Pc Infected With Trojan.vundo And Blue Screen

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

Pc Infected With Trojan.vundo And Blue Screen Trojan.vundo seems to be cleaned out by Malwarebytes' Anti-Malware

#1 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 17 August 2008 - 06:45 PM

Hi there,

Its been 2 days already since i tried to clean up my computer, but seems its going to dead end again. And with my work dateline coming in a few days, so i decided to post my problem here. My PC got infected by Trojan.Vundo when i try to install Viewpoint Media Player which was prompt on one free 3D model website. So i use Malwarebytes' Anti-Malware to clean up the trojan, after clean up n reboot, then i scan again n will found another 2 registry infected n clean it again. Then after that i rescanned and end up found nothing anymore.

Later i use RegCure to clean my Registry, from 1400+ errors, i down to only 80+ errors which cause by the empty key registry which shouldn't be harmfull. Then i scan with ad-aware to see if there anything else found, only tracking cookies found. then i quarantine that too.

But then, i couldn't use google.com properly and trying www.avg.com will give me my localhost page, and website like bleepingcomputer.com will give me 404 error page not found ( i'm writing this from other pc). And now i keep getting blue screen after some times....

below are my Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:07:16, on 18.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\PACIFI~1.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T2...bex/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe
O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: Viewpoint Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 16261 bytes

thanks a bunch to anyone who gonna help me with this...

and sorry for my bad english.

#2 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 18 August 2008 - 07:14 AM

After reading through this forum, i tried to use the ComboFix together with Vista Repair DVD. Seems the google thing and bleepingcomputer now viewable thru my computer and even the website such as avg.com no more redirected to my localhost address. I'm running Sunbelt Personal Firewall for the time being for additional protection eventho i'm not sure if this firewall is really reliable.

So thanks to this forum members, you guys sure are busy helping others. Appreciate it so much. THANKS AGAIN!!! :thumbsup:

Below are my latest Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:22, on 2008-08-18
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Thunderbird-Tray\TBTray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\saleiz\AppData\Roaming\Maxthon\Maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Update Helper - {25D596E9-BD03-4D4A-8310-5DF3B31E8D26} - C:\Program Files\Google\Update\1.2.121.17\GoopdateBho.dll
O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.24.3\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\PACIFI~1.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mathworksevents.webex.com/client/T2...bex/ieatgpc.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe
O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 17243 bytes

#3 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 19 August 2008 - 03:20 PM

My bad luck i guess, the pc actually not clean throughly. After scanning using Karsperky Online Scanner. I end up having 7 threat Names and 9 object infected.
This giving me headache now, with my work pending... its really frustrating.

Can someone point me how can i clean this infection without being infected again?

Below are the Karsperky Scanning Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 19, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 19, 2008 11:13:49
Records in database: 1110150
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 287052
Threat name: 7
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 04:39:28

File name / Threat name / Threats count
C:\$WINDOWS.~Q\DATA\Users\Gast\AppData\Local\Temp\$6DD71C3C.t$m Infected: not-a-virus:PSWTool.Win32.ProductKey.b 1
C:\QooBox\Quarantine\C\Windows\System32\bovqiipl.dll.vir Infected: Trojan.Win32.Monder.fxc 1
C:\QooBox\Quarantine\C\Windows\System32\tdssadw.dll.vir Infected: Trojan.Win32.Crypt.ia 1
C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\514ba913-20fac47e Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\514ba913-20fac47e Infected: Trojan.Java.ClassLoader.au 1
C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\74018dd6-752e134b Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Users\saleiz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\635543bc-77ad5a67 Infected: Trojan.Java.ClassLoader.ap 2

The selected area was scanned.

thank you.

#4 harrythook

Group: Malware Response Team
Posts: 4,151
Joined: 16-May 07
Gender:Male
Location:Philadelphia

Posted 01 September 2008 - 10:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Click OK
Now under select a target to scan:
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

If you have not downloaded HiJackThis yet:
Posted Image

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

In your reply:

Fresh HJT log
Kaspersky Online Scanner log

Thanks

Harry

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook

#5 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 01 September 2008 - 08:53 PM

Thank you very much for replying Harrythook,

Currently, problem that i still have is, i cannot change my wallpaper when i select the image from my computer. I can only change my wallpaper from browser, when the image are on my internet browser. Other than that, the icon on my windows explorer seems not showing any preview, i need to sort each time, only then the image/preview will be shown. I hope you can help me on that. Another thing, i cant add new widget on my windows sidebar ever since. I'm using vista ultimate btw.

Here are the scan log you asked for, sorry for replying late, cause the scanning took around 9 hours to finish.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 2, 2008
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 01, 2008 15:37:42
Records in database: 1173783
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 362812
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 09:25:54

No malware has been detected. The scan area is clean.

The selected area was scanned.

and below are HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:50:26, on 2008-09-02
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Thunderbird-Tray\TBTray.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\e-Document\MiRC\mIRC 6.3 + keygen\mIRC - English.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\PACIFI~1.EXE
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe
O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 17299 bytes

######

Thanks again.

This post has been edited by slumbermann: 01 September 2008 - 08:55 PM

#6 Yourhighness

The BSG Malware Fighter

Group: Malware Response Team
Posts: 7,925
Joined: 20-April 06
Gender:Male
Location:Hamburg

Posted 02 September 2008 - 05:00 AM

Hello slumbermann and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. I will take over from here. To be able to assist you properly, I would like to ask you to please download OTViewIt to your desktop.

Close all windows and double click OTViewIt
Place a tick in the Scan all Users box
In the File Age drop down box select 90 days
Click Run Scan and let the program run uninterrupted
On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image

#7 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 02 September 2008 - 10:31 AM

Thanks Yourhighness,

here are the log:

OTViewIt logfile created on: 2008-09-02 17:24:57 - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Users\saleiz\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.49% Memory free
4.00 Gb Paging File | 3.46 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.07 Gb Total Space | 10.85 Gb Free Space | 15.48% Space Free | Partition Type: NTFS
Drive D: | 31.72 Gb Total Space | 6.34 Gb Free Space | 19.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.93% Space Free | Partition Type: NTFS
Drive G: | 983.70 Mb Total Space | 37.44 Mb Free Space | 3.81% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SLUMBERMANN
Current User Name: saleiz
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[01-05-2007 09:31 PM | 00,049,152 | ---- | M] (Samsung Electronics Co., Ltd.) - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
[02-28-2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Programme\Bonjour\mDNSResponder.exe
[06-10-2008 06:53 PM | 00,468,224 | ---- | M] (ESET) - C:\Programme\ESET\ESET Smart Security\ekrn.exe
[02-15-2008 02:17 PM | 00,832,760 | ---- | M] (BinarySense, Inc.) - C:\Programme\Common Files\BinarySense\hldasvc.exe
[02-15-2008 02:17 PM | 00,832,760 | ---- | M] (BinarySense, Inc.) - C:\Programme\Common Files\BinarySense\hldasvc.exe
[04-21-2006 11:34 AM | 00,565,248 | ---- | M] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA.) - C:\iFtpSvc\iFtpSvc.exe
[04-25-2007 02:18 PM | 00,537,520 | ---- | M] ( ) - C:\Windows\System32\lxbvcoms.exe
[01-31-2007 08:29 PM | 01,135,616 | ---- | M] () - C:\Folding\smpd.exe
[12-09-2006 02:21 AM | 00,815,104 | ---- | M] (Synaptics, Inc.) - C:\Programme\Synaptics\SynTP\SynTPEnh.exe
[06-10-2008 06:52 PM | 01,447,168 | ---- | M] (ESET) - C:\Programme\ESET\ESET Smart Security\egui.exe
[06-18-2008 02:01 PM | 00,141,848 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxtray.exe
[06-18-2008 02:01 PM | 00,166,424 | ---- | M] (Intel Corporation) - C:\Windows\System32\hkcmd.exe
[06-18-2008 02:01 PM | 00,256,536 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxsrvc.exe
[06-18-2008 02:01 PM | 00,133,656 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxpers.exe
[02-09-2008 12:04 AM | 02,562,560 | ---- | M] (Tonec Inc.) - C:\Programme\Internet Download Manager\IDMan.exe
[01-25-2008 07:51 PM | 08,897,848 | ---- | M] (LowRateVoip) - C:\Programme\LowRateVoip\LowRateVoip.exe
[06-25-2008 05:01 PM | 08,929,056 | ---- | M] (Nonoh) - C:\Programme\Nonoh.net\Nonoh\nonoh.exe
[11-08-2005 10:02 PM | 00,038,912 | ---- | M] (Felix 'SniperBeamer' Geyer) - C:\Programme\Thunderbird-Tray\TBTray.exe
[02-15-2008 02:16 PM | 02,278,648 | ---- | M] (BinarySense, Inc.) - C:\Programme\BinarySense\HDDlife 3\HDDlifePro.exe
[04-24-2007 07:19 PM | 03,581,680 | ---- | M] (Stardock) - C:\Programme\Stardock\ObjectDock\ObjectDock.exe
[01-13-2007 06:29 AM | 00,495,616 | ---- | M] (SAMSUNG Electronics) - C:\Programme\Samsung\Easy Display Manager\DisplayManager.exe
[02-15-2008 02:16 PM | 02,278,648 | ---- | M] (BinarySense, Inc.) - C:\Programme\BinarySense\HDDlife 3\HDDlifePro.exe
[07-24-2008 06:46 AM | 08,496,752 | ---- | M] (Mozilla Corporation) - C:\Programme\Mozilla Thunderbird\thunderbird.exe
[06-18-2008 02:01 PM | 00,170,520 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxext.exe
[02-19-2007 04:53 PM | 00,251,576 | ---- | M] (Tonec Inc.) - C:\Programme\Internet Download Manager\IEMonitor.exe
[10-13-2007 03:12 PM | 02,380,800 | ---- | M] (mIRC Co. Ltd.) - D:\e-Document\MiRC\mIRC 6.3 + keygen\mIRC - English.exe
[12-17-2007 01:03 PM | 02,315,560 | ---- | M] (TeamViewer GmbH) - C:\Programme\TeamViewer3\TeamViewer.exe
[08-18-2008 03:02 AM | 01,089,536 | ---- | M] (www.IslamicFinder.org) - C:\Programme\Athan\Athan.exe
[08-04-2008 01:04 AM | 01,345,376 | ---- | M] (Nullsoft) - C:\Programme\Winamp\winamp.exe

===== Win32 Services - Non-Microsoft Only =====

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[05-17-2007 04:41 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Programme\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(AgereModemAudio) Agere Modem Call Progress Audio [On_Demand | Stopped]
[10-05-2006 10:10 PM | 00,009,216 | ---- | M] (Agere Systems) - C:\Windows\System32\agrsmsvc.exe

(Apache2.2) Apache2.2 [On_Demand | Stopped]
[09-05-2007 09:59 AM | 00,024,635 | ---- | M] (Apache Software Foundation) - D:\Apache\bin\httpd.exe

(Apple Mobile Device) Apple Mobile Device [On_Demand | Stopped]
[09-06-2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Auto | Running]
[02-28-2006 12:42 PM | 00,229,376 | ---- | M] (Apple Computer, Inc.) - C:\Programme\Bonjour\mDNSResponder.exe

(CertPropSvc) Zertifikatverteilung [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(CVPND) Cisco Systems, Inc. VPN Service [On_Demand | Stopped]
[04-17-2008 09:08 AM | 01,528,608 | ---- | M] (Cisco Systems, Inc.) - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

(DcomLaunch) DCOM-Server-Prozessstart [Unknown | Running]
File not found - %SystemRoot%\system32\svchost.exe

(EhttpSrv) Eset HTTP Server [On_Demand | Stopped]
[06-10-2008 06:59 PM | 00,019,200 | ---- | M] (ESET) - C:\Programme\ESET\ESET Smart Security\EHttpSrv.exe

(ekrn) Eset Service [Auto | Running]
[06-10-2008 06:53 PM | 00,468,224 | ---- | M] (ESET) - C:\Programme\ESET\ESET Smart Security\ekrn.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[06-25-2008 11:07 PM | 00,647,680 | ---- | M] (Macrovision Europe Ltd.) - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(HDDlife HDD Access service) HDDlife HDD Access service [Auto | Running]
[02-15-2008 02:17 PM | 00,832,760 | ---- | M] (BinarySense, Inc.) - C:\Programme\Common Files\BinarySense\hldasvc.exe

(idsvc) Windows CardSpace [Unknown | Stopped]
File not found - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

(iFtpSvc) Ipswitch WS_FTP Service [Auto | Running]
[04-21-2006 11:34 AM | 00,565,248 | ---- | M] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA.) - C:\iFtpSvc\iFtpSvc.exe

(lxbv_device) lxbv_device [Auto | Running]
[04-25-2007 02:18 PM | 00,537,520 | ---- | M] ( ) - C:\Windows\System32\lxbvcoms.exe

(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped]
[05-17-2007 04:51 PM | 00,068,096 | ---- | M] () - C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

(matlabserver) MATLAB Server [On_Demand | Stopped]
[07-27-2005 02:53 PM | 00,536,576 | ---- | M] () - C:\Programme\MATLAB71\webserver\bin\win32\matlabserver.exe

(mpich2_smpd) MPICH2 Process Manager, Argonne National Lab [Auto | Running]
[01-31-2007 08:29 PM | 01,135,616 | ---- | M] () - C:\Folding\smpd.exe

(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped]
[08-17-2008 12:15 PM | ---D | M] - C:\Windows\System32\Msdtc

(MySQL) MySQL [On_Demand | Stopped]
[07-06-2007 02:14 PM | 05,730,304 | ---- | M] () - D:\Apache\MySQL\bin\mysqld-nt.exe

(RichVideo) Cyberlink RichVideo Service(CRVS) [On_Demand | Stopped]
[05-14-2007 11:54 AM | 00,272,024 | ---- | M] () - C:\Programme\CyberLink\Shared Files\RichVideo.exe

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped]
[11-06-2007 10:22 PM | 00,092,792 | ---- | M] (CACE Technologies) - C:\Programme\WinPcap\rpcapd.exe

(Samsung Update Plus) Samsung Update Plus [Auto | Stopped]
[06-28-2007 06:54 PM | 00,073,728 | ---- | M] () - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe

(SbPF.Launcher) SbPF.Launcher [Disabled | Stopped]
[07-30-2008 10:36 AM | 00,095,528 | ---- | M] (Sunbelt Software, Inc.) - C:\Programme\Sunbelt Software\Personal Firewall\SbPFLnch.exe

(Schedule) Aufgabenplanung [Unknown | Running]
File not found - %SystemRoot%\System32\svchost.exe

(SCPolicySvc) Richtlinie zum Entfernen der Scmartcard [Unknown | Stopped]
File not found - %SystemRoot%\system32\svchost.exe

(SolidWorks Licensing Service) SolidWorks Licensing Service [On_Demand | Stopped]
[05-09-2008 04:33 PM | 00,079,360 | ---- | M] (SolidWorks) - C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

(SPF4) Sunbelt Personal Firewall 4 [Disabled | Stopped]
[07-30-2008 10:36 AM | 01,361,192 | ---- | M] (Sunbelt Software, Inc.) - C:\Programme\Sunbelt Software\Personal Firewall\SbPFSvc.exe

(TeamViewer) TeamViewer 3 [On_Demand | Stopped]
[12-17-2007 12:53 PM | 00,090,112 | ---- | M] () - C:\Programme\TeamViewer3\TeamViewer_Host.exe

(TrustedInstaller) Windows Modules Installer [Unknown | Stopped]
File not found - %SystemRoot%\servicing\TrustedInstaller.exe

(Viewpoint Service) Viewpoint Service [Disabled | Stopped]
File not found -

(WdiServiceHost) Diagnosediensthost [Unknown | Stopped]
File not found - %SystemRoot%\System32\svchost.exe

(WdiSystemHost) Diagnosesystemhost [Unknown | Running]
File not found - %SystemRoot%\System32\svchost.exe

===== Driver Services - Non-Microsoft Only =====

(adp94xx) adp94xx [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,422,968 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adp94xx.sys

(adpahci) adpahci [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,300,600 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpahci.sys

(adpu160m) adpu160m [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,101,432 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu160m.sys

(adpu320) adpu320 [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,149,560 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\adpu320.sys

(AgereSoftModem) Agere Systems Soft Modem [On_Demand | Running]
[11-09-2006 02:29 AM | 01,161,888 | ---- | M] (Agere Systems) - C:\Windows\System32\drivers\AGRSM.sys

(aic78xx) aic78xx [Disabled | Stopped]
[11-02-2006 11:50 AM | 00,071,272 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\djsvs.sys

(arc) arc [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,079,416 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arc.sys

(arcsas) arcsas [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,079,928 | ---- | M] (Adaptec, Inc.) - C:\Windows\System32\drivers\arcsas.sys

(BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [On_Demand | Stopped]
[11-02-2006 10:24 AM | 00,013,568 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltLo.sys

(BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [On_Demand | Stopped]
[11-02-2006 10:24 AM | 00,005,248 | ---- | M] (Brother Industries, Ltd.) - C:\Windows\System32\drivers\BrFiltUp.sys

(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Disabled | Stopped]
[11-02-2006 10:25 AM | 00,071,808 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerId.sys

(BrSerWdm) Brother WDM Serial driver [Disabled | Stopped]
[11-02-2006 10:24 AM | 00,062,336 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrSerWdm.sys

(BrUsbMdm) Brother MFC USB Fax Only Modem [Disabled | Stopped]
[11-02-2006 10:24 AM | 00,012,160 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbMdm.sys

(BrUsbSer) Brother MFC USB Serial WDM Driver [On_Demand | Stopped]
[11-02-2006 10:24 AM | 00,011,904 | ---- | M] (Brother Industries Ltd.) - C:\Windows\System32\drivers\BrUsbSer.sys

(CLFS) Common Log (CLFS) [Unknown | Running]
File not found -

(CVirtA) Cisco Systems VPN Adapter [On_Demand | Stopped]
[01-18-2007 02:28 PM | 00,005,275 | ---- | M] (Cisco Systems, Inc.) - C:\Windows\System32\drivers\CVirtA.sys

(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Auto | Running]
[04-17-2008 09:07 AM | 00,306,299 | ---- | M] (Cisco Systems, Inc.) - C:\Windows\System32\drivers\CVPNDRVA.sys

(DNE) Deterministic Network Enhancer Miniport [On_Demand | Running]
[03-29-2008 05:36 PM | 00,125,328 | ---- | M] (Deterministic Networks, Inc.) - C:\Windows\System32\drivers\dne2000.sys

(E1G60) Intel® PRO/1000 NDIS 6 Adapter Driver [On_Demand | Stopped]
[01-21-2008 04:21 AM | 00,118,784 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\E1G60I32.sys

(eamon) eamon [Auto | Running]
[06-10-2008 06:47 PM | 00,039,944 | ---- | M] (ESET) - C:\Windows\System32\drivers\eamon.sys

(easdrv) easdrv [System | Running]
[06-10-2008 06:48 PM | 00,053,256 | ---- | M] (ESET) - C:\Windows\System32\drivers\easdrv.sys

(elxstor) elxstor [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,342,584 | ---- | M] (Emulex) - C:\Windows\System32\drivers\elxstor.sys

(epfw) epfw [Auto | Running]
[06-10-2008 06:56 PM | 00,071,688 | ---- | M] (ESET) - C:\Windows\System32\drivers\epfw.sys

(Epfwndis) Eset Personal Firewall [On_Demand | Running]
[06-10-2008 06:56 PM | 00,030,728 | ---- | M] (ESET) - C:\Windows\System32\drivers\epfwndis.sys

(epfwtdi) epfwtdi [System | Running]
[06-10-2008 06:56 PM | 00,054,280 | ---- | M] (ESET) - C:\Windows\System32\drivers\epfwtdi.sys

(Hardlock) Hardlock [Auto | Running]
[11-05-2004 12:08 PM | 00,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) - C:\Windows\System32\drivers\hardlock.sys

(hotcore3) hotcore3 [Boot | Running]
[03-07-2007 01:16 PM | 00,038,448 | ---- | M] (Paragon Software Group) - C:\Windows\System32\drivers\hotcore3.sys

(iaStorV) Intel RAID Controller Vista [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,235,064 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\iaStorV.sys

(igfx) igfx [On_Demand | Running]
[06-18-2008 01:38 PM | 02,307,584 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\igdkmd32.sys

(iirsp) iirsp [Disabled | Stopped]
[11-02-2006 11:50 AM | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) - C:\Windows\System32\drivers\iirsp.sys

(IpInIp) IP in IP Tunnel Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\ipinip.sys

(iteatapi) ITEATAPI_Service_Install [Disabled | Stopped]
[11-02-2006 11:50 AM | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteatapi.sys

(iteraid) ITERAID_Service_Install [Disabled | Stopped]
[11-02-2006 11:50 AM | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) - C:\Windows\System32\drivers\iteraid.sys

(mcdbus) Driver for MagicISO SCSI Host Controller [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\mcdbus.sys

(mchInjDrv) madCodeHook DLL injection driver [System | Running]
[08-17-2008 03:55 PM | 00,002,560 | ---- | M] () - C:\Windows\System32\drivers\mchInjDrv.sys

(megasas) megasas [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,031,288 | ---- | M] (LSI Corporation) - C:\Windows\System32\drivers\megasas.sys

(MegaSR) MegaSR [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,386,616 | ---- | M] (LSI Corporation, Inc.) - C:\Windows\System32\drivers\MegaSR.sys

(NETw4v32) Intel® Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit [On_Demand | Running]
[10-31-2007 07:36 PM | 02,252,800 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\NETw4v32.sys

(nfrd960) nfrd960 [Disabled | Stopped]
[11-02-2006 11:50 AM | 00,045,160 | ---- | M] (IBM Corporation) - C:\Windows\System32\drivers\nfrd960.sys

(nhcDriverDevice) Notebook Hardware Control Driver [On_Demand | Stopped]
[08-22-2008 02:37 PM | 00,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) - C:\Windows\System32\drivers\nhcDriver.sys

(NPF) NetGroup Packet Filter Driver [Auto | Running]
[11-06-2007 10:22 PM | 00,034,064 | ---- | M] (CACE Technologies) - C:\Windows\System32\drivers\npf.sys

(ntrigdigi) N-trig HID Tablet Driver [Disabled | Stopped]
[11-02-2006 09:36 AM | 00,020,608 | ---- | M] (N-trig Innovative Technologies) - C:\Windows\System32\drivers\ntrigdigi.sys

(NwlnkFlt) IPX Traffic Filter Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkflt.sys

(NwlnkFwd) IPX Traffic Forwarder Driver [On_Demand | Stopped]
File not found - C:\Windows\System32\DRIVERS\nwlnkfwd.sys

(P1110VID) Creative WebCam NX [On_Demand | Stopped]
[04-06-2006 06:33 PM | 00,068,608 | ---- | M] (Creative Technology Ltd.) - C:\Windows\System32\drivers\P1110Vid.sys

(PCANDIS4) PCANDIS4 Protocol Driver [On_Demand | Stopped]
File not found - C:\Program Files\Ugutil\program\PCANDIS4.SYS

(rimmptsk) rimmptsk [Auto | Running]
[01-23-2007 07:18 PM | 00,039,936 | ---- | M] (REDC) - C:\Windows\System32\drivers\rimmptsk.sys

(rimsptsk) rimsptsk [Auto | Running]
[01-23-2007 04:40 PM | 00,042,496 | ---- | M] (REDC) - C:\Windows\System32\drivers\rimsptsk.sys

(rismxdp) Ricoh xD-Picture Card Driver [Auto | Running]
[01-23-2007 05:03 PM | 00,037,376 | ---- | M] (REDC) - C:\Windows\System32\drivers\rixdptsk.sys

(RTCore32) RTCore32 [On_Demand | Stopped]
[05-25-2005 10:39 AM | 00,004,608 | ---- | M] () - C:\Programme\RMClock\RTCore32.sys

(sbhips) Sunbelt HIPS Driver [System | Running]
[06-21-2008 04:54 AM | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) - C:\Windows\System32\drivers\sbhips.sys

(SCDEmu) SCDEmu [System | Running]
[03-18-2006 04:24 AM | 00,026,844 | ---- | M] (PowerISO Computing, Inc.) - C:\Windows\System32\drivers\scdemu.sys

(SiSRaid4) SiSRaid4 [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,074,808 | ---- | M] (Silicon Integrated Systems) - C:\Windows\System32\drivers\sisraid4.sys

(sptd) sptd [Boot | Stopped]
[11-29-2007 03:57 PM | 00,685,816 | ---- | M] (Duplex Secure Ltd.) - C:\Windows\System32\drivers\sptd.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[12-09-2006 02:44 AM | 00,181,304 | ---- | M] (Synaptics, Inc.) - C:\Windows\System32\drivers\SynTP.sys

(tap0801) TAP-Win32 Adapter V8 [On_Demand | Stopped]
[10-01-2006 02:37 PM | 00,026,624 | ---- | M] (The OpenVPN Project) - C:\Windows\System32\drivers\tap0801.sys

(uliahci) uliahci [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,238,648 | ---- | M] (ULi Electronics Inc.) - C:\Windows\System32\drivers\uliahci.sys

(viaide) viaide [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,020,024 | ---- | M] (VIA Technologies, Inc.) - C:\Windows\System32\drivers\viaide.sys

(vsmraid) vsmraid [Disabled | Stopped]
[01-21-2008 04:21 AM | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) - C:\Windows\System32\drivers\vsmraid.sys

({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running]
[02-01-2008 05:24 PM | 00,041,456 | ---- | M] (Cyberlink Corp.) - C:\Programme\CyberLink\PowerDVD8\000.fcl

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan" = C:\Program Files\Athan\Athan.exe [08-18-2008 03:02 AM | 01,089,536 | ---- | M] (www.IslamicFinder.org)
"DMHotKey" = C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [12-28-2006 01:45 AM | 00,466,944 | ---- | M] (SAMSUNG Electronics)
"egui" = "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [06-10-2008 06:52 PM | 01,447,168 | ---- | M] (ESET)
"HotKeysCmds" = C:\Windows\system32\hkcmd.exe [06-18-2008 02:01 PM | 00,166,424 | ---- | M] (Intel Corporation)
"IgfxTray" = C:\Windows\system32\igfxtray.exe [06-18-2008 02:01 PM | 00,141,848 | ---- | M] (Intel Corporation)
"NotebookHardwareControl" = "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet [05-04-2007 02:33 AM | 02,629,632 | ---- | M] (http://www.pbus-167.com)
"Persistence" = C:\Windows\system32\igfxpers.exe [06-18-2008 02:01 PM | 00,133,656 | ---- | M] (Intel Corporation)
"SoundMAXPnP" = C:\Program Files\Analog Devices\Core\smax4pnp.exe [01-29-2007 08:40 AM | 01,167,360 | ---- | M] (Analog Devices, Inc.)
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [12-09-2006 02:21 AM | 00,815,104 | ---- | M] (Synaptics, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan" = C:\Program Files\Internet Download Manager\IDMan.exe /onboot [02-09-2008 12:04 AM | 02,562,560 | ---- | M] (Tonec Inc.)
"LowRateVoip" = "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized [01-25-2008 07:51 PM | 08,897,848 | ---- | M] (LowRateVoip)
"Nonoh" = "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized [06-25-2008 05:01 PM | 08,929,056 | ---- | M] (Nonoh)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Key does not exist or could not be opened.
"run" = Reg Error: Key does not exist or could not be opened.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan" = C:\Program Files\Internet Download Manager\IDMan.exe /onboot [02-09-2008 12:04 AM | 02,562,560 | ---- | M] (Tonec Inc.)
"LowRateVoip" = "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized [01-25-2008 07:51 PM | 08,897,848 | ---- | M] (LowRateVoip)
"Nonoh" = "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized [06-25-2008 05:01 PM | 08,929,056 | ---- | M] (Nonoh)

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan" = C:\Program Files\Internet Download Manager\IDMan.exe /onboot [02-09-2008 12:04 AM | 02,562,560 | ---- | M] (Tonec Inc.)
"LowRateVoip" = "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized [01-25-2008 07:51 PM | 08,897,848 | ---- | M] (LowRateVoip)
"Messenger (Yahoo!)" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [05-27-2008 09:58 PM | 04,269,296 | ---- | M] (Yahoo! Inc.)
"Nonoh" = "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized [06-25-2008 05:01 PM | 08,929,056 | ---- | M] (Nonoh)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [06-29-2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [05-27-2008 09:58 PM | 04,269,296 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
HKLM CLSID: (IDMIEHlprObj Class) - [09-28-2007 05:14 PM | 00,095,664 | ---- | M] (Tonec Inc.) C:\Programme\Internet Download Manager\IDMIECC.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10-22-2006 11:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
HKLM CLSID: (Skype add-on (mastermind)) - [12-07-2007 04:08 PM | 01,377,576 | ---- | M] (Skype Technologies S.A.) C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{384de036-63c8-4f7a-bea4-2a3d957925d5}]
HKLM CLSID: (acoostic Toolbar) - [11-08-2007 01:11 PM | 01,502,232 | ---- | M] (Conduit Ltd.) C:\Programme\acoostic\tbacoo.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
HKLM CLSID: (Yahoo! IE Suggest) - [02-24-2007 01:04 AM | 00,140,840 | ---- | M] (Yahoo! Inc.) C:\Programme\Yahoo!\Search\YSearchSuggest.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [12-13-2007 12:09 AM | 00,222,448 | ---- | M] (Yahoo! Inc.) C:\Programme\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06-10-2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Programme\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
HKLM CLSID: (Google Update Helper) - [08-30-2008 02:11 AM | 00,133,616 | ---- | M] (Google Inc.) C:\Programme\Google\Update\1.2.131.11\GoopdateBho.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [10-09-2007 06:00 AM | 02,427,968 | R--- | M] (Google Germany GmbH) c:\Programme\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [05-10-2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
HKLM CLSID: (Google Gears Helper) - [08-14-2008 07:40 AM | 01,556,480 | ---- | M] (Google Inc.) C:\Programme\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
HKLM CLSID: (FlashFXP Helper for Internet Explorer) - [05-16-2007 04:48 PM | 00,191,096 | ---- | M] (IniCom Networks, Inc.) C:\Programme\FlashFXP\IEFlash.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10-09-2007 06:00 AM | 02,427,968 | R--- | M] (Google Germany GmbH) c:\Programme\Google\GoogleToolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{384de036-63c8-4f7a-bea4-2a3d957925d5}"
HKLM CLSID: (acoostic Toolbar) - [11-08-2007 01:11 PM | 01,502,232 | ---- | M] (Conduit Ltd.) C:\Programme\acoostic\tbacoo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05-10-2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10-09-2007 06:00 AM | 02,427,968 | R--- | M] (Google Germany GmbH) c:\Programme\Google\GoogleToolbar2.dll

"{384DE036-63C8-4F7A-BEA4-2A3D957925D5}"
HKLM CLSID: (acoostic Toolbar) - [11-08-2007 01:11 PM | 01,502,232 | ---- | M] (Conduit Ltd.) C:\Programme\acoostic\tbacoo.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05-10-2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10-09-2007 06:00 AM | 02,427,968 | R--- | M] (Google Germany GmbH) c:\Programme\Google\GoogleToolbar2.dll

"{384DE036-63C8-4F7A-BEA4-2A3D957925D5}"
HKLM CLSID: (acoostic Toolbar) - [11-08-2007 01:11 PM | 01,502,232 | ---- | M] (Conduit Ltd.) C:\Programme\acoostic\tbacoo.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05-10-2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [10-09-2007 06:00 AM | 02,427,968 | R--- | M] (Google Germany GmbH) c:\Programme\Google\GoogleToolbar2.dll

"{384DE036-63C8-4F7A-BEA4-2A3D957925D5}"
HKLM CLSID: (acoostic Toolbar) - [11-08-2007 01:11 PM | 01,502,232 | ---- | M] (Conduit Ltd.) C:\Programme\acoostic\tbacoo.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05-10-2007 10:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

========== AppInit_Dlls ==========

========== Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{EC654325-1273-C2A9-2B7C-45D29BCE68FB}" = Deskscapes
HKLM CLSID: (Deskscapes Class) - [09-05-2007 01:30 PM | 00,103,848 | ---- | M] (Stardock Corporation) C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll

"{EC654325-1273-C2A9-2B7C-45D29BCE68FD}" = Stardock Vista ControlPanel Extension
HKLM CLSID: (Stardock Vista ControlPanel Extension) - [08-21-2007 05:30 PM | 00,087,488 | ---- | M] (Stardock) C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll

"{EC654325-1273-C2A9-2B7C-45D29BCE68FF}" = StardockDreamController
HKLM CLSID: (StardockDreamController) - [08-21-2007 06:13 PM | 00,492,992 | ---- | M] (Stardock) C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [01-21-2008 04:22 AM | 02,927,104 | ---- | M] (Microsoft Corporation) C:\Windows\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\Windows\system32\userinit.exe" - [01-21-2008 04:22 AM | 00,025,088 | ---- | M] (Microsoft Corporation) C:\Windows\System32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04-24-2008 06:58 AM | 11,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\System32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [01-21-2008 04:22 AM | 00,242,688 | ---- | M] (Microsoft Corporation) C:\Windows\System32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\Windows\System32\igfxdev.dll [06-18-2008 01:18 PM | 00,204,800 | ---- | M] (Intel Corporation)

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0
"NoFolderOptions" = 0
"NoSimpleStartMenu" = 0
"NoCDBurning" = 0
"NoComputersNearMe" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"NoActiveDesktopChanges" = [binary data]
"NoActiveDesktop" = 0
"NoSaveSettings" = 0
"ClassicShell" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin" = 2
"ConsentPromptBehaviorUser" = 1
"EnableInstallerDetection" = 1
"EnableSecureUIAPaths" = 1
"EnableVirtualization" = 1
"PromptOnSecureDesktop" = 1
"ValidateAdminCodeSignatures" = 0
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"FilterAdministratorToken" = 0
"EnableUIADesktopToggle" = 0
"NoHotStart" = 0
"DisableRegistryTools" = 0
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"EnableLUA" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT" = 1
"CF_BITMAP" = 2
"CF_OEMTEXT" = 7
"CF_DIB" = 8
"CF_PALETTE" = 9
"CF_UNICODETEXT" = 13
"CF_DIBV5" = 17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0
"NoActiveDesktopChanges" = [binary data]
"NoActiveDesktop" = 0
"NoSaveSettings" = 0
"ClassicShell" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"disableregistrytools" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0
"NoDispCPL" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0
"NoActiveDesktopChanges" = [binary data]
"NoActiveDesktop" = 0
"NoSaveSettings" = 0
"ClassicShell" = 0

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"disableregistrytools" = 0
"NoDispBackgroundPage" = 0
"NoDispScrSavPage" = 0
"NoDispCPL" = 0

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NoDrives" = 0

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"disableregistrytools" = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"startup" = 2

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[09-18-2006 11:43 PM | 00,000,024 | ---- | M] () C:\autoexec.bat [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0808496a-7c12-11dc-b9f1-001377480aaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0808499e-7c12-11dc-b9f1-001377480aaf}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2d63aa-5962-11dd-8b25-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2d63b3-5962-11dd-8b25-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2d63bd-5962-11dd-8b25-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2d63c6-5962-11dd-8b25-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bdb4090-479f-11dd-aa5c-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bdb4093-479f-11dd-aa5c-0002787436b3}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39a6ed04-5b21-11dd-ba5e-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f1f9482-5330-11dd-af1b-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a374493-3dcd-11dd-beb1-00059a3c7800}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cbee6e0-9455-11dc-9c60-00059a3c7800}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad96d620-5ff0-11dd-83a8-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad96d623-5ff0-11dd-83a8-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad96d626-5ff0-11dd-83a8-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3063805-0646-11dd-9cad-0002787436b3}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2377ded-66d7-11dd-9199-0002787436b3}\Shell]
"" = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4DA1D329-BCE5-4935-816A-F7DE1078E9BF}]
Servers: | Description: Intel® PRO/Wireless 3945ABG Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A0A4A959-D146-4007-BA69-DAD6C34BF070}]
Servers: | Description: Broadcom 440x 10/100 Integrated Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{A499D37A-14F9-432B-A052-6089364B58C8}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B246301B-3896-4870-A87F-A8873EA897B8}]
Servers: | Description:

========== Hosts File ==========

HOSTS File = (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== Files/Folders - Created Within 90 days ==========

[06-08-2008 01:56 PM | 00,000,232 | -H-- | C] () - C:\sqmdata00.sqm
[06-08-2008 01:56 PM | 00,000,244 | -H-- | C] () - C:\sqmnoopt00.sqm
[06-09-2008 06:03 PM | ---D | C] - C:\RIDE
[06-13-2008 10:22 PM | ---D | C] - C:\Internet
[07-09-2008 02:18 AM | -H-D | C] - C:\$INPLACE.~TR
[07-09-2008 02:36 AM | -H-D | C] - C:\$WINDOWS.~Q
[07-09-2008 08:09 AM | 00,171,136 | RHS- | C] () - C:\grldr
[07-11-2008 01:42 PM | -H-D | C] - C:\pg_drivers
[08-16-2008 01:28 PM | ---D | C] - C:\eDrawings
[08-18-2008 11:58 PM | ---D | C] - C:\ComboFix
[08-18-2008 12:05 AM | ---D | C] - C:\$WINDOWS.~BT
[08-20-2008 12:15 AM | 26,740,57216 | -HS- | C] () - C:\hiberfil.sys
[08-21-2008 12:26 AM | ---D | C] - C:\Solidworks Data
[06-10-2008 06:47 PM | 00,039,944 | ---- | C] (ESET) - C:\Windows\System32\drivers\eamon.sys
[06-10-2008 06:48 PM | 00,053,256 | ---- | C] (ESET) - C:\Windows\System32\drivers\easdrv.sys
[06-10-2008 06:56 PM | 00,030,728 | ---- | C] (ESET) - C:\Windows\System32\drivers\epfwndis.sys
[06-10-2008 06:56 PM | 00,054,280 | ---- | C] (ESET) - C:\Windows\System32\drivers\epfwtdi.sys
[06-10-2008 06:56 PM | 00,071,688 | ---- | C] (ESET) - C:\Windows\System32\drivers\epfw.sys
[06-18-2008 01:38 PM | 02,307,584 | ---- | C] (Intel Corporation) - C:\Windows\System32\drivers\igdkmd32.sys
[06-21-2008 04:54 AM | 00,066,600 | R--- | C] (Sunbelt Software, Inc.) - C:\Windows\System32\drivers\sbhips.sys
[07-05-2008 08:47 PM | 00,002,560 | ---- | C] () - C:\Windows\System32\drivers\mchInjDrv.sys
[07-09-2008 02:09 AM | 00,000,000 | -H-- | C] () - C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[07-09-2008 02:52 AM | 00,005,275 | ---- | C] (Cisco Systems, Inc.) - C:\Windows\System32\drivers\CVirtA.sys
[07-09-2008 02:52 AM | 00,037,376 | ---- | C] (REDC) - C:\Windows\System32\drivers\rixdptsk.sys
[07-09-2008 02:52 AM | 00,039,936 | ---- | C] (REDC) - C:\Windows\System32\drivers\rimmptsk.sys
[07-09-2008 02:52 AM | 00,042,496 | ---- | C] (REDC) - C:\Windows\System32\drivers\rimsptsk.sys
[07-09-2008 02:52 AM | 00,181,304 | ---- | C] (Synaptics, Inc.) - C:\Windows\System32\drivers\SynTP.sys
[07-09-2008 02:52 AM | 01,161,888 | ---- | C] (Agere Systems) - C:\Windows\System32\drivers\AGRSM.sys
[07-09-2008 02:53 AM | 00,004,216 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\drivers\P1110Stb.sys
[07-09-2008 02:53 AM | 00,068,608 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\drivers\P1110Vid.sys
[07-09-2008 02:53 AM | 02,252,800 | ---- | C] (Intel Corporation) - C:\Windows\System32\drivers\NETw4v32.sys
[07-14-2008 02:02 PM | 00,125,328 | ---- | C] (Deterministic Networks, Inc.) - C:\Windows\System32\drivers\dne2000.sys
[06-11-2008 09:18 PM | 00,036,352 | ---- | C] () - C:\Windows\System32\SX32W.DLL
[06-11-2008 09:18 PM | 00,135,680 | ---- | C] (Sampson Multimedia ®) - C:\Windows\System32\crypto32.dll
[06-15-2008 08:57 PM | 00,001,678 | ---- | C] () - C:\Windows\System32\Ahmbed.gz
[06-18-2008 01:18 PM | 00,135,168 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxdo.dll
[06-18-2008 01:18 PM | 00,172,032 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrenu.lrc
[06-18-2008 01:19 PM | 00,069,632 | ---- | C] (Intel Corporation) - C:\Windows\System32\oemdspif.dll
[06-18-2008 01:19 PM | 00,122,880 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxcpl.cpl
[06-18-2008 01:22 PM | 00,110,592 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrcht.lrc
[06-18-2008 01:22 PM | 00,114,688 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrchs.lrc
[06-18-2008 01:22 PM | 00,126,976 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrkor.lrc
[06-18-2008 01:22 PM | 00,131,072 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrjpn.lrc
[06-18-2008 01:22 PM | 00,155,648 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrheb.lrc
[06-18-2008 01:22 PM | 00,159,744 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrara.lrc
[06-18-2008 01:22 PM | 00,163,840 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrtha.lrc
[06-18-2008 01:22 PM | 00,172,032 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrslv.lrc
[06-18-2008 01:22 PM | 00,172,032 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrtrk.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrcsy.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrdan.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrfin.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrnor.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrsky.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrsve.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrplk.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrptb.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrptg.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrrus.lrc
[06-18-2008 01:22 PM | 00,184,320 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrfra.lrc
[06-18-2008 01:22 PM | 00,184,320 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrhun.lrc
[06-18-2008 01:22 PM | 00,188,416 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxresp.lrc
[06-18-2008 01:22 PM | 00,188,416 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrita.lrc
[06-18-2008 01:22 PM | 00,188,416 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrnld.lrc
[06-18-2008 01:22 PM | 00,192,512 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxrell.lrc
[06-18-2008 01:51 PM | 00,147,456 | ---- | C] () - C:\Windows\System32\igfxCoIn_v1504.dll
[06-18-2008 02:01 PM | 00,170,520 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxzoom.exe
[06-18-2008 02:01 PM | 00,539,160 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxcfg.exe
[06-18-2008 02:56 PM | 00,032,912 | ---- | C] () - C:\Windows\System32\iglhxs32.vp
[06-21-2008 02:06 PM | ---D | C] - C:\Windows\System32\Adobe
[07-04-2008 02:31 AM | ---D | C] - C:\Windows\System32\conlib
[07-09-2008 02:13 AM | ---D | C] - C:\Windows\System32\URTTEMP
[07-09-2008 02:52 AM | 00,009,216 | ---- | C] (Agere Systems) - C:\Windows\System32\agrsmsvc.exe
[07-09-2008 02:52 AM | 00,013,312 | ---- | C] (Agere Systems) - C:\Windows\System32\agrscoin.dll
[07-09-2008 02:52 AM | 00,016,480 | ---- | C] () - C:\Windows\System32\rixdicon.dll
[07-09-2008 02:52 AM | 00,024,576 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxexps.dll
[07-09-2008 02:52 AM | 00,048,640 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxsrvc.dll
[07-09-2008 02:52 AM | 00,055,296 | ---- | C] (SRS Labs, Inc.) - C:\Windows\System32\srs_apo_suite.dll
[07-09-2008 02:52 AM | 00,067,072 | ---- | C] (SRS Labs, Inc.) - C:\Windows\System32\SRS_APO_Prop_Page.dll
[07-09-2008 02:52 AM | 00,106,496 | ---- | C] (Intel Corporation) - C:\Windows\System32\hccutils.dll
[07-09-2008 02:52 AM | 00,110,592 | ---- | C] (Synaptics, Inc.) - C:\Windows\System32\SynTPCo4.dll
[07-09-2008 02:52 AM | 00,133,656 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxpers.exe
[07-09-2008 02:52 AM | 00,135,168 | ---- | C] (SRS Labs, Inc.) - C:\Windows\System32\Com_SRS_WOWHD.dll
[07-09-2008 02:52 AM | 00,141,848 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxtray.exe
[07-09-2008 02:52 AM | 00,143,360 | ---- | C] (Synaptics, Inc.) - C:\Windows\System32\SynTPAPI.dll
[07-09-2008 02:52 AM | 00,163,840 | ---- | C] (Synaptics, Inc.) - C:\Windows\System32\SynCOM.dll
[07-09-2008 02:52 AM | 00,166,424 | ---- | C] (Intel Corporation) - C:\Windows\System32\hkcmd.exe
[07-09-2008 02:52 AM | 00,170,520 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxext.exe
[07-09-2008 02:52 AM | 00,196,608 | ---- | C] (Synaptics, Inc.) - C:\Windows\System32\SynCtrl.dll
[07-09-2008 02:52 AM | 00,204,800 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxdev.dll
[07-09-2008 02:52 AM | 00,204,800 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxpph.dll
[07-09-2008 02:52 AM | 00,241,664 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxTMM.dll
[07-09-2008 02:52 AM | 00,256,536 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxsrvc.exe
[07-09-2008 02:52 AM | 00,339,968 | ---- | C] (SRS Labs, Inc.) - C:\Windows\System32\Com_SRS_TruSurroundXT.dll
[07-09-2008 02:52 AM | 01,060,424 | ---- | C] () - C:\Windows\System32\WdfCoInstaller01000.dll
[07-09-2008 02:52 AM | 03,293,184 | ---- | C] (Intel Corporation) - C:\Windows\System32\igfxress.dll
[07-09-2008 02:52 AM | 03,305,472 | ---- | C] (Intel Corporation) - C:\Windows\System32\igdumd32.dll
[07-09-2008 02:53 AM | 00,002,096 | ---- | C] () - C:\Windows\System32\iglhxc32.vp
[07-09-2008 02:53 AM | 00,020,480 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Ext.crl
[07-09-2008 02:53 AM | 00,020,480 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Srv.exe
[07-09-2008 02:53 AM | 00,024,576 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\CtCamPin.crl
[07-09-2008 02:53 AM | 00,032,768 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Hwx.dll
[07-09-2008 02:53 AM | 00,032,768 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Sti.dll
[07-09-2008 02:53 AM | 00,036,864 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\CtCamMgr.dll
[07-09-2008 02:53 AM | 00,036,864 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\CtRegApp.dll
[07-09-2008 02:53 AM | 00,036,864 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Pin.dll
[07-09-2008 02:53 AM | 00,098,304 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Ext.ax
[07-09-2008 02:53 AM | 00,104,636 | ---- | C] () - C:\Windows\System32\igmedcompkrn.dll
[07-09-2008 02:53 AM | 00,126,976 | ---- | C] (Creative Technology Ltd.) - C:\Windows\System32\P1110Vfw.dll
[07-09-2008 02:53 AM | 00,147,456 | ---- | C] () - C:\Windows\System32\igfxCoIn_v1437.dll
[07-09-2008 02:53 AM | 00,745,472 | ---- | C] (Intel Corporation) - C:\Windows\System32\NETw4c32.dll
[07-09-2008 02:53 AM | 01,399,880 | ---- | C] () - C:\Windows\System32\igklg450.dll
[07-09-2008 02:53 AM | 01,838,408 | ---- | C] () - C:\Windows\System32\igklg400.dll
[07-09-2008 02:53 AM | 02,777,088 | ---- | C] (Intel Corporation) - C:\Windows\System32\NETw4r32.dll
[07-09-2008 03:51 AM | 00,022,140 | ---- | C] () - C:\Windows\System32\emptyregdb.dat
[07-09-2008 08:15 AM | 00,130,432 | ---- | C] () - C:\Windows\System32\GDIPFONTCACHEV1.DAT
[07-09-2008 12:04 PM | 00,000,711 | ---- | C] () - C:\Windows\System32\CPSOKBTasks.xml
[07-11-2008 02:27 AM | 00,026,292 | ---- | C] () - C:\Windows\System32\SQLServerManager10.msc
[07-11-2008 05:32 PM | 00,645,120 | ---- | C] () - C:\Windows\System32\config.gms
[08-04-2008 12:33 PM | ---D | C] - C:\Windows\System32\Lang
[08-07-2008 09:47 PM | 00,018,904 | ---- | C] () - C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[08-07-2008 09:47 PM | 00,106,605 | ---- | C] () - C:\Windows\System32\StructuredQuerySchema.bin
[08-07-2008 09:47 PM | 11,967,524 | ---- | C] () - C:\Windows\System32\korwbrkr.lex
[08-17-2008 11:04 PM | 00,025,600 | ---- | C] () - C:\Windows\System32\WS2Fix.exe
[08-17-2008 11:04 PM | 00,051,200 | ---- | C] () - C:\Windows\System32\dumphive.exe
[08-17-2008 11:04 PM | 00,053,248 | ---- | C] (http://www.beyondlogic.org) - C:\Windows\System32\Process.exe
[08-17-2008 11:04 PM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\Windows\System32\404Fix.exe
[08-17-2008 11:04 PM | 00,082,432 | ---- | C] (S!Ri.URZ) - C:\Windows\System32\IEDFix.C.exe
[08-17-2008 11:04 PM | 00,086,528 | ---- | C] (S!Ri.URZ) - C:\Windows\System32\VACFix.exe
[08-17-2008 11:04 PM | 00,288,417 | ---- | C] (S!Ri) - C:\Windows\System32\SrchSTS.exe
[08-17-2008 11:04 PM | 00,289,144 | ---- | C] (S!Ri) - C:\Windows\System32\VCCLSID.exe
[08-17-2008 11:05 PM | 00,002,078 | ---- | C] () - C:\Windows\System32\tmp.reg
[08-18-2008 11:16 AM | ---D | C] - C:\Windows\System32\x64
[08-21-2008 04:02 AM | ---D | C] - C:\Windows\System32\1031
[08-21-2008 04:02 AM | ---D | C] - C:\Windows\System32\1033
[08-21-2008 04:05 AM | ---D | C] - C:\Windows\System32\RsFx
[08-27-2008 05:09 PM | 00,065,536 | ---- | C] () - C:\Windows\System32\Ikeext.etl
[3 C:\Windows\*.tmp files]
[06-11-2008 09:18 PM | 00,006,874 | ---- | C] () - C:\Windows\RIDE.ini
[06-11-2008 09:22 PM | 00,000,000 | -H-- | C] () - C:\Windows\msds.dat
[06-16-2008 10:45 AM | 00,001,409 | ---- | C] () - C:\Windows\QTFont.for
[06-16-2008 10:45 AM | 00,054,156 | -H-- | C] () - C:\Windows\QTFont.qfn
[06-16-2008 11:07 AM | ---D | C] - C:\Windows\BDOSCAN8
[06-23-2008 11:39 PM | 00,000,277 | ---- | C] () - C:\Windows\maketorrent.ini
[06-23-2008 12:29 AM | 03,943,614 | ---- | C] () - C:\Windows\YMP.CAB
[07-08-2008 05:25 PM | 00,001,887 | ---- | C] () - C:\Windows\diagerr.xml
[07-08-2008 05:25 PM | 00,001,887 | ---- | C] () - C:\Windows\diagwrn.xml
[07-09-2008 02:06 AM | ---D | C] - C:\Windows\CSC
[07-09-2008 02:10 AM | 00,000,012 | ---- | C] () - C:\Windows\bthservsdp.dat
[07-09-2008 02:13 AM | -HSD | C] - C:\Windows\Installer
[07-09-2008 02:52 AM | 00,050,752 | ---- | C] (Agere Systems) - C:\Windows\agrsmdel.exe
[07-09-2008 02:53 AM | 00,004,579 | ---- | C] () - C:\Windows\PD1110.uns
[07-09-2008 02:53 AM | 00,020,480 | ---- | C] (Creative Technology Ltd.) - C:\Windows\P1110Cfg.exe
[07-09-2008 02:53 AM | 00,086,016 | ---- | C] (Creative Technology Ltd.) - C:\Windows\CtDrvIns.exe
[07-09-2008 02:53 AM | ---D | C] - C:\Windows\Panther
[07-09-2008 08:03 AM | ---D | C] - C:\Windows\Debug
[07-09-2008 12:00 PM | ---D | C] - C:\Windows\SQL9_KB948109_ENU
[07-19-2008 06:41 PM | 00,299,008 | ---- | C] (InstallShield Corporation, Inc.) - C:\Windows\unin0407.exe
[08-11-2008 12:38 AM | ---D | C] - C:\Windows\PCHEALTH
[08-17-2008 10:40 PM | ---D | C] - C:\Windows\Minidump
[08-18-2008 03:56 AM | 00,212,480 | ---- | C] (SteelWerX) - C:\Windows\swxcacls.exe
[08-18-2008 04:03 AM | 00,028,672 | ---- | C] (NirSoft) - C:\Windows\Nircmd.exe
[08-18-2008 04:03 AM | 00,049,152 | ---- | C] () - C:\Windows\VFind.exe
[08-18-2008 04:03 AM | 00,068,096 | ---- | C] () - C:\Windows\zip.exe
[08-18-2008 04:03 AM | 00,080,412 | ---- | C] () - C:\Windows\grep.exe
[08-18-2008 04:03 AM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\Windows\fdsv.exe
[08-18-2008 04:03 AM | 00,098,816 | ---- | C] () - C:\Windows\sed.exe
[08-18-2008 04:03 AM | 00,136,704 | ---- | C] (SteelWerX) - C:\Windows\swsc.exe
[08-18-2008 04:03 AM | 00,161,792 | ---- | C] (SteelWerX) - C:\Windows\swreg.exe
[08-18-2008 04:04 AM | ---D | C] - C:\Windows\erdnt
[08-21-2008 11:21 AM | 00,008,653 | ---- | C] () - C:\Windows\mozver.dat
[08-21-2008 11:21 AM | 00,118,784 | ---- | C] () - C:\Windows\GREUninstall.exe
[08-21-2008 11:21 AM | 00,118,784 | ---- | C] () - C:\Windows\SeaMonkeyUninstall.exe
[07-11-2008 02:34 PM | 00,000,582 | ---- | C] () - C:\Windows\tasks\Upload Weeds.job
[08-17-2008 04:19 PM | 00,000,374 | ---- | C] () - C:\Windows\tasks\RegCure.job
[08-17-2008 04:19 PM | 00,000,440 | ---- | C] () - C:\Windows\tasks\RegCure Program Check.job
[06-08-2008 12:38 PM | ---D | C] - C:\ProgramData\RFA_Backups
[06-09-2008 01:05 AM | ---D | C] - C:\ProgramData\ZDF
[06-18-2008 09:23 PM | ---D | C] - C:\ProgramData\WebEx
[06-26-2008 08:13 AM | ---D | C] - C:\ProgramData\Spybot - Search & Destroy
[07-05-2008 08:55 PM | ---D | C] - C:\ProgramData\Malwarebytes
[07-05-2008 12:42 AM | ---D | C] - C:\ProgramData\McAfee
[07-09-2008 08:03 AM | -HSD | C] - C:\ProgramData\Anwendungsdaten
[07-09-2008 08:03 AM | -HSD | C] - C:\ProgramData\Dokumente
[07-09-2008 08:03 AM | -HSD | C] - C:\ProgramData\Favoriten
[07-09-2008 08:03 AM | -HSD | C] - C:\ProgramData\Startmenü
[07-09-2008 08:03 AM | -HSD | C] - C:\ProgramData\Vorlagen
[07-09-2008 08:18 AM | 00,000,466 | RHS- | C] () - C:\ProgramData\ntuser.pol
[07-10-2008 01:01 AM | ---D | C] - C:\ProgramData\Stardock
[07-14-2008 06:25 PM | ---D | C] - C:\ProgramData\FlashFXP
[07-17-2008 04:01 PM | 00,000,032 | ---- | C] () - C:\ProgramData\ezsid.dat
[08-16-2008 01:40 PM | ---D | C] - C:\ProgramData\Viewpoint
[08-16-2008 03:41 PM | 00,111,577 | ---- | C] () - C:\ProgramData\BM7149696b.xml
[08-17-2008 03:08 PM | 00,000,022 | ---- | C] () - C:\ProgramData\pskt.ini
[08-20-2008 02:02 AM | ---D | C] - C:\ProgramData\ESET
[06-09-2008 05:40 PM | ---D | C] - C:\Users\saleiz\AppData\Roaming\Ride7
[06-16-2008 09:31 PM | ---D | C] - C:\Users\saleiz\AppData\Roaming\WinRAR
[07-02-2008 11:21 AM | ---D | C] - C:\Users\saleiz\AppData\Roaming\U3
[07-04-2008 01:00 AM | ---D | C] - C:\Users\saleiz\AppData\Roaming\Eltima Software
[07-05-2008 08:55 PM | ---D | C] - C:\Users\saleiz\AppData\Roaming\Malwarebytes
[07-09-2008 02:15 AM | ---D | C] - C:\Users\saleiz\AppData\Roaming\Media Center Programs
[07-09-2008 02:15 AM | --SD | C] - C:\Users\saleiz\AppData\Roaming\Microsoft
[07-15-2008 12:36 AM | ---D | C] - C:\Users\saleiz\AppData\Roaming\FTPRush
[08-21-2008 02:31 PM | ---D | C] - C:\Users\saleiz\AppData\Roaming\ESET
[08-23-2008 02:16 PM | ---D | C] - C:\Users\saleiz\AppData\Roaming\BinarySense
[08-25-2008 03:49 AM | ---D | C] - C:\Users\saleiz\AppData\Roaming\EDrawings
[09-02-2008 09:12 AM | ---D | C] - C:\Users\saleiz\AppData\Roaming\Download Manager
[06-15-2008 10:40 PM | ---D | C] - C:\Users\saleiz\AppData\Local\IsolatedStorage
[06-15-2008 10:42 PM | ---D | C] - C:\Users\saleiz\AppData\Local\Yahoo!_Inc
[07-09-2008 02:15 AM | ---D | C] - C:\Users\saleiz\AppData\Local\Microsoft
[07-09-2008 02:15 AM | ---D | C] - C:\Users\saleiz\AppData\Local\Temp
[07-09-2008 02:15 AM | -HSD | C] - C:\Users\saleiz\AppData\Local\Anwendungsdaten
[07-09-2008 02:15 AM | -HSD | C] - C:\Users\saleiz\AppData\Local\Temporary Internet Files
[07-09-2008 02:15 AM | -HSD | C] - C:\Users\saleiz\AppData\Local\Verlauf
[07-09-2008 08:13 AM | 00,107,792 | ---- | C] () - C:\Users\saleiz\AppData\Local\GDIPFONTCACHEV1.DAT
[07-09-2008 08:21 AM | 00,134,656 | ---- | C] () - C:\Users\saleiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07-09-2008 08:28 AM | ---D | C] - C:\Users\saleiz\AppData\Local\Microsoft Games
[07-10-2008 10:31 AM | 00,000,600 | ---- | C] () - C:\Users\saleiz\AppData\Local\PUTTY.RND
[08-08-2008 01:53 PM | ---D | C] - C:\Users\saleiz\AppData\Local\Stardock
[08-18-2008 03:06 AM | 00,001,356 | ---- | C] () - C:\Users\saleiz\AppData\Local\d3d9caps.dat
[08-20-2008 01:42 AM | 04,112,119 | -H-- | C] () - C:\Users\saleiz\AppData\Local\IconCache.db
[08-20-2008 02:27 AM | ---D | C] - C:\Users\saleiz\AppData\Local\ESET
[08-21-2008 02:56 AM | ---D | C] - C:\Users\saleiz\AppData\Local\Opera
[07-09-2008 08:03 AM | -HSD | C] - C:\Users\Public\Documents\Eigene Bilder
[07-09-2008 08:03 AM | -HSD | C] - C:\Users\Public\Documents\Eigene Musik
[07-09-2008 08:03 AM | -HSD | C] - C:\Users\Public\Documents\Eigene Videos
[06-13-2008 10:22 PM | ---D | C] - C:\Users\saleiz\Documents\Visual Studio 2008
[07-09-2008 02:15 AM | -HSD | C] - C:\Users\saleiz\Documents\Eigene Bilder
[07-09-2008 02:15 AM | -HSD | C] - C:\Users\saleiz\Documents\Eigene Musik
[07-09-2008 02:15 AM | -HSD | C] - C:\Users\saleiz\Documents\Eigene Videos
[07-10-2008 01:01 AM | ---D | C] - C:\Users\saleiz\Documents\Stardock
[07-15-2008 12:36 AM | ---D | C] - C:\Users\saleiz\Documents\My FTPRush Downloads
[08-16-2008 01:48 PM | R--D | C] - C:\Users\saleiz\Desktop\Konstruktion EWG
[08-26-2008 09:37 PM | R--D | C] - C:\Users\saleiz\Desktop\NPG
[08-27-2008 07:50 AM | 00,409,600 | -HS- | C] () - C:\Users\saleiz\Desktop\ehthumbs_vista.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\ehthumbs_vista.db:encryptable
[09-01-2008 07:19 PM | ---D | C] - C:\Users\saleiz\Desktop\The.Last.Days.Of.World.War.II.Part1.2004.DVDRip.XviD-EPiSODE
[09-01-2008 07:19 PM | ---D | C] - C:\Users\saleiz\Desktop\The.Last.Days.Of.World.War.II.Part2.2004.DVDRip.XviD-EPiSODE
[09-02-2008 03:13 PM | 00,115,712 | ---- | C] () - C:\Users\saleiz\Desktop\Permohonan Perlanjutan Mohd Hadihaizil Din.doc
[09-02-2008 06:13 AM | ---D | C] - C:\Users\saleiz\Desktop\Windows Gadget
[08-08-2008 01:53 PM | 00,001,849 | ---- | C] () - C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[08-23-2008 02:16 PM | 00,001,009 | ---- | C] () - C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk
[06-13-2008 10:15 PM | ---D | C] - C:\Program Files\Common Files\Merge Modules
[06-16-2008 09:31 PM | ---D | C] - C:\Program Files\Common Files\SourceTec
[07-14-2008 02:00 PM | ---D | C] - C:\Program Files\Common Files\Deterministic Networks
[08-09-2008 12:48 AM | ---D | C] - C:\Program Files\Common Files\Stardock
[08-21-2008 12:26 AM | ---D | C] - C:\Program Files\Common Files\eDrawings2008
[08-23-2008 02:16 PM | ---D | C] - C:\Program Files\Common Files\BinarySense
[06-04-2008 09:32 PM | ---D | C] - C:\Program Files\cFosSpeed
[06-08-2008 12:38 PM | ---D | C] - C:\Program Files\RFA
[06-09-2008 01:04 AM | ---D | C] - C:\Program Files\ZDF
[06-09-2008 05:40 PM | ---D | C] - C:\Program Files\Raisonance
[06-10-2008 09:56 PM | ---D | C] - C:\Program Files\NX Client for Windows
[06-13-2008 10:13 PM | ---D | C] - C:\Program Files\Microsoft SDKs
[06-13-2008 10:15 PM | ---D | C] - C:\Program Files\Microsoft Visual Studio 9.0
[06-15-2008 02:02 PM | ---D | C] - C:\Program Files\Sun(9)
[06-15-2008 11:13 PM | ---D | C] - C:\Program Files\Panda Security
[06-16-2008 09:31 PM | ---D | C] - C:\Program Files\SourceTec
[06-23-2008 11:38 PM | ---D | C] - C:\Program Files\Maketorrent 2
[06-26-2008 08:13 AM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[06-26-2008 08:20 AM | ---D | C] - C:\Program Files\HijackThis
[06-27-2008 11:58 AM | ---D | C] - C:\Program Files\FreeMind
[07-04-2008 02:18 AM | ---D | C] - C:\Program Files\SWF-AVI-GIF Converter
[07-05-2008 08:55 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[07-05-2008 11:36 AM | ---D | C] - C:\Program Files\Enigma Software Group
[07-09-2008 02:09 AM | ---D | C] - C:\Program Files\Analog Devices
[07-09-2008 02:09 AM | ---D | C] - C:\Program Files\Synaptics
[07-09-2008 08:03 AM | -HSD | C] - C:\Program Files\Gemeinsame Dateien
[07-09-2008 12:12 PM | ---D | C] - C:\Program Files\BitLocker
[07-10-2008 01:01 AM | ---D | C] - C:\Program Files\Stardock
[07-20-2008 04:29 AM | ---D | C] - C:\Program Files\FlashFXP
[07-22-2008 02:15 AM | ---D | C] - C:\Program Files\Cool Beans NFO Creator
[08-06-2008 11:02 PM | ---D | C] - C:\Program Files\MSECACHE
[08-06-2008 11:03 PM | ---D | C] - C:\Program Files\Windows Installer Clean Up
[08-08-2008 09:38 AM | ---D | C] - C:\Program Files\FontFrenzy
[08-17-2008 04:18 PM | ---D | C] - C:\Program Files\RegCure
[08-18-2008 01:07 AM | ---D | C] - C:\Program Files\Trend Micro
[08-18-2008 05:04 AM | ---D | C] - C:\Program Files\Sunbelt Software
[08-19-2008 10:26 AM | ---D | C] - C:\Program Files\IObit
[08-21-2008 02:26 PM | ---D | C] - C:\Program Files\ESET
[08-21-2008 03:25 AM | ---D | C] - C:\Program Files\Microsoft Web Designer Tools
[08-21-2008 03:44 PM | ---D | C] - C:\Program Files\SolidWorks (2)
[08-21-2008 10:48 AM | ---D | C] - C:\Program Files\Safari
[08-21-2008 11:21 AM | ---D | C] - C:\Program Files\mozilla.org
[08-21-2008 12:26 AM | ---D | C] - C:\Program Files\AGEIA Technologies
[08-22-2008 11:07 PM | ---D | C] - C:\Program Files\FinitySoft BMI Calculator
[08-23-2008 02:16 PM | ---D | C] - C:\Program Files\BinarySense
[08-25-2008 05:09 PM | ---D | C] - C:\Program Files\CS BMR Calculator
[09-02-2008 09:13 AM | ---D | C] - C:\Program Files\HooTech

========== Files - Modified Within 90 days ==========

[06-08-2008 01:56 PM | 00,000,232 | -H-- | M] () - C:\sqmdata00.sqm
[06-08-2008 01:56 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt00.sqm
[07-09-2008 02:53 AM | 00,008,192 | R-S- | M] () - C:\BOOTSECT.BAK
[07-09-2008 08:08 AM | 00,171,136 | RHS- | M] () - C:\grldr
[08-31-2008 01:18 AM | 26,740,57216 | -HS- | M] () - C:\hiberfil.sys
[08-18-2008 04:18 AM | 00,000,027 | ---- | M] () - C:\Windows\System32\drivers\etc\hosts
[06-10-2008 06:47 PM | 00,039,944 | ---- | M] (ESET) - C:\Windows\System32\drivers\eamon.sys
[06-10-2008 06:48 PM | 00,053,256 | ---- | M] (ESET) - C:\Windows\System32\drivers\easdrv.sys
[06-10-2008 06:56 PM | 00,030,728 | ---- | M] (ESET) - C:\Windows\System32\drivers\epfwndis.sys
[06-10-2008 06:56 PM | 00,054,280 | ---- | M] (ESET) - C:\Windows\System32\drivers\epfwtdi.sys
[06-10-2008 06:56 PM | 00,071,688 | ---- | M] (ESET) - C:\Windows\System32\drivers\epfw.sys
[06-18-2008 01:38 PM | 02,307,584 | ---- | M] (Intel Corporation) - C:\Windows\System32\drivers\igdkmd32.sys
[06-21-2008 04:54 AM | 00,066,600 | R--- | M] (Sunbelt Software, Inc.) - C:\Windows\System32\drivers\sbhips.sys
[07-09-2008 02:09 AM | 00,000,000 | -H-- | M] () - C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[08-17-2008 03:55 PM | 00,002,560 | ---- | M] () - C:\Windows\System32\drivers\mchInjDrv.sys
[08-22-2008 02:37 PM | 00,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) - C:\Windows\System32\drivers\nhcDriver.sys
[06-11-2008 09:18 PM | 00,036,352 | ---- | M] () - C:\Windows\System32\SX32W.DLL
[06-11-2008 09:18 PM | 00,135,680 | ---- | M] (Sampson Multimedia ®) - C:\Windows\System32\crypto32.dll
[06-18-2008 01:18 PM | 00,048,640 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxsrvc.dll
[06-18-2008 01:18 PM | 00,106,496 | ---- | M] (Intel Corporation) - C:\Windows\System32\hccutils.dll
[06-18-2008 01:18 PM | 00,135,168 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxdo.dll
[06-18-2008 01:18 PM | 00,172,032 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrenu.lrc
[06-18-2008 01:18 PM | 00,204,800 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxdev.dll
[06-18-2008 01:18 PM | 03,293,184 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxress.dll
[06-18-2008 01:19 PM | 00,024,576 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxexps.dll
[06-18-2008 01:19 PM | 00,069,632 | ---- | M] (Intel Corporation) - C:\Windows\System32\oemdspif.dll
[06-18-2008 01:19 PM | 00,122,880 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxcpl.cpl
[06-18-2008 01:19 PM | 00,204,800 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxpph.dll
[06-18-2008 01:19 PM | 00,241,664 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxTMM.dll
[06-18-2008 01:22 PM | 00,110,592 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrcht.lrc
[06-18-2008 01:22 PM | 00,114,688 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrchs.lrc
[06-18-2008 01:22 PM | 00,126,976 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrkor.lrc
[06-18-2008 01:22 PM | 00,131,072 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrjpn.lrc
[06-18-2008 01:22 PM | 00,155,648 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrheb.lrc
[06-18-2008 01:22 PM | 00,159,744 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrara.lrc
[06-18-2008 01:22 PM | 00,163,840 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrtha.lrc
[06-18-2008 01:22 PM | 00,172,032 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrslv.lrc
[06-18-2008 01:22 PM | 00,172,032 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrtrk.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrcsy.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrdan.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrfin.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrnor.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrsky.lrc
[06-18-2008 01:22 PM | 00,176,128 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrsve.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrplk.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrptb.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrptg.lrc
[06-18-2008 01:22 PM | 00,180,224 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrrus.lrc
[06-18-2008 01:22 PM | 00,184,320 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrfra.lrc
[06-18-2008 01:22 PM | 00,184,320 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrhun.lrc
[06-18-2008 01:22 PM | 00,188,416 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxresp.lrc
[06-18-2008 01:22 PM | 00,188,416 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrita.lrc
[06-18-2008 01:22 PM | 00,188,416 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrnld.lrc
[06-18-2008 01:22 PM | 00,192,512 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrdeu.lrc
[06-18-2008 01:22 PM | 00,192,512 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxrell.lrc
[06-18-2008 01:26 PM | 02,420,736 | ---- | M] (Intel Corporation) - C:\Windows\System32\ig4icd32.dll
[06-18-2008 01:27 PM | 02,174,976 | ---- | M] (Intel Corporation) - C:\Windows\System32\ig4dev32.dll
[06-18-2008 01:38 PM | 03,305,472 | ---- | M] (Intel Corporation) - C:\Windows\System32\igdumd32.dll
[06-18-2008 01:51 PM | 00,147,456 | ---- | M] () - C:\Windows\System32\igfxCoIn_v1504.dll
[06-18-2008 02:01 PM | 00,133,656 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxpers.exe
[06-18-2008 02:01 PM | 00,141,848 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxtray.exe
[06-18-2008 02:01 PM | 00,166,424 | ---- | M] (Intel Corporation) - C:\Windows\System32\hkcmd.exe
[06-18-2008 02:01 PM | 00,170,520 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxext.exe
[06-18-2008 02:01 PM | 00,170,520 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxzoom.exe
[06-18-2008 02:01 PM | 00,256,536 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxsrvc.exe
[06-18-2008 02:01 PM | 00,539,160 | ---- | M] (Intel Corporation) - C:\Windows\System32\igfxcfg.exe
[06-18-2008 02:56 PM | 00,032,912 | ---- | M] () - C:\Windows\System32\iglhxs32.vp
[06-22-2008 11:39 AM | 00,001,678 | ---- | M] () - C:\Windows\System32\Ahmbed.gz
[06-25-2008 10:51 PM | 00,996,352 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\Windows\System32\libeay32.dll
[06-25-2008 10:52 PM | 00,188,928 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\Windows\System32\libssl32.dll
[06-25-2008 10:52 PM | 00,188,928 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) - C:\Windows\System32\ssleay32.dll
[07-09-2008 03:51 AM | 00,022,140 | ---- | M] () - C:\Windows\System32\emptyregdb.dat
[07-09-2008 04:07 AM | 00,075,016 | ---- | M] () - C:\Windows\System32\license.rtf
[07-09-2008 08:15 AM | 00,130,432 | ---- | M] () - C:\Windows\System32\GDIPFONTCACHEV1.DAT
[07-11-2008 02:27 AM | 00,026,292 | ---- | M] () - C:\Windows\System32\SQLServerManager10.msc
[08-08-2008 12:17 AM | 00,158,748 | -H-- | M] () - C:\Windows\System32\mlfcache.dat
[08-09-2008 03:37 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\404Fix.exe
[08-14-2008 09:52 PM | 00,082,432 | ---- | M] (S!Ri.URZ) - C:\Windows\System32\IEDFix.C.exe
[08-17-2008 04:35 PM | 00,034,308 | ---- | M] () - C:\Windows\System32\BASSMOD.dll
[08-17-2008 11:16 PM | 00,002,078 | ---- | M] () - C:\Windows\System32\tmp.reg
[08-17-2008 11:34 PM | 00,036,864 | ---- | M] () - C:\Windows\System32\umstartup.etl
[08-21-2008 01:12 AM | 00,378,600 | ---- | M] () - C:\Windows\System32\FNTCACHE.DAT
[08-31-2008 01:19 AM | 00,065,536 | ---- | M] () - C:\Windows\System32\Ikeext.etl
[08-31-2008 01:20 AM | 00,016,050 | ---- | M] () - C:\Windows\System32\results.xml
[09-02-2008 02:43 PM | 00,161,176 | ---- | M] () - C:\Windows\System32\perfc009.dat
[09-02-2008 02:43 PM | 00,192,658 | ---- | M] () - C:\Windows\System32\perfc007.dat
[09-02-2008 02:43 PM | 00,739,710 | ---- | M] () - C:\Windows\System32\perfh009.dat
[09-02-2008 02:43 PM | 00,788,672 | ---- | M] () - C:\Windows\System32\perfh007.dat
[09-02-2008 02:43 PM | 01,880,494 | ---- | M] () - C:\Windows\System32\PerfStringBackup.INI
[09-02-2008 05:20 PM | 00,006,032 | -H-- | M] () - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[09-02-2008 05:20 PM | 00,006,032 | -H-- | M] () - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[3 C:\Windows\*.tmp files]
[06-11-2008 09:21 PM | 00,006,874 | ---- | M] () - C:\Windows\RIDE.ini
[06-11-2008 09:22 PM | 00,000,000 | -H-- | M] () - C:\Windows\msds.dat
[06-13-2008 09:40 PM | 00,000,158 | ---- | M] () - C:\Windows\matlab.ini
[06-16-2008 10:45 AM | 00,001,409 | ---- | M] () - C:\Windows\QTFont.for
[06-21-2008 05:36 PM | 00,327,680 | ---- | M] () - C:\Windows\SPInstall.etl
[06-23-2008 11:41 PM | 00,000,277 | ---- | M] () - C:\Windows\maketorrent.ini
[07-14-2008 01:55 PM | 00,001,594 | ---- | M] () - C:\Windows\VPNUnInstall.MIF
[07-14-2008 02:05 PM | 00,001,594 | ---- | M] () - C:\Windows\VPNInstall.MIF
[07-14-2008 08:31 AM | 00,000,100 | ---- | M] () - C:\Windows\lexstat.ini
[08-17-2008 09:57 PM | 00,054,156 | -H-- | M] () - C:\Windows\QTFont.qfn
[08-18-2008 04:19 AM | 00,000,215 | ---- | M] () - C:\Windows\system.ini
[08-18-2008 12:05 AM | 00,001,887 | ---- | M] () - C:\Windows\diagerr.xml
[08-18-2008 12:05 AM | 00,001,887 | ---- | M] () - C:\Windows\diagwrn.xml
[08-21-2008 11:21 AM | 00,000,301 | ---- | M] () - C:\Windows\win.ini
[08-21-2008 11:21 AM | 00,008,653 | ---- | M] () - C:\Windows\mozver.dat
[08-21-2008 11:21 AM | 00,118,784 | ---- | M] () - C:\Windows\GREUninstall.exe
[08-21-2008 11:21 AM | 00,118,784 | ---- | M] () - C:\Windows\SeaMonkeyUninstall.exe
[08-21-2008 11:22 AM | 00,000,335 | ---- | M] () - C:\Windows\nsreg.dat
[08-22-2008 01:38 PM | 00,000,012 | ---- | M] () - C:\Windows\bthservsdp.dat
[08-31-2008 01:18 AM | 00,067,584 | --S- | M] () - C:\Windows\bootstat.dat
[08-31-2008 10:51 PM | 00,737,280 | ---- | M] (Indigo Rose Corporation) - C:\Windows\iun6002.exe
[07-11-2008 10:00 PM | 00,000,582 | ---- | M] () - C:\Windows\tasks\Upload Weeds.job
[08-28-2008 03:55 AM | 00,000,374 | ---- | M] () - C:\Windows\tasks\RegCure.job
[08-31-2008 01:19 AM | 00,000,006 | -H-- | M] () - C:\Windows\tasks\SA.DAT
[09-02-2008 05:00 PM | 00,000,440 | ---- | M] () - C:\Windows\tasks\RegCure Program Check.job
[07-17-2008 04:01 PM | 00,000,032 | ---- | M] () - C:\ProgramData\ezsid.dat
[08-17-2008 03:08 PM | 00,111,577 | ---- | M] () - C:\ProgramData\BM7149696b.xml
[08-17-2008 03:49 PM | 00,000,022 | ---- | M] () - C:\ProgramData\pskt.ini
[08-21-2008 01:40 PM | 00,000,466 | RHS- | M] () - C:\ProgramData\ntuser.pol
[08-19-2008 01:00 PM | 00,001,356 | ---- | M] () - C:\Users\saleiz\AppData\Local\d3d9caps.dat
[08-21-2008 01:14 AM | 00,107,792 | ---- | M] () - C:\Users\saleiz\AppData\Local\GDIPFONTCACHEV1.DAT
[08-31-2008 01:17 AM | 04,112,119 | -H-- | M] () - C:\Users\saleiz\AppData\Local\IconCache.db
[09-01-2008 02:50 AM | 00,000,600 | ---- | M] () - C:\Users\saleiz\AppData\Local\PUTTY.RND
[09-02-2008 04:58 PM | 00,134,656 | ---- | M] () - C:\Users\saleiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[07-09-2008 08:09 AM | 00,000,402 | -HS- | M] () - C:\Users\saleiz\Documents\desktop.ini
[08-31-2008 10:23 PM | 00,000,486 | ---- | M] () - C:\Users\saleiz\Documents\Meine freigegebenen Ordner.lnk
[08-08-2008 06:36 PM | 00,001,098 | -HS- | M] () - C:\Users\saleiz\Desktop\desktop.ini
[08-27-2008 03:06 PM | 00,409,600 | -HS- | M] () - C:\Users\saleiz\Desktop\ehthumbs_vista.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\ehthumbs_vista.db:encryptable
[09-02-2008 03:38 PM | 00,115,712 | ---- | M] () - C:\Users\saleiz\Desktop\Permohonan Perlanjutan Mohd Hadihaizil Din.doc
[07-09-2008 08:09 AM | 00,000,174 | -HS- | M] () - C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[08-08-2008 01:53 PM | 00,001,849 | ---- | M] () - C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[08-31-2008 01:21 AM | 00,001,009 | ---- | M] () - C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk

< End of report >

OTViewIt Extras logfile created on: 2008-09-02 17:24:57 - Run 2
OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Users\saleiz\Desktop
Windows Vista Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.49% Memory free
4.00 Gb Paging File | 3.46 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 70.07 Gb Total Space | 10.85 Gb Free Space | 15.48% Space Free | Partition Type: NTFS
Drive D: | 31.72 Gb Total Space | 6.34 Gb Free Space | 19.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.93% Space Free | Partition Type: NTFS
Drive G: | 983.70 Mb Total Space | 37.44 Mb Free Space | 3.81% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1953668439-2755691025-100689525-1003]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[07-14-2008 01:34 PM | 03,904,184 | ---- | M] (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
[07-14-2008 01:34 PM | 03,904,184 | ---- | M] (IniCom Networks, Inc.)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = ComFile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.js [@ = Reg Error: Value does not exist or could not be read.] - File not found - Reg Error: Key does not exist or could not be opened.
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /s
.txt [@ = Reg Error: Value does not exist or could not be read.] - File not found - Reg Error: Key does not exist or could not be opened.

========== Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - [02-28-2006 12:42 PM | 00,094,208 | ---- | M] (Apple Computer, Inc.) C:\Programme\Bonjour\mdnsNSP.dll
Protocol_Catalog9\Catalog_Entries\000000000001 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000002 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000003 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000004 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000005 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000006 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000007 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000008 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000009 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000010 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000011 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000012 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000013 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000014 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000015 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000016 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000017 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000018 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000019 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000020 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000021 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000022 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000023 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000024 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000025 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000026 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000027 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000028 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000029 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000030 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000031 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000032 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000033 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000034 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000035 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000036 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000037 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000038 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000039 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000040 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000041 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000042 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000043 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll
Protocol_Catalog9\Catalog_Entries\000000000044 - [07-23-2007 10:39 AM | 00,202,160 | ---- | M] (Tonec Inc.) C:\Windows\System32\idmmbc.dll

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap - 4 = Restricted sites (Not a Default Protocol)
news - 4 = Restricted sites (Not a Default Protocol)
nntp - 4 = Restricted sites (Not a Default Protocol)
oecmd - 4 = Restricted sites (Not a Default Protocol)
snews - 4 = Restricted sites (Not a Default Protocol)

========== HKEY_CURRENT_USER Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt - @ivt protocol not assigned
file - file protocol not assigned
ftp - ftp protocol not assigned
http - http protocol not assigned
https - https protocol not assigned
shell - shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt - @ivt protocol not assigned
file - file protocol not assigned
ftp - ftp protocol not assigned
http - http protocol not assigned
https - https protocol not assigned
shell - shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

hddlife:{BD758015-47D9-477A-8873-4B688A2BC0E2} [HKLM - hlRegister Class]
[02-15-2008 02:17 PM | 00,091,384 | ---- | M] (BinarySense, Inc.) C:\Programme\Common Files\BinarySense\hlAPP.dll

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - Reg Error: Key does not exist or could not be opened.]
File not found Reg Error: Key does not exist or could not be opened.

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[12-07-2007 04:08 PM | 01,934,672 | R--- | M] (Skype Technologies) C:\Programme\Common Files\Skype\Skype4COM.dll

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FA2C30-C2BB-45A2-B0C3-769541E8F6A2}" = PHP 5.2.5
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0780F87D-7444-4629-AE5F-40A0FE0A8EEB}" = Adobe WinSoft Linguistics Plugin
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB945282" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB945282)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946040" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946040)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946308" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946308)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946344" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946344)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB946581" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB946581)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB947540" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB947540)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB947789" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB947789)
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}.KB951708" = Hotfix für Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU (KB951708)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235BBFC6-D863-4066-A01A-3BD504C31031}" = Nero 7 Ultra Edition
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FEB25F8-C3CB-49A2-AE79-DE17FFAFB5D9}" = MySQL Server 5.0
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" = MSXML 4.0 SP2 (KB927978)
"{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3D959F7A-7417-45FF-8CC4-2092874CC73A}" = Adobe PDF Library Files CS4
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3F464442-A51F-414B-ACA4-78BCF276B346}" = Ipswitch WS_FTP Server
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{452FD5A6-95EE-45F0-A699-1D7CDAD03090}" = SolidWorks 2008 SP0
"{46087FCF-980F-49B2-B2D9-A1AFDB8B4447}" = TI-Reader Converter
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 8.5 Enterprise Server Edition
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4C24C6EB-FF40-4855-9C1D-42F8AFC75112}" = Zend Optimizer
"{4C271126-C295-4828-A901-5910AE0C258B}" = Cisco Systems VPN Client 5.0.03.0530
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{58E05C78-4785-443D-8A1B-CBFF49C2A84E}" = ESET Smart Security
"{5BAB6B11-928A-4BF4-84D9-00975C27EC9A}" = Adobe Fonts All
"{5C104E56-A441-429D-A609-D8A46EB92EA1}" = PCMark05
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62631D34-D839-3214-92A2-D2F13C235694}" = Google Gears
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DC64DED-659D-4C3F-8F65-3BE3CBF57FB4}" = COSMOSMotion 2007 SP0
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{F9DE79A2-9049-4589-9787-815147371581}" = Update for Microsoft Visual Studio Web Authoring Component (KB945140)
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{FED55BA1-5A70-44B4-8EB1-E72274AED780}" = Hotfix for Office (KB950278)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1AFF2298-CC00-4A3B-866A-C62B8373794E}" = Security Update for 2007 Microsoft Office System (KB951596)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4AD3A076-427C-491F-A5B7-7D1DE788A756}" = Update for Microsoft Office Outlook 2007 (KB952142)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{558B709B-821B-4FC5-90FC-9A8890641E77}" = Security Update for Microsoft Office PowerPoint 2007 (KB951338)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6BAD036C-261F-4BEF-96CF-C20678D07A41}" = Security Update for Visio 2007 (KB947590)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}" = Security Update for Microsoft Office Excel 2007 (KB951546)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AD72BABE-C733-4FCF-9674-4314466191B9}" = Security Update for Microsoft Office Word 2007 (KB950113)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D9806966-6AA1-4B55-9528-6748E37CEE86}" = Update for Outlook 2007 Junk Email Filter (kb955433)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{FED55BA1-5A70-44B4-8EB1-E72274AED780}" = Hotfix for Office (KB950278)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{1AFF2298-CC00-4A3B-866A-C62B8373794E}" = Security Update for 2007 Microsoft Office System (KB951596)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{4AD3A076-427C-491F-A5B7-7D1DE788A756}" = Update for Microsoft Office Outlook 2007 (KB952142)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{558B709B-821B-4FC5-90FC-9A8890641E77}" = Security Update for Microsoft Office PowerPoint 2007 (KB951338)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6BAD036C-261F-4BEF-96CF-C20678D07A41}" = Security Update for Visio 2007 (KB947590)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}" = Security Update for Microsoft Office Excel 2007 (KB951546)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00}" = Security Update for Microsoft Office system 2007 (KB951808)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{AD72BABE-C733-4FCF-9674-4314466191B9}" = Security Update for Microsoft Office Word 2007 (KB950113)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D9806966-6AA1-4B55-9528-6748E37CEE86}" = Update for Outlook 2007 Junk Email Filter (kb955433)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}" = Security Update for Microsoft Office Publisher 2007 (KB950114)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{FED55BA1-5A70-44B4-8EB1-E72274AED780}" = Hotfix for Office (KB950278)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EE4F37D-4D8E-4C64-BDE7-7AF4E6B073B5}" = Adobe Type Support CS4
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A52ACD6B-238E-44C8-90B5-C57BA8926C57}" = FontFrenzy
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000003}_Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Anmelde-Assistent
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B9803C44-643C-4971-AF4B-3A3699CD15DA}" = Adobe Anchor Service CS4
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw
"{C523D256-313D-4866-B36A-F3DE528246EF}" = MSXML 4.0 SP2 (KB941833)
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC96EEE-470E-458E-A005-488BEC1CED42}" = eDrawings 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595" = Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81D9FF6-B45F-4DD4-9673-86B08AF6F705}" = HDDlife Pro 3.1
"{E8641B55-68D5-4FF9-978C-A6D686F8EAA0}" = Adobe CMaps CS4
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}" = Retail Virtual EVE
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Aptana Studio" = Aptana Studio
"Athan" = Athan Basic 3.4
"AVGantiRootkit" = AVG Anti-Rootkit Free
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Blaze Media Pro" = Blaze Media Pro
"BlogDesk_is1" = BlogDesk 2.8
"BSPlayerp" = BS.Player PRO
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"CDCheck" = CDCheck
"Citavi" = Citavi 2.4
"Cool Beans NFO Creator_is1" = Cool Beans NFO Creator 2.0.1.3
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Creative PD1110" = Creative WebCam NX Driver (2.00.04.0000)
"CS BMR Calculator_is1" = CS BMR Calculator 1.0
"DeskScapes" = DeskScapes
"e_is1" = e - v1.0.10
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 5.3
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FinitySoft BMI Calculator" = FinitySoft BMI Calculator 1.0
"Focus Magic_is1" = Focus Magic 3.02
"Folding@Home Windows SMP Client" = Folding@Home Windows SMP Client
"Free FLV Converter_is1" = Free FLV Converter V 1.0
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.4
"Frets on Fire" = Frets On Fire
"HaaliMkx" = Haali Media Splitter
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IIM5_is1" = iMacros V6.11
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Internet Download Manager" = Internet Download Manager
"KB948109_SQL9" = GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.0 Standard
"Lexmark 2200 Series" = Lexmark 2200 Series
"LowRateVoip_is1" = LowRateVoip
"M929729" = Microsoft .NET Framework 1.1 Hotfix (KB929729)
"MagicISO & MagicDisc_is1" = MagicISO 5.4.0.239 & MagicDisc 2.5.50.0
"MakeTorrent 2" = MakeTorrent v2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR14SP3" = MATLAB 7.1
"Maxthon" = Maxthon Browser (remove only)
"Media Pirate - the video downloader" = Media Pirate - the video downloader 1.0.3
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU" = Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"Nonoh_is1" = Nonoh
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"nxclient_is1" = NX Client for Windows 3.2.0-10
"ObjectDock Plus" = ObjectDock Plus
"OpenSSL Light_is1" = OpenSSL 0.9.8h Light
"Pacific Poker" = Pacific Poker
"Power Data Recovery_is1" = Power Data Recovery 4.1.2
"PowerISO" = PowerISO
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 6.0" = RealPlayer
"Refresher" = Refresher
"RegCure" = RegCure 1.5.0.0
"Registry First Aid_is1" = Registry First Aid
"Ride" = RKit 6.1
"Ruby-186-26" = Ruby-186-26
"SamsungPlayer_is1" = Samsung Player Version 2.00.7
"SC Video Converter_is1" = SC Video Converter 4.3.0.0
"SeaMonkey (1.1.11)" = SeaMonkey (1.1.11)
"SetFileDate_is1" = SetFileDate 2.0
"Soldier of Fortune II - Double Helix MP TEST" = Soldier of Fortune II - Double Helix MP TEST
"SparVoip_is1" = SparVoip
"Subversion_is1" = Subversion 1.4.5-r25188
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 3" = TeamViewer 3
"Thunderbird-Tray" = Thunderbird-Tray
"Total Video Converter 3.10_is1" = Total Video Converter 3.10
"UltraStar" = UltraStar 0.6.0
"UltSounds" = Windows-Soundschemas
"UnixUtils for Yahoo! Widgets" = Unix Utilities for Yahoo! Widgets
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VideoLAN VLC media player 0.8.6c
"VoipBuster_is1" = VoipBuster
"VSO Image Resizer_is1" = VSO Image Resizer 1.3.4
"WIDI Audio To MIDI VST 1.10" = WIDI Audio To MIDI VST 1.10 (remove only)
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 0.99.7
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! IE Suggest" = Yahoo! IE Search Suggest
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Widget Engine" = Yahoo! Widgets
"YASA Video Converter v3.4 (build 0065)" = YASA Video Converter v3.4 (build 0065)
"YInstHelper" = Yahoo! Install Manager
"ZDFmediathek_is1" = ZDFmediathek Version 1.4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1953668439-2755691025-100689525-501\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"intelliScore Polyphonic WAV to MIDI Converter Demo" = intelliScore Polyphonic WAV to MIDI Converter Demo
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-08-20 23:23:03 - Computer Name = slumbermann - User Name = User SID not found - Source = SideBySide
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\SolidWorks\SLDWORKS.exe".
Die
abhängige Assemblierung "Microsoft.VC80.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 2008-08-20 23:48:13 - Computer Name = slumbermann - User Name = User SID not found - Source = WinMgmt
Description =

Error - 2008-08-21 01:24:36 - Computer Name = slumbermann - User Name = User SID not found - Source = VSS
Description =

Error - 2008-08-21 01:48:05 - Computer Name = slumbermann - User Name = User SID not found - Source = SideBySide
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.BatchParser.dll".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 2008-08-21 01:48:26 - Computer Name = slumbermann - User Name = User SID not found - Source = SideBySide
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\10.0.0.0__89845dcd8080cc91\Microsoft.SqlServer.BatchParser.dll".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 2008-08-21 01:48:46 - Computer Name = slumbermann - User Name = User SID not found - Source = .NET Runtime Optimization Service
Description =

Error - 2008-08-21 01:48:56 - Computer Name = slumbermann - User Name = User SID not found - Source = .NET Runtime Optimization Service
Description =

Error - 2008-08-21 01:52:33 - Computer Name = slumbermann - User Name = User SID not found - Source = WinMgmt
Description =

Error - 2008-08-21 02:07:36 - Computer Name = slumbermann - User Name = User SID not found - Source = SQLBrowser
Description = Der Port des SQLBrowser-Diensts kann nicht überwacht werden oder ist
ungültig.

Error - 2008-08-21 02:07:36 - Computer Name = slumbermann - User Name = User SID not found - Source = SQLBrowser
Description = Der SQLBrowser-Dienst konnte die SQL-Instanz und die Konnektivitätsermittlung
nicht einrichten.

[ DFS Replication Events ]

[ HardwareEvents Events ]

[ Internet Explorer Events ]

[ Key Management Service Events ]

[ Media Center Events ]
Error - 2008-05-21 13:16:13 - Computer Name = slumbermann - User Name = User SID not found - Source = Media Center Guide
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 2008-06-06 08:09:23 - Computer Name = slumbermann - User Name = User SID not found - Source = Media Center Guide
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

Error - 2008-06-08 23:33:05 - Computer Name = slumbermann - User Name = User SID not found - Source = Media Center Guide
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide

Error - 2008-07-02 12:20:11 - Computer Name = slumbermann - User Name = User SID not found - Source = Media Center Guide
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide

[ ODiag Events ]
Error - 2007-11-22 20:50:02 - Computer Name = slumbermann - User Name = User SID not found - Source = Microsoft Office 12 Diagnostics
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A

[ OSession Events ]
Error - 2007-11-22 20:50:00 - Computer Name = slumbermann - User Name = User SID not found - Source = Microsoft Office 12 Sessions
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2007-12-07 08:40:24 - Computer Name = slumbermann - User Name = User SID not found - Source = Microsoft Office 12 Sessions
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 538
seconds with 240 seconds of active time. This session ended with a crash.

Error - 2008-06-27 17:18:17 - Computer Name = slumbermann - User Name = User SID not found - Source = Microsoft Office 12 Sessions
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 4286 seconds with 2580 seconds of active time. This session ended with a
crash.

[ Security Events ]

[ System Events ]
Error - 2008-08-30 21:16:11 - Computer Name = slumbermann - User Name = User SID not found - Source = Service Control Manager
Description =

Error - 2008-08-30 21:16:11 - Computer Name = slumbermann - User Name = User SID not found - Source = Service Control Manager
Description =

Error - 2008-08-30 21:16:11 - Computer Name = slumbermann - User Name = User SID not found - Source = Service Control Manager
Description =

Error - 2008-08-30 23:18:17 - Computer Name = slumbermann - User Name = User SID not found - Source = sptd
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
festgestellt.

Error - 2008-08-30 23:18:22 - Computer Name = slumbermann - User Name = User SID not found - Source = volmgr
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 2008-08-30 23:18:44 - Computer Name = slumbermann - User Name = User SID not found - Source = volmgr
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error - 2008-08-30 23:19:03 - Computer Name = slumbermann - User Name = User SID not found - Source = HTTP
Description =

Error - 2008-08-30 23:20:18 - Computer Name = slumbermann - User Name = User SID not found - Source = Service Control Manager
Description =

Error - 2008-08-30 23:20:18 - Computer Name = slumbermann - User Name = User SID not found - Source = Service Control Manager
Description =

Error - 2008-08-30 23:20:18 - Computer Name = slumbermann - User Name = User SID not found - Source = Service Control Manager
Description =

< End of report >

#8 Yourhighness

The BSG Malware Fighter

Group: Malware Response Team
Posts: 7,925
Joined: 20-April 06
Gender:Male
Location:Hamburg

Posted 03 September 2008 - 02:30 PM

hi slumbermann,

D:\e-Document\MiRC\mIRC 6.3 + keygen\mIRC - English.exe

Quietman7 said:

Your logs show that you are using crack tools so that's probably how you became infected. The practice of using crack or keygen tools is not only considered illegal activity but it is a serious security risk.

If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

source: http://www.bleepingcomputer.com/forums/index.php?s=&showtopic=165243&view=findpost&p=925724

Your logs show that you have (a) online poker programme(s) installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs, search for the poker game and remove it.

If you are unsure of anything, please dont hesitate to ask.

Quote

[07-05-2008 11:36 AM | ---D | C] - C:\Program Files\Enigma Software Group

Enigma software group is a known trouble maker and I strongly suggest removing any of their software.

The following is referring to Registry First Aid and CCleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

Registry tools can cause irreparable damage to your Operating System
Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Please post the ComboFix log and the Malwarebytes' Antimalware log. Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image

#9 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 03 September 2008 - 03:06 PM

Hi Yourhighness,

Thank you for your reply, i've uninstalled Online Poker as i dont really use it. Regarding CCleaner, i find it really usefull for cleaning up my temporary data and some unuse things. But if you say it not good for the pc overall performance, could you please advice me what how can i keep my data clean, not filled up with unneccessary things, because its sometimes goes up to 2Gb of waste junk.

Regarding uTorrent, i'm well aware about the copyright things, i normally use it to distribute my own small movie or clip to friends and others who would like to download it. So i pretty much control what type of files are on my uTorrent. Btw, my pc was infected because of ViewPoint Media Player. I need that player to view 3D model in various sites. But seems after that i get infected. Now i'm not sure what kind of player i can use.

All help really appreciated.

Below are my Malwarebytes' Antimalware and ComboFix log. The ComboFix log was the log from last time when i try to run it to clean my pc. n the Malwarebytes' Antimalware log is the latest one.

Malwarebytes' Anti-Malware 1.25
Database version: 1090
Windows 6.0.6001 Service Pack 1

22:05:34 2008-09-03
mbam-log-09-03-2008 (22-05-34).txt

Scan type: Quick Scan
Objects scanned: 56198
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-08-17.03 - saleiz 2008-08-18 4:06:09.1 - NTFSx86
ausgeführt von:: D:\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\actskn43.ocx
C:\Windows\system32\bovqiipl.dll
C:\Windows\system32\cldfqykx.dll
C:\Windows\system32\Memman.vxd
C:\Windows\system32\skinboxer43.dll
C:\Windows\system32\tdssadw.dll
C:\Windows\system32\tdssinit.dll
C:\Windows\system32\tdssl.dll
C:\Windows\system32\tdsslog.dll
C:\Windows\system32\tdssmain.dll
C:\Windows\system32\tdssservers.dat
C:\Windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV

((((((((((((((((((((((( Dateien erstellt von 2008-07-18 bis 2008-08-18 ))))))))))))))))))))))))))))))
.

2008-08-18 03:56 . 2008-08-18 04:02 <DIR> d-------- C:\327882R2FWJFW
2008-08-18 03:36 . 2004-10-15 18:17 60,496 --a------ C:\Windows\System32\drivers\Teefer.sys
2008-08-18 03:36 . 2004-10-15 18:18 21,075 --a------ C:\Windows\System32\drivers\wpsdrvnt.sys
2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg6n.sys
2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg5n.sys
2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg4n.sys
2008-08-18 03:36 . 2004-10-15 18:32 14,568 --a------ C:\Windows\System32\drivers\wg3n.sys
2008-08-18 03:35 . 2008-08-18 03:35 <DIR> d-------- C:\Program Files\Sygate
2008-08-18 03:35 . 2004-10-15 18:32 83,096 --a------ C:\Windows\System32\SSSensor.dll
2008-08-18 01:07 . 2008-08-18 01:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-18 00:05 . 2008-08-18 00:05 <DIR> d-------- C:\$WINDOWS.~BT
2008-08-17 23:05 . 2008-08-17 23:16 2,078 --a------ C:\Windows\System32\tmp.reg
2008-08-17 23:04 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-08-17 23:04 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-08-17 23:04 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-08-17 23:04 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-08-17 23:04 . 2008-08-14 21:52 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-08-17 23:04 . 2008-08-09 15:37 82,432 --a------ C:\Windows\System32\404Fix.exe
2008-08-17 23:04 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-08-17 23:04 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-08-17 23:04 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-08-17 22:39 . 2008-08-18 04:17 328,018,280 --a------ C:\Windows\MEMORY.DMP
2008-08-17 18:59 . 2008-08-17 19:00 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-17 18:59 . 2008-08-17 19:00 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-17 18:00 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-17 17:36 . 2008-08-17 17:36 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-17 16:18 . 2008-08-17 16:35 <DIR> d-------- C:\Program Files\RegCure
2008-08-16 13:40 . 2008-08-16 13:40 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-08-16 13:40 . 2008-08-16 13:40 <DIR> d-------- C:\ProgramData\Viewpoint
2008-08-16 13:28 . 2008-08-16 13:28 <DIR> d-------- C:\eDrawings
2008-08-15 00:51 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 23:43 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 23:43 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 23:43 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 23:43 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 23:43 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-14 22:06 . 2008-08-14 22:06 41,764 --a------ C:\Windows\System32\kek.exe
2008-08-11 00:38 . 2008-08-11 00:38 <DIR> d-------- C:\Windows\PCHEALTH
2008-08-09 00:48 . 2008-08-09 00:48 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-09 00:46 . 2008-08-09 00:46 537 --a------ C:\Users\saleiz - Verknpfung.lnk
2008-08-09 00:46 . 2008-08-09 00:46 537 --a------ C:\Users\saleiz - Verknpfung (2).lnk
2008-08-08 13:58 . 2008-08-08 13:58 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-08 13:58 . 2008-08-08 13:58 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-08-08 09:38 . 2008-08-08 09:38 <DIR> d-------- C:\Program Files\FontFrenzy
2008-08-06 23:03 . 2008-08-06 23:03 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-06 23:02 . 2008-08-06 23:02 <DIR> d-------- C:\Program Files\MSECACHE
2008-08-06 06:52 . 2008-08-06 06:52 58,629 --a------ C:\Windows\System32\mpt.exe
2008-08-04 12:33 . 2008-08-04 12:33 <DIR> d-------- C:\Windows\System32\Lang
2008-08-01 06:28 . 2008-08-01 06:28 41,984 --a------ C:\Windows\System32\mpxa.exe
2008-07-22 02:15 . 2008-07-22 02:16 <DIR> d-------- C:\Program Files\Cool Beans NFO Creator
2008-07-20 04:29 . 2008-07-20 04:44 <DIR> d-------- C:\Program Files\FlashFXP
2008-07-19 18:41 . 1997-10-13 20:55 299,008 --a------ C:\Windows\unin0407.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-18 02:13 --------- d-----w C:\Users\saleiz\AppData\Roaming\DMCache
2008-08-17 23:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 22:51 --------- d-----w C:\Program Files\Windows Mail
2008-08-17 20:44 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-17 20:01 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-17 19:42 --------- d-----w C:\Users\saleiz\AppData\Roaming\uTorrent
2008-08-17 16:59 --------- d-----w C:\Program Files\Lavasoft
2008-08-17 16:03 --------- d-----w C:\ProgramData\avg8
2008-08-17 13:55 2,560 ----a-w C:\Windows\system32\drivers\mchInjDrv.sys
2008-08-17 01:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 01:54 --------- d-----w C:\Users\saleiz\AppData\Roaming\Winamp
2008-08-17 01:54 --------- d-----w C:\Program Files\CyberLink
2008-08-17 01:54 --------- d-----w C:\Program Files\acoostic
2008-08-16 23:36 --------- d-----w C:\Users\saleiz\AppData\Roaming\mIRC
2008-08-16 13:28 --------- d-----w C:\Users\saleiz\AppData\Roaming\BSplayer PRO
2008-08-16 11:20 --------- d-----w C:\Users\saleiz\AppData\Roaming\SolidWorks
2008-08-14 22:53 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-10 12:35 --------- d-----w C:\Program Files\Winamp
2008-08-08 11:52 --------- d-----w C:\Program Files\Stardock
2008-08-07 19:27 --------- d-----w C:\Program Files\Google
2008-08-07 08:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-06 23:01 --------- d-----w C:\Program Files\CCleaner
2008-08-06 22:18 --------- d-----w C:\Users\saleiz\AppData\Roaming\Vso
2008-07-30 18:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-24 04:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-22 00:26 --------- d-----w C:\Users\saleiz\AppData\Roaming\U3
2008-07-20 02:26 --------- d---a-w C:\ProgramData\TEMP
2008-07-19 00:31 --------- d-----w C:\Program Files\QuickTime
2008-07-18 18:02 --------- d-----w C:\Users\saleiz\AppData\Roaming\Skype
2008-07-18 14:01 --------- d-----w C:\Users\saleiz\AppData\Roaming\skypePM
2008-07-17 14:01 32 ----a-w C:\Users\All Users\ezsid.dat
2008-07-17 14:01 32 ----a-w C:\ProgramData\ezsid.dat
2008-07-14 22:58 --------- d-----w C:\Users\saleiz\AppData\Roaming\FTPRush
2008-07-14 22:36 --------- d-----w C:\Program Files\FTPRush
2008-07-14 16:56 --------- d-----w C:\Program Files\SmartFTP Client
2008-07-14 16:54 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-07-14 16:25 --------- d-----w C:\ProgramData\FlashFXP
2008-07-14 12:00 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-07-14 06:24 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-07-14 02:00 --------- d-----w C:\Program Files\Analog Devices
2008-07-14 01:34 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-14 01:34 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-14 01:34 --------- d-----w C:\Program Files\Realtek
2008-07-11 15:49 --------- d-----w C:\Program Files\MATLAB71
2008-07-11 15:04 --------- d-----w C:\Program Files\MagicDisc
2008-07-10 18:09 --------- d-----w C:\Program Files\Safari
2008-07-09 23:01 --------- d-----w C:\ProgramData\Stardock
2008-07-09 10:12 --------- d-----w C:\Program Files\Microsoft Games
2008-07-09 10:12 --------- d-----w C:\Program Files\BitLocker
2008-07-09 10:01 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Vorlagen
2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Startmenü
2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Favoriten
2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Dokumente
2008-07-09 06:03 --------- d-sh--w C:\ProgramData\Anwendungsdaten
2008-07-09 06:03 --------- d-sh--w C:\Program Files\Gemeinsame Dateien
2008-07-09 01:37 --------- d-----w C:\Users\saleiz\AppData\Roaming\Ipswitch
2008-07-09 01:36 --------- d-----w C:\Users\saleiz\AppData\Roaming\Academic Software Zurich
2008-07-09 01:34 --------- d-----w C:\Users\Gast\AppData\Roaming\Thunderbird
2008-07-09 01:34 --------- d-----w C:\Users\Gast\AppData\Roaming\Ipswitch
2008-07-09 00:51 --------- d-----w C:\ProgramData\McAfee
2008-07-09 00:51 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-09 00:51 --------- d-----w C:\ProgramData\Macrovision
2008-07-09 00:51 --------- d-----w C:\ProgramData\IsolatedStorage
2008-07-09 00:51 --------- d-----w C:\ProgramData\Ipswitch
2008-07-09 00:51 --------- d-----w C:\ProgramData\iOpus-i-M
2008-07-09 00:51 --------- d-----w C:\ProgramData\FLEXnet
2008-07-09 00:51 --------- d-----w C:\ProgramData\DassaultSystemes
2008-07-09 00:51 --------- d-----w C:\ProgramData\CyberLink
2008-07-09 00:51 --------- d-----w C:\ProgramData\CheckPoint
2008-07-09 00:50 --------- d-----w C:\ProgramData\Apple Computer
2008-07-09 00:50 --------- d-----w C:\ProgramData\Apple
2008-07-09 00:50 --------- d-----w C:\ProgramData\Adobe Systems
2008-07-09 00:49 --------- d-----w C:\Program Files\Zend
2008-07-09 00:49 --------- d-----w C:\Program Files\ZDF
2008-07-09 00:49 --------- d-----w C:\Program Files\YourWare Solutions
2008-07-09 00:49 --------- d-----w C:\Program Files\YASAVideoEncoder
2008-07-09 00:49 --------- d-----w C:\Program Files\Yamicsoft
2008-07-09 00:49 --------- d-----w C:\Program Files\Yahoo!
2008-07-09 00:49 --------- d-----w C:\Program Files\Wireshark
2008-07-09 00:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-09 00:46 --------- d-----w C:\Program Files\PowerISO
2008-07-09 00:46 --------- d-----w C:\Program Files\PowerDataRecovery
2008-07-09 00:46 --------- d-----w C:\Program Files\PHP
2008-07-09 00:46 --------- d-----w C:\Program Files\Paragon Software
2008-07-09 00:46 --------- d-----w C:\Program Files\Panda Security
2008-07-09 00:46 --------- d-----w C:\Program Files\PacificPoker4
2008-07-09 00:44 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-09 00:44 --------- d-----w C:\Program Files\Microsoft SDKs
2008-07-09 00:43 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-07-09 00:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-09 00:43 --------- d-----w C:\Program Files\Media Player Classic
2008-07-09 00:43 --------- d-----w C:\Program Files\Media Pirate
2008-07-09 00:43 --------- d-----w C:\Program Files\Maxthon2
2008-07-09 00:43 --------- d-----w C:\Program Files\Maketorrent 2
2008-07-09 00:43 --------- d-----w C:\Program Files\MagicISO
2008-07-09 00:43 --------- d-----w C:\Program Files\Macromedia
2008-07-09 00:42 --------- d-----w C:\Program Files\LowRateVoip
2008-07-09 00:42 --------- d-----w C:\Program Files\KeyLog
2008-07-09 00:42 --------- d-----w C:\Program Files\K-Lite Codec Pack
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{384de036-63c8-4f7a-bea4-2a3d957925d5}"= "C:\Program Files\acoostic\tbacoo.dll" [2007-11-08 13:11 1502232]

[HKEY_CLASSES_ROOT\clsid\{384de036-63c8-4f7a-bea4-2a3d957925d5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{384de036-63c8-4f7a-bea4-2a3d957925d5}]
2007-11-08 13:11 1502232 --a------ C:\Program Files\acoostic\tbacoo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{384de036-63c8-4f7a-bea4-2a3d957925d5}"= "C:\Program Files\acoostic\tbacoo.dll" [2007-11-08 13:11 1502232]

[HKEY_CLASSES_ROOT\clsid\{384de036-63c8-4f7a-bea4-2a3d957925d5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{384DE036-63C8-4F7A-BEA4-2A3D957925D5}"= "C:\Program Files\acoostic\tbacoo.dll" [2007-11-08 13:11 1502232]

[HKEY_CLASSES_ROOT\clsid\{384de036-63c8-4f7a-bea4-2a3d957925d5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-09 00:04 2562560]
"LowRateVoip"="C:\Program Files\LowRateVoip\LowRateVoip.exe" [2008-01-25 19:51 8897848]
"Nonoh"="C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" [2008-06-25 17:01 8929056]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 02:21 815104]
"DMHotKey"="C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-28 01:45 466944]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-03 18:47 1232152]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-29 08:40 1167360]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-30 11:04 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-03-30 11:04 147456]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-03-30 11:04 126976]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Users\saleiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-09 00:48:54 3581680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
TB-Tray.lnk - C:\Program Files\Thunderbird-Tray\TBTray.exe [2005-11-08 22:02:44 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"NoHotStart"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2190D275-5E1D-468D-A05A-4C25CAC12605}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A34C1648-C0D0-45C0-ADC5-89B12B89A8E3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"UDP Query User{1662D5D3-4D86-4BEA-9570-F106AC574B1F}C:\\users\\saleiz\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\saleiz\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{36C53DA3-291C-45A9-A5C0-378E04285FB7}C:\\users\\saleiz\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\saleiz\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{6872C8C6-4B8B-4F7B-AF42-7997964AC4C1}C:\\program files\\nx client for windows\\bin\\nxssh.exe"= TCP:C:\program files\nx client for windows\bin\nxssh.exe:nxssh
"TCP Query User{89C461ED-9401-4B32-B2BE-78960A537C62}C:\\program files\\nx client for windows\\bin\\nxssh.exe"= UDP:C:\program files\nx client for windows\bin\nxssh.exe:nxssh
"UDP Query User{B9EDE479-B5B7-44E6-B049-0AAE589384A4}C:\\program files\\nx client for windows\\nxclient.exe"= TCP:C:\program files\nx client for windows\nxclient.exe:nxclient
"TCP Query User{0CDF0F14-73E5-4DBA-B114-C1BCC1428B7B}C:\\program files\\nx client for windows\\nxclient.exe"= UDP:C:\program files\nx client for windows\nxclient.exe:nxclient
"{3E226A50-91E2-4759-B4A2-51A566A6F80B}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{9960C9FB-A9B1-4243-A14D-023119A5F525}"= C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"UDP Query User{3CF8A1B2-5C27-45E1-A990-71038BC21BE5}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{4E8204F0-0BBC-4EAD-9984-1FB0DE26045D}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{45B8872D-4E20-4A2F-B003-725BD7CCADCE}C:\\folding\\mpiexec.exe"= TCP:C:\folding\mpiexec.exe:mpiexec
"TCP Query User{F15462FD-E7D3-463F-A83C-205F33C096E4}C:\\folding\\mpiexec.exe"= UDP:C:\folding\mpiexec.exe:mpiexec
"UDP Query User{271D6947-4BE4-4F35-A7E2-95F4385733A7}C:\\folding\\smpd.exe"= TCP:C:\folding\smpd.exe:smpd
"TCP Query User{5B12712A-9444-4D80-B668-E824F3786848}C:\\folding\\smpd.exe"= UDP:C:\folding\smpd.exe:smpd
"UDP Query User{9A08ADB4-926F-4DD2-9C15-7321ABFA371B}C:\\folding\\mpiexec.exe"= TCP:C:\folding\mpiexec.exe:mpiexec
"TCP Query User{74156E50-89D6-4D7C-AEB4-C3A9145D35F6}C:\\folding\\mpiexec.exe"= UDP:C:\folding\mpiexec.exe:mpiexec
"UDP Query User{9DCE5668-09BB-40B6-9A27-190096B9AAEF}C:\\windows\\system32\\smpd.exe"= TCP:C:\windows\system32\smpd.exe:smpd
"TCP Query User{281E30DD-C28D-4064-86DC-C1EC94E89B4B}C:\\windows\\system32\\smpd.exe"= UDP:C:\windows\system32\smpd.exe:smpd
"UDP Query User{02F3D54C-4C8D-4413-A3EE-A0831EEC2A1E}C:\\windows\\system32\\mpiexec.exe"= TCP:C:\windows\system32\mpiexec.exe:mpiexec
"TCP Query User{D44AABDD-A339-4DE9-A506-DE4083EAF6CF}C:\\windows\\system32\\mpiexec.exe"= UDP:C:\windows\system32\mpiexec.exe:mpiexec
"UDP Query User{BF5FE22C-5BF7-4364-B70B-8933B0922C1F}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= TCP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC
"TCP Query User{2802D56C-CF58-44D1-802A-744C0BE6DA4E}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= UDP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC
"UDP Query User{9DEBB28E-1347-4A94-B80D-5A3BA202A50E}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= TCP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC
"TCP Query User{CF1FC218-2B43-42D6-AB4F-1F5D9B20F1BE}D:\\e-document\\mirc\\mirc 6.3 + keygen\\mirc - english.exe"= UDP:D:\e-document\mirc\mirc 6.3 + keygen\mirc - english.exe:mIRC
"UDP Query User{E5DFE76C-C0F7-41BC-AD74-A90F7FF8926E}D:\\e-document\\mirc\\2448script\\mirc.exe"= TCP:D:\e-document\mirc\2448script\mirc.exe:mIRC
"TCP Query User{230D6A69-AC7B-44AB-B68C-45192854AC6B}D:\\e-document\\mirc\\2448script\\mirc.exe"= UDP:D:\e-document\mirc\2448script\mirc.exe:mIRC
"{671045B1-F47C-41BD-911A-5BD9664CBAA9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BF162738-B13C-4EC2-97AC-F8AE06B72921}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BF0B4BAE-3135-473F-980A-5BC69F6ECD42}"= TCP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh
"{28DB6FCF-AA97-4902-B266-7744FE970465}"= UDP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh
"{73A737A3-32CC-40AC-A878-B90874BCF0D9}"= TCP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh
"{EE2BBCBF-1CA7-4CCD-B9B1-630902DC4845}"= UDP:C:\Program Files\Nonoh.net\Nonoh\Nonoh.exe:Nonoh
"UDP Query User{A0A8755B-0DF6-4A34-82FE-BF8BCFF7704B}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D3956F91-8007-4D4A-AC25-866DB1488C55}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{03C63FDB-3E13-4BF5-ADD7-55A9DD4BA92E}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"TCP Query User{C428803E-DD25-496F-8B48-BDECABB5898A}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"{7321C94C-4A94-4AFE-B93D-40D5FBC448FF}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{5ED499B0-8708-4D5B-B9B3-F7810D84FDED}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"UDP Query User{A7E13DB6-206F-4E77-A3E5-938AADC77BD2}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= TCP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test
"TCP Query User{27122A77-F52D-4496-A503-05061DE9C034}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= UDP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test
"UDP Query User{38A76113-B692-4A4F-9251-30B8019A464C}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= TCP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test
"TCP Query User{FF9D4450-B9F6-473B-BE77-586B7168B96A}C:\\program files\\soldier of fortune ii - double helix mp test\\sof2mp-test.exe"= UDP:C:\program files\soldier of fortune ii - double helix mp test\sof2mp-test.exe:SoF2MP-Test
"{B90FE429-B9C3-44D1-8D57-93E49A827EEB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7A8FE5C2-5865-44CE-B3DA-9A429A522B6F}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"UDP Query User{2335B5E9-0C87-487F-B6BF-DEA3E794607E}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= TCP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"TCP Query User{71472E31-D30B-4630-BCE8-0EA25BAD3E6B}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= UDP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"{432CDA47-6543-4F28-99BA-D89679B2C39F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"UDP Query User{C438A985-FE6D-4831-9988-4419FAB6EB90}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"TCP Query User{7887526A-B70F-409D-858A-5B7B5BF4C2B0}C:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"UDP Query User{F0EBB45B-0984-4506-B0B4-47008FB26A3D}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"TCP Query User{F81C551F-6FB4-40A6-9EF3-2EF86A97B7EC}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"UDP Query User{1F8D100C-0197-468E-901F-4FD826479A98}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"TCP Query User{06C4EDA9-A953-44D6-B5AB-FEDB065A089C}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:TeamViewer Remote Control Application
"{022562C1-482F-4E6E-B4CA-64B40C70C2B2}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F8BA7BED-EF67-43C9-B619-C43CCB3DD165}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B8D6E19B-ED2B-407D-B424-1F932513DF6A}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{5E12F022-AD5D-4C30-BCDF-97D6ABAA35A1}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{78FF79AF-7138-44CC-AAE1-0107D2D62741}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{09998FC3-C318-4BFE-9FB6-1DA54A643582}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{E3465475-39E5-486C-B79A-E01DC96EE1AB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{017C0FC8-2C75-410C-8CEC-0F5DB1CDC688}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{8B38C591-86AA-4AC5-BF1B-8D86EA30F967}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"UDP Query User{666EC2E2-48B2-4FD4-8340-18B39D154E58}D:\\instantrails-2.0-win\\ruby\\bin\\ruby.exe"= TCP:D:\instantrails-2.0-win\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"TCP Query User{8572108F-3DCC-4484-9E1B-34DC99DA09CE}D:\\instantrails-2.0-win\\ruby\\bin\\ruby.exe"= UDP:D:\instantrails-2.0-win\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"UDP Query User{015FE75F-BB7C-44F8-AB1E-39FFA161710C}D:\\instantrails-2.0-win\\apache\\apache.exe"= TCP:D:\instantrails-2.0-win\apache\apache.exe:Apache
"TCP Query User{D1C20E12-A85A-46AC-A146-912EB9CD800F}D:\\instantrails-2.0-win\\apache\\apache.exe"= UDP:D:\instantrails-2.0-win\apache\apache.exe:Apache
"UDP Query User{B1926648-4FAD-4163-9DCB-458270EF9246}D:\\apache\\ruby\\bin\\ruby.exe"= TCP:D:\apache\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"TCP Query User{A15F7E20-E100-4BD5-895A-238FA761E8E9}D:\\apache\\ruby\\bin\\ruby.exe"= UDP:D:\apache\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"UDP Query User{8FA441D9-DFE9-4A9E-BC06-3B5B95A1333A}D:\\work station\\ruby\\bin\\ruby.exe"= TCP:D:\work station\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"TCP Query User{BAC8B222-A351-4018-B7A0-4EAFAC5660EE}D:\\work station\\ruby\\bin\\ruby.exe"= UDP:D:\work station\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"UDP Query User{E0ECFD8E-B617-477E-894A-1AB943C3569C}C:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= TCP:C:\aptana\aptana studio\jre\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{A3F25375-5F1A-4A18-8587-74A47740B083}C:\\aptana\\aptana studio\\jre\\bin\\javaw.exe"= UDP:C:\aptana\aptana studio\jre\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{DA69BCC6-6267-4A22-85AB-B9B801E03F42}C:\\program files\\bitnami rubystack\\ruby\\bin\\ruby.exe"= TCP:C:\program files\bitnami rubystack\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"TCP Query User{E65E2548-0020-4D68-A488-03FC33C0358F}C:\\program files\\bitnami rubystack\\ruby\\bin\\ruby.exe"= UDP:C:\program files\bitnami rubystack\ruby\bin\ruby.exe:Ruby interpreter (CUI) 1.8.6 [i386-mswin32]
"UDP Query User{0F17CBBF-E746-42CD-9732-549F882126DB}C:\\program files\\bitnami rubystack\\apache2\\bin\\httpd.exe"= TCP:C:\program files\bitnami rubystack\apache2\bin\httpd.exe:Apache HTTP Server
"TCP Query User{B0BFF1BE-7B86-49C9-9D06-D669B0320351}C:\\program files\\bitnami rubystack\\apache2\\bin\\httpd.exe"= UDP:C:\program files\bitnami rubystack\apache2\bin\httpd.exe:Apache HTTP Server
"{298132F9-0810-464E-97CD-45B549A1E882}"= UDP:3306:mysql
"{F4E023D7-92B8-4425-8624-9518E975F1A8}"= TCP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"{AF59B1D8-34FA-4529-9D6E-74D81AB21FDF}"= UDP:C:\Windows\System32\lxbvcoms.exe:Lexmark Communications System
"UDP Query User{87A3B2EC-4A56-4C81-8FC3-9516157BFF54}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= TCP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"TCP Query User{2EE9AA1A-5D47-461F-80A0-0517D84AF37A}C:\\program files\\realvnc\\vnc4\\winvnc4.exe"= UDP:C:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Free Edition for Win32
"UDP Query User{C547C190-A5D8-41A8-AD08-A4BD1329D604}C:\\program files\\zend\\zendstudio-5.5.0\\jre\\bin\\javaw.exe"= TCP:C:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe:Java™ 2 Platform Standard Edition binary
"TCP Query User{52829669-FFC8-484F-9048-DFA6D246A0FA}C:\\program files\\zend\\zendstudio-5.5.0\\jre\\bin\\javaw.exe"= UDP:C:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe:Java™ 2 Platform Standard Edition binary
"UDP Query User{D975C1D4-A1C9-48E3-87AF-E3DC27F5D8F5}D:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= TCP:D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"TCP Query User{44F0D3D9-9FE1-492F-BA08-516D9E7A10BF}D:\\wamp\\bin\\apache\\apache2.2.6\\bin\\httpd.exe"= UDP:D:\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server
"UDP Query User{C5D174F4-D5B9-41E6-8907-3B8DA210990A}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{74AB5C78-A20D-4B31-9FF3-E122051E5EEF}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{7C725B5A-F58A-4B3F-A704-D48CAF05D38F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24881520-20F6-4B70-9151-2885EBA28CE4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{20DD4C3A-B692-4712-B4CC-2E2E5EF49C10}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{79F7D602-1FCE-4E22-8757-5394032230B4}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"UDP Query User{5D6561C9-925F-43A6-8EDE-4053C38F259B}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= TCP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"TCP Query User{B29D04B7-EF00-4EA8-8FBE-A6667A62560D}C:\\users\\saleiz\\appdata\\roaming\\maxthon\\maxthon.exe"= UDP:C:\users\saleiz\appdata\roaming\maxthon\maxthon.exe:maxthon.exe
"UDP Query User{F72D574D-6846-459F-A7EA-EE9AA3200785}C:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module
"TCP Query User{7510F8B2-C79D-49C8-8E63-1A508834D8C4}C:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{930ECA3B-98C3-46FB-84AB-022F38B46E87}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{DB336135-2CA6-4BBC-AC95-A4A7453B6BDC}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{C476947C-8A05-4E40-8ADE-C367F37280DE}C:\\program files\\sparvoip\\sparvoip.exe"= TCP:C:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls.
"TCP Query User{4D7DBC62-F73C-4969-A74B-E143C819B35C}C:\\program files\\sparvoip\\sparvoip.exe"= UDP:C:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls.
"{35DCDE63-690F-449A-A0D0-1C879FA70CE1}"= TCP:C:\Program Files\SparVoip\SparVoip.exe:SparVoip
"{98B6B260-3C00-4390-94CA-6B984998CA2A}"= UDP:C:\Program Files\SparVoip\SparVoip.exe:SparVoip
"UDP Query User{0E5852BC-6F8A-4B3B-BA43-AE3F935B87FA}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{931A0AC0-B1E0-47C4-8F36-B4546BB8F4DB}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{BC4E2D0A-C993-4BC0-A5FB-A207057E0BBC}C:\\program files\\lowratevoip\\lowratevoip.exe"= TCP:C:\program files\lowratevoip\lowratevoip.exe:Client to make VoIP calls.
"TCP Query User{0B3595F1-D568-42BE-8B93-DA3FCDB53552}C:\\program files\\lowratevoip\\lowratevoip.exe"= UDP:C:\program files\lowratevoip\lowratevoip.exe:Client to make VoIP calls.
"UDP Query User{D7F7F14B-4B1E-4141-8630-A1F2663B6E15}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{816F875E-AF28-4CB6-ACA5-2B4F32F6C849}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{FF73F96E-B1CD-4AAE-B157-68A0A0AB60FB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8CFAC65B-8BDA-469B-BC31-13C98C99F9C1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"UDP Query User{0F058EEC-FFA7-4557-B018-F69FCFF8144E}C:\\program files\\samsungplayer\\ps_olect.exe"= TCP:C:\program files\samsungplayer\ps_olect.exe:ps_olect
"TCP Query User{584C8E20-B972-43CB-AFCE-4353B97F4AB8}C:\\program files\\samsungplayer\\ps_olect.exe"= UDP:C:\program files\samsungplayer\ps_olect.exe:ps_olect
"{7670FA25-BDAD-4B06-A8BA-34CC5E8660B0}"= TCP:C:\Program Files\LowRateVoip\LowRateVoip.exe:LowRateVoip
"{66803885-EC7E-4D2C-918C-9043D1E08074}"= UDP:C:\Program Files\LowRateVoip\LowRateVoip.exe:LowRateVoip
"UDP Query User{A5631CCF-4653-47BD-96BA-32FAFFE7529E}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{EA9D3F2A-32EC-4BB7-8E1E-1EACC6B63E50}C:\\users\\saleiz\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\saleiz\program files\utorrent\utorrent.exe:utorrent.exe
"{C73DE61F-C658-4405-BA84-984FF4CDA571}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{26FD02F3-BC84-4B9F-8500-DE5BB1D9B87F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C07C6937-0035-44A8-A31D-51F131678A0D}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9A08F3DE-F69C-40B5-B780-78B8522D70DC}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7DEB1697-FAEA-4A73-B305-30583DF080EB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{06C8B900-A7C3-4F5D-B647-4DF21F524AD0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{83BD13AD-C541-49E0-ADA5-53D146B11E4B}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{89C10EE7-DCDE-48C8-AD8D-AD1A48935F1A}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{F63E9C8C-7459-42F3-BBF1-FFE20550B156}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{32AEED7E-E567-46CF-AC9E-EBC4BF518117}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{73315980-C296-4D1D-810D-B0C4D401E496}"= UDP:C:\Windows\System32\mpxa.exe:mpxa
"{4A9361C7-83C1-49AE-B63B-43BEB469B944}"= TCP:C:\Windows\System32\mpxa.exe:mpxa
"{21C72D4F-872E-44DC-A450-72EEB66DA45C}"= UDP:C:\Users\saleiz\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{98F0748A-4922-4E64-A15D-62E05D04A7EE}"= TCP:C:\Users\saleiz\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{05E440F8-2526-4764-9222-9BB159B6E5AF}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-03-07 13:16]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-03 18:47]
R1 mchInjDrv;madCodeHook DLL injection driver;C:\Windows\system32\Drivers\mchInjDrv.sys [2008-08-17 15:55]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24]
R2 Apache2.2;Apache2.2;D:\Apache\bin\httpd.exe [2007-09-05 09:59]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-17 17:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 18:47]
R2 BcmSqlStartupSvc;SQL Server-Startdienst für Business Contact Manager;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 10:51]
R2 lxbv_device;lxbv_device;C:\Windows\system32\lxbvcoms.exe [2007-04-25 14:18]
R2 mpich2_smpd;MPICH2 Process Manager, Argonne National Lab;C:\Folding\smpd.exe [2007-01-31 20:29]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-06 22:22]
R2 TeamViewer;TeamViewer 3;C:\Program Files\TeamViewer3\TeamViewer_Host.exe [2007-12-17 12:53]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-17 17:36]
S2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [2006-03-24 23:34]
S2 gupdate1c8f6f592fa0b60;Google Update Service (gupdate1c8f6f592fa0b60);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-05 14:19]
S2 vvdsvc;VJVodServices;C:\Windows\System32\svchost.exe [2008-01-21 04:21]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]
S3 PCANDIS4;PCANDIS4 Protocol Driver;C:\Program Files\Ugutil\program\PCANDIS4.SYS [2001-04-19 04:26]
S3 RTCore32;RTCore32;C:\Program Files\RMClock\RTCore32.sys [2005-05-25 10:39]
S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 14:37]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:21]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Inhalt des "geplante Tasks" Ordners

2008-08-18 C:\Windows\Tasks\GoogleUpdateTask.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-05 14:19]

2008-08-18 C:\Windows\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-17 16:35]

2008-08-17 C:\Windows\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-08-17 16:35]

2008-07-11 C:\Windows\Tasks\Upload Weeds.job
- C:\Program Files\Ipswitch\WS_FTP Professional\wsftppro.exe [2007-12-07 13:38]

2007-05-18 C:\Windows\Tasks\User_Feed_Synchronization-{6DB62E65-AEE8-463C-AE41-01F830DFEFF9}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 04:23]
.
.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Users\saleiz\AppData\Roaming\Mozilla\Firefox\Profiles\ssoct25g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.bootleggers.us/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.121.17\npGoogleOneClick.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 04:19:32
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

C:\Windows\TEMP\4cb741b6-cd16-4588-bcd8-4acf613b2c4a.tmp 0 bytes
C:\Windows\TEMP\9858f926-6195-4bb3-802f-510b6bcd9237.tmp 0 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EB7B022\dnserrordiagoff_webOC[1] 6914 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EB7B022\errorPageStrings[2] 978 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EB7B022\info_48[1] 6993 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3QA69EQ\ErrorPageTemplate[1] 2168 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1HF3Q3C\background_gradient[2] 453 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G1HF3Q3C\httpErrorPagesScripts[3] 7579 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4OXVDJH\bullet[4] 3169 bytes
C:\Users\saleiz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4OXVDJH\down[1] 3414 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 10

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\Windows\Explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\iFtpSvc\iFtpSvc.exe
D:\Apache\MySQL\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\System32\UI0Detect.exe
C:\Windows\System32\conime.exe
C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\UI0Detect.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-18 4:34:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-08-18 02:34:17

Pre-Run: 7,585,656,832 Bytes frei
Post-Run: 6,812,024,832 Bytes frei

472 --- E O F --- 2008-08-14 22:53:27

#10 Yourhighness

The BSG Malware Fighter

Group: Malware Response Team
Posts: 7,925
Joined: 20-April 06
Gender:Male
Location:Hamburg

Posted 04 September 2008 - 03:29 PM

hi slumbermann,

Quote

Thank you for your reply, i've uninstalled Online Poker as i dont really use it. Regarding CCleaner, i find it really usefull for cleaning up my temporary data and some unuse things. But if you say it not good for the pc overall performance, could you please advice me what how can i keep my data clean, not filled up with unneccessary things, because its sometimes goes up to 2Gb of waste junk.

I cannot and will not force you to uninstall CCleaner, I am just trying to point out its dangers. A safer tool would be something like this:

ATF Cleaner by Atribune.

ATF-Cleaner.exe

Main

Select Files to Delete

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Opera

Select All

Empty Selected

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Quote

...view 3D model in various sites...

Do you know the file extensions for those models? That would help.

Please do this next:

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.

-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe

Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image

#11 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 04 September 2008 - 04:19 PM

Hi Yourhighness,

Thank a lot for your recommendation, i will take a look at that. :thumbsup:

but basically, all you are saying, ccleaner is not good for the registry part. But other than that, its will cause no danger rite? cause all the program doing is uninstall software, or control the startup n clean up browser/apps unneeded files.

I tried downloading SDFix, n install it onto C:\ but when i reboot to Safe Mode, and then try to run RunThis.bat by double clicking or using command prompt. I will see for short time a blue screen windows opening, then disappear. So i dont really have the chance to press "Y" key or do anything.

and after reboot, i see not Report.txt too. So i think the software can't run on my system. Are you sure the SDFix support Vista operating system? cause all i can see in SDFix folder is XP_VirusAlert_Repair and W2K_VirusAlert_Repair. But i still run the HJT one more time and below are the log.

Could you tell me what you still suspect still in my pc from my previous log? I begin to wonder cause you keep giving me solution without telling me the cause.

But i really appreciate your help up till now... Thank you very much...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:31, on 2008-09-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\LowRateVoip\LowRateVoip.exe
C:\Program Files\Nonoh.net\Nonoh\nonoh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\saleiz\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Thunderbird-Tray\TBTray.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Samsung\Easy Display Manager\DisplayManager.exe
C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: acoostic Toolbar - {384de036-63c8-4f7a-bea4-2a3d957925d5} - C:\Program Files\acoostic\tbacoo.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [LowRateVoip] "C:\Program Files\LowRateVoip\LowRateVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Nonoh] "C:\Program Files\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\saleiz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife 3\HDDlifePro.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.15.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: vzTCPConfig - http://www.verizon.net/checkmypc/fios/incl...vzTCPConfig.CAB
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://203.141.196.52/SysCamInst.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.yobcast.tv/download/yobcast.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8f6f592fa0b60) (gupdate1c8f6f592fa0b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: Ipswitch WS_FTP Service (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxbv_device - - C:\Windows\system32\lxbvcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\Folding\smpd.exe
O23 - Service: MySQL - Unknown owner - D:\Apache\MySQL\bin\mysqld-nt (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: TeamViewer 3 (TeamViewer) - Unknown owner - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 17148 bytes

#12 Yourhighness

The BSG Malware Fighter

Group: Malware Response Team
Posts: 7,925
Joined: 20-April 06
Gender:Male
Location:Hamburg

Posted 07 September 2008 - 04:40 AM

hi,

i have not forgotten you. sorry for the delay. I was kind of busy and had to format my pc once again. I shall reply asap.

Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image

#13 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 07 September 2008 - 10:14 PM

okay...

i hope i wont need that..

Cheers,

Thank you

#14 Yourhighness

The BSG Malware Fighter

Group: Malware Response Team
Posts: 7,925
Joined: 20-April 06
Gender:Male
Location:Hamburg

Posted 08 September 2008 - 02:06 AM

Hi slumbermann,

sorry bout SDFix. For a second I forgot that you have Vista :thumbsup:

. I was going to see if you have still some indications of this on your pc. Next, I wanted to pass on this information to you:

Please note that you are infected with a trojan or a Backdoor.

Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately:

Disconnect the infected computer from the internet until the computer can be cleaned.
From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... (Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information).

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall?

However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc).

Should you have any questions, please feel free to ask.

Now, on to the fix.

Step #1

Please download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

Step #2

Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)

You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
Now click Start
Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
Click Start (the Onlinescanner will now prepare itself for running on your pc)
To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
Press Scan
The Onlinescan will now start and scan your pc (this could take a while)
When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
The Scanresults will now open in Notepad
- Click into the text area, right-click and chose "select all" (or use ctrl+a)
- Right-click again and chose "copy" (or ctrl+c)
- Close Notepad
Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Step #3

Please post back with the logs. Thanks!

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image

#15 slumbermann

New Member

Group: Members
Posts: 12
Joined: 17-August 08

Posted 08 September 2008 - 02:37 AM

Regarding the NOD32 online scanner. I have the NOD32 Smart Suite installed on my system... Can i just use that? cause after all... its the same provider... or still i need to use the online scanner ?