Windows\system32\drivers
2009-09-07 12:50:24 ----HD---- C:\ProgramData
2009-09-07 12:07:35 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-09-06 21:41:03 ----D---- C:\Users\¤0wner\AppData\Roaming\dvdcss
2009-09-05 17:56:49 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-09-05 04:31:34 ----D---- C:\Users\¤0wner\AppData\Roaming\Orbit
2009-09-05 04:26:42 ----D---- C:\downloads
2009-09-04 16:42:46 ----D---- C:\Program Files (x86)\Opera
2009-08-17 22:50:17 ----D---- C:\Users\¤0wner\AppData\Roaming\Canon
2009-08-17 20:46:12 ----D---- C:\Program Files (x86)\uTorrent
2009-08-13 22:49:29 ----D---- C:\Program Files (x86)\Windows Media Player
2009-08-13 18:20:50 ----D---- C:\Users\¤0wner\AppData\Roaming\VMware
2009-08-12 19:15:18 ----D---- C:\Users\¤0wner\AppData\Roaming\DAEMON Tools Lite
2009-08-12 18:27:48 ----RD---- C:\Program Files (x86)\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []
R2 vmci;VMware vmci; \??\C:\Windows\system32\drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [2008-10-02 32816]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS []
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys []
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys []
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS []
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS []
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys []
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys []
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys []
R3 Razerlow;Razer Pro|Solutions; C:\Windows\system32\drivers\Razerlow.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RivaTuner64;RivaTuner64; \??\C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-03-27 19952]
R3 SaiH8000;SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]
S3 a7nbfonq;a7nbfonq; C:\Windows\system32\drivers\a7nbfonq.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS []
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS []
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ENTECH64;ENTECH64; \??\C:\Windows\system32\DRIVERS\ENTECH64.sys []
S3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-02-06 727720]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-08-03 232720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-04-10 66872]
R2 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe [2009-06-21 181312]
R2 TVersityMediaServer;TVersityMediaServer; C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe [2009-05-18 880640]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-10-28 326192]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-10-28 399920]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-07-21 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-07-21 79360]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 23296]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-04-03 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-03 655624]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-09-04 316664]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S4 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-07-13 542496]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe [2008-05-20 255000]
S4 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-05-20 187928]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
S4 ufad-ws60;VMware Agent Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [2008-10-02 191024]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2008-10-28 113200]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-09-11 13:15:50

======Uninstall list======

-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{12321490-F573-4815-B6CC-7ABEF18C9AC4}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9  /remove
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files (x86)\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9 
AIM 6-->C:\Program Files (x86)\AIM6\uninst.exe
Anglonas-->MsiExec.exe /I{A89D4ADB-754D-4A93-B612-F596D02EBA93}
ApexDC++ 1.2.1-->C:\Program Files (x86)\ApexDC++\uninst.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 
Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
CanoScan Toolbox Ver4.9-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\Setup.exe" -l0x9 anything
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Citrix Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\Windows\INF\icaweb.inf,DefaultUninstall
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240
Creative ALchemy-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{12321490-F573-4815-B6CC-7ABEF18C9AC4}\setup.exe" -l0x9  /remove
Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9  /remove
Creative Console Launcher-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9  /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9  /remove
Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
EVEREST Ultimate Edition v5.01-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FairUse Wizard 2-->"C:\Program Files (x86)\FairUse Wizard 2\un_FU-Setup_14333.exe"
Far Cry 2-->"C:\Program Files (x86)\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
FileHippo.com Update Checker-->"C:\Program Files (x86)\FileHippo.com\uninstall.exe"
HD Tune Pro 3.10-->"C:\Program Files (x86)\HD Tune Pro\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Loader-->"C:\Program Files (x86)\Loader\unins000.exe"
Logitech High Quality Video-->MsiExec.exe /X{281D28EC-1357-4778-B2D7-DEA56D70EF96}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files (x86)\mIRC\uninstall.exe _?=C:\Program Files (x86)\mIRC
Mozilla Firefox (3.5.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenAL-->"C:\Program Files (x86)\OpenAL\OALInst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{92B79901-C57D-409F-8D2F-4E5337383569}
Opera 10.00-->MsiExec.exe /X{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}
PC Probe II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9 
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photodex Presenter-->C:\Program Files (x86)\Photodex Presenter\uninst.exe
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
ProShow Gold-->C:\Program Files (x86)\Photodex\ProShowGold\uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Revo Uninstaller 1.83-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Rise of Nations-->"X:\Games)\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
RivaTuner v2.24-->"C:\Program Files (x86)\RivaTuner v2.24\uninstall.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smart Defrag 1.20-->"C:\Program Files (x86)\IObit\IObit SmartDefrag\unins000.exe"
SpeedyFox-->"C:\Program Files (x86)\Mozilla Firefox\SpeedyFox\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tildes Biuras-->MsiExec.exe /I{77029253-6C30-4DA6-9221-9FAD3B462C84}
TurboV-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A31951C5-DCD8-4DFE-A525-CFC701F54792}\setup.exe" -l0x9 
TVersity Codec Pack 1.2-->C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
TVersity Media Server  1.0.0.11 RC7-->C:\Program Files (x86)\TVersity\Media Server\uninst.exe
TVersity Media Server Pro 1.6 Beta-->C:\Program Files (x86)\TVersity\Media Server\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~2\VirtualDJ\UNWISE.EXE C:\PROGRA~2\VirtualDJ\INSTALL.LOG
VLC media player 1.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
WebZIP-->C:\Program Files (x86)\WebZIP 7\SXUNINST.EXE
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xilisoft Video Converter Ultimate-->C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\Uninstall.exe

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware

======System event log======

Computer Name: ¤0wner-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load: 
SASDIFSV
SASKUTIL
Record Number: 82255
Source Name: Service Control Manager
Time Written: 20090911125353.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 7000
Message: The SASKUTIL service failed to start due to the following error: 
This driver has been blocked from loading
Record Number: 82260
Source Name: Service Control Manager
Time Written: 20090911125353.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 7000
Message: The SASDIFSV service failed to start due to the following error: 
This driver has been blocked from loading
Record Number: 82261
Source Name: Service Control Manager
Time Written: 20090911125353.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 7000
Message: The SASENUM service failed to start due to the following error: 
This driver has been blocked from loading
Record Number: 82262
Source Name: Service Control Manager
Time Written: 20090911125353.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 82264
Source Name: Tcpip
Time Written: 20090911125351.530929-000
Event Type: Warning
User: 

=====Application event log=====

Computer Name: ¤0wner-PC
Event Code: 10010
Message: Application 'C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe' (pid 3300) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 13296
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090911020633.768530-000
Event Type: Warning
User: WIN-JC97R09I5MY\¤0wner

Computer Name: ¤0wner-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 13348
Source Name: Microsoft-Windows-WMI
Time Written: 20090911125352.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 78
Message: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Record Number: 13349
Source Name: SideBySide
Time Written: 20090911125354.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 78
Message: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero 9\Nero Recode\Recode.exe.Manifest".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Record Number: 13350
Source Name: SideBySide
Time Written: 20090911125354.000000-000
Event Type: Error
User: 

Computer Name: ¤0wner-PC
Event Code: 3036
Message: The content source <csc://{s-1-5-21-1193212922-2790356436-706694937-1000}/> cannot be accessed.

Context:  Application, SystemIndex Catalog

Details:
    The object was not found.   (0x80041201)

Record Number: 13353
Source Name: Microsoft-Windows-Search
Time Written: 20090911125448.000000-000
Event Type: Warning
User: 

=====Security event log=====

Computer Name: ¤0wner-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
    Security ID:        S-1-5-18
    Account Name:       WIN-JC97R09I5MY$
    Account Domain:     WORKGROUP
    Logon ID:       0x3e7

Process:
    Process ID: 0xb3c
    Process Name:   C:\Windows\System32\VSSVC.exe

Event Source:
    Source Name:    VSSAudit
    Event Source ID:    0xa9a7bc
Record Number: 23421
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090911162040.574429-000
Event Type: Audit Success
User: 

Computer Name: ¤0wner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:  \Device\HarddiskVolume1\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9_tcpip.sys_3339bd51   
Record Number: 23422
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090911170553.202229-000
Event Type: Audit Failure
User: 

Computer Name: ¤0wner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:  \Device\HarddiskVolume1\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9_tcpip.sys_3339bd51   
Record Number: 23423
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090911170553.215229-000
Event Type: Audit Failure
User: 

Computer Name: ¤0wner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:  \Device\HarddiskVolume1\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9_tcpip.sys_3339bd51   
Record Number: 23424
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090911170553.227229-000
Event Type: Audit Failure
User: 

Computer Name: ¤0wner-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:  \Device\HarddiskVolume1\Windows\winsxs\Backup\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9_tcpip.sys_3339bd51   
Record Number: 23425
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090911170553.239229-000
Event Type: Audit Failure
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=1a04
"NUMBER_OF_PROCESSORS"=8
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by mike_2000_17: Fixed formatting

0

What about MBMA, it keeps popping up that its blocking infected IPs like every minute ?

Then I would believe it. Sounds like a possible hijacker on the computer then. Are these websites you are actually trying to visit? If so, then it is easy, stop. If not then I would say your firewall isn't doing it's job either. It should just be able to block them.
But are you running a Firewall? Are you using SpywareBlaster, which is an excellent FREE tool which will also stop this type of thing. But does it in a way that is not intrusive because it doesn't run in the back ground.

By the way, I heard that smitfraud fix doesn't work on 64bit computers. Is that true?

I wondered that also and searched a long time before I had you run it. Note that I did NOT have you run in Safe Mode and do fixing. That is why. Many instructions have you skip the normal boot scan and go straight to the safe boot cleaning but I chose not to have you do that because of the conflicting answers I found concerning this.
Many site says yes AND no, depending on which page you access. Other sites say it doesn't work on Vista at all, but then the very next thread says, download and run Smitfraudfix to your Vista computer. I just knew that the scan would not harm the computer and figured it was worth a try.

EDIT: I will tell you one thing to turn off and LEAVE turned off, that is that uTorrent program until you can be certain the computer is clean. That is a superb way to become infected with many things, having that running all the time, and IT IS running all the time.
P2P file sharing is one thing we don't condone here. In fact it really is policy that we cannot condone. We WILL help clean a computer which has been infected via P2P sharing, but that is a far as we will go. But we insist that all of these programs be 100% disabled before we work with a poster using these programs.

Also, are you subscribed to RSS Feeds?

Edited by jholland1964: n/a

0

No, that's not the websites I'm trying to visit. I have a router but my firewall is not set up. I'm not using SpywareBlaster because I think that I already have enough anti-virus/spyware programs running on my computer (SAS,MBAM,Nod32). OK I turned off my uTorrent. I don't use it to pirate things, it's only for open source projects...
Anyways, I uninstalled SAS with their removal tool and reinstalled the latest version. Now I'm doing a scan again and the infections still there. And I'm not subscribed to any RSS.

Edited by g3nX: n/a

0

Did you add this to Task scheduler?

C:\Windows\tasks\User_Feed_Synchronization-{AEFD2DFF-6E9E-4138-BF94-F4A09C6BA9FE}.job

0

No, what does this do?

I don't know. I have seen several threads on several forums that this should be deleted. I wonder if this could be your problem? Honestly I don't know what it is, I could never find a definitive answer, though none said it was necessary, especially if you didn't add it yourself...check your Task Scheduler and see how often it runs.

0

I don't know, can't find it.
Oh there it is User_Feed_Synchronization-{AEFD2DFF-6E9E-4138-BF94-F4A09C6BA9FE} (Description: Updates out-of-date system feeds.) C:\Windows\system32\msfeedssync.exe
One Time - At 8:53pm on 9/11/2009 - after triggered, repeat every 5min for a duration of 03:07:00.
Daily - At 12:04 AM every day - After triggered, repeat every 5min for a duration of 1 day.

Edited by g3nX: n/a

0

Those usually are hidden files I believe
Control Panel->Folder Options->show hidden files and folders.

Start>>Search>>taskschd.msc

OR

Click Start
In the Start Search box, type task scheduler. Then, in the Programs list, click Task Scheduler.
On the View menu, click Show Hidden Tasks

If you find that one, delete it and see what happens.

Edited by jholland1964: n/a

0

I don't know, can't find it.
Oh there it is User_Feed_Synchronization-{AEFD2DFF-6E9E-4138-BF94-F4A09C6BA9FE} (Description: Updates out-of-date system feeds.) C:\Windows\system32\msfeedssync.exe
One Time - At 8:53pm on 9/11/2009 - after triggered, repeat every 5min for a duration of 03:07:00.
Daily - At 12:04 AM every day - After triggered, repeat every 5min for a duration of 1 day.

That sounds odd to me, though honestly I can't say for sure. But it certainly sounds like whatever it is doing could be your culprit for your constant warnings from MBA-M
See if you can delete it. Reboot and THEN try updating MBA-M...there IS a new version by the way since yesterday, and do a full system scan, removing everything found.
There ARE a number of trojans out there that scheduled task to constantly "call home" in order to bring in more infections. IF these are the "calls" that MBA-M is stopping then you have your culprit.

0

FYI: msfeedssync.exe is the Microsoft Feeds Synchronization task found on PCs with Internet Explorer 7 and which automatic RSS Feeds synchronization turned ON. This task starts up at the intervals specified in Internet Explorer 7 & 8 and checks for updates to your RSS feeds. This is why I asked about this earlier. It is really User preference and since you have never subscribed to any RSS feeds you can get rid of this PLUS you can turn off the automatic updating of your RSS feeds in the Internet Explorer 7 & 8 options.

Edited by jholland1964: n/a

0

FYI: msfeedssync.exe is the Microsoft Feeds Synchronization task found on PCs with Internet Explorer 7 and which automatic RSS Feeds synchronization turned ON. This task starts up at the intervals specified in Internet Explorer 7 & 8 and checks for updates to your RSS feeds. This is why I asked about this earlier. It is really User preference and since you have never subscribed to any RSS feeds you can get rid of this PLUS you can turn off the automatic updating of your RSS feeds in the Internet Explorer 7 & 8 options.

Here is how to disable that RSS Feed. It is also known to sometimes slow down IE.
Most people don't use this feature (if you don't know what it is, you aren't using it), and you can turn this off by going to:

Tools->Internet Options->Content->Feeds->Settings and then unchecking all boxes shown in my attachments:

Attachments Feed_Settings.jpg 39.99 KB IE_Internet_Options_Content.jpg 61.08 KB
0

Alright, I disabled it. Thanks for the easy instructions. So do I still have to remove User_Feed_Synchronization-{AEFD2DFF-6E9E-4138-BF94-F4A09C6BA9FE}.job from the task scheduler ?

0

Alright, I disabled it. Thanks for the easy instructions. So do I still have to remove User_Feed_Synchronization-{AEFD2DFF-6E9E-4138-BF94-F4A09C6BA9FE}.job from the task scheduler ?

Yes, I would just to be safe. After that do the MBA-Scan AND also update your SAS and do another scan with it and maybe that was the culprit. If not then we'll keep looking.
Judy

0

That's weird... I can only see that user feed synchronization from Task Status, and from there you cannot remove any tasks. When I go to Task Scheduler Library >> Microsoft >> Windows I have all the directories with different tasks and I can remove them from there, but I browsed through them couple of times and can't find the user feed synchronization. Maybe it's because I disabled it in IE ?

OK, I enabled it in IE and it appeared in Task Scheduler so I disabled there and disabled in IE again.

Edited by g3nX: n/a

0

OK, I enabled it in IE and it appeared in Task Scheduler so I disabled there and disabled in IE again.

Good job.

0
SUPERAntiSpyware Scan Log
[url]http://www.superantispyware.com[/url]

Generated 09/12/2009 at 07:41 PM

Application Version : 4.28.1010

Core Rules Database Version : 4096
Trace Rules Database Version: 2035

Scan type       : Quick Scan
Total Scan Time : 00:43:17

Memory items scanned      : 420
Memory threats detected   : 0
Registry items scanned    : 475
Registry threats detected : 4
File items scanned        : 25260
File threats detected     : 0

Trojan.Smitfraud Variant-Gen/PP
    HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
    HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid
    HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\ProxyStubClsid32
    HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}\TypeLib




Malwarebytes' Anti-Malware 1.41
Database version: 2785
Windows 6.0.6001 Service Pack 1

9/12/2009 20:33:44
mbam-log-2009-09-12 (20-33-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 264491
Time elapsed: 52 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by mike_2000_17: Fixed formatting

0

Just pull that key out manually, Judy.

PP:)

Can you explain to poster how this should be done? I am NEVER comfortable with registry fixes...as you well know!

0

Can you explain to poster how this should be done? I am NEVER comfortable with registry fixes...as you well know!

Just save the text below in NOTEPAD:

REGEDIT4
[-HKEY_CLASSES_ROOT\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}]

-- Save it to the Desktop as type "all files" and name it Fixit.reg
-- DoubleClick on Fixit.reg and allow it to merge into the registry.

That ought to do it. If it returns, something is re-creating it.

PP :)

Edited by PhilliePhan: n/a

0

Thanks PhilliePhan. I'll restart right now and do SAS scan. Lets hope it works.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.