Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't seem to get rid of trojans


  • This topic is locked This topic is locked
18 replies to this topic

#1 akiana

akiana

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 22 October 2008 - 05:37 PM

Hi,

I was directed here by boopme after trying several times, with his help, to get rid of some of the trojans infected in my computer.

Here's the link where I posted my problem: http://www.bleepingcomputer.com/forums/t/174588/trojanagent/

Thanks in advance.

===========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:18 PM, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;;*.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7738A49F-BC52-4AD8-93BC-BCBF3F492F0C}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: A87221CE - Unknown owner - C:\WINDOWS\system32\1B738376.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8639 bytes

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 25 October 2008 - 05:22 AM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal, akiana. :thumbsup:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.
The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please post back

1.RSIT log.txt and info.txt.

#3 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 25 October 2008 - 07:23 PM

Hi,

Thanks for taking the time to help me.

Here are the text files you requested:

=====================
Logfile of random's system information tool 1.04 (written by random/random)
Run by Le at 2008-10-25 20:20:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (44%) free of 40 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:11 PM, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Le\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Le.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7738A49F-BC52-4AD8-93BC-BCBF3F492F0C}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: A87221CE - Unknown owner - C:\WINDOWS\system32\1B738376.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8816 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-01 2403392]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"MotiveReportAgent"=C:\Program Files\Common Files\Motive\McciBootStrapper.exe [2007-08-14 202240]
"StandardInstall"= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"zsmscc"=C:\WINDOWS\system32\zsmscc071001.dll [2008-10-22 25600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-24 68856]
"cdloader"=C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe [2007-12-21 50520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Le\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Rohan\rohanclient.exe"="C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Aeria Games\Dreamlords\dreamlords.exe"="C:\Aeria Games\Dreamlords\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe46aa4-05a6-11dd-9f31-0010a720cb9e}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5158fc32-9d37-11dd-a0e0-b6588697d68f}]
shell\Auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e6e21c0-75d8-11dd-a066-0010a720cb9e}]
shell\Auto\command - G:\auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe


======List of files/folders created in the last 1 months======

2008-10-25 20:20:07 ----D---- C:\rsit
2008-10-25 20:17:44 ----A---- C:\WINDOWS\system32\k12249802621.exe
2008-10-25 12:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 10:56:02 ----A---- C:\WINDOWS\system32\k12249465611.exe
2008-10-23 14:18:48 ----A---- C:\WINDOWS\system32\k12247859271.exe
2008-10-23 08:07:55 ----A---- C:\WINDOWS\system32\k12247636741.exe
2008-10-22 19:48:15 ----A---- C:\WINDOWS\system32\k12247192931.exe
2008-10-22 18:25:43 ----A---- C:\WINDOWS\system32\k12247143421.exe
2008-10-22 17:08:28 ----D---- C:\Program Files\Trend Micro
2008-10-22 13:45:11 ----RSH---- C:\WINDOWS\system32\zsmscc32.dll
2008-10-22 13:45:07 ----N---- C:\WINDOWS\system32\zsmscc071001.dll
2008-10-22 13:45:04 ----RSH---- C:\WINDOWS\system32\zsmscc071001.exe
2008-10-22 13:45:00 ----A---- C:\WINDOWS\system32\k12246974991.exe
2008-10-21 12:20:02 ----D---- C:\Program Files\ShoOnline
2008-10-19 13:13:47 ----H---- C:\auto.exe
2008-10-19 12:42:00 ----D---- C:\WINDOWS\ERUNT
2008-10-18 13:02:13 ----A---- C:\WINDOWS\system32\1B738376.EXE
2008-10-18 09:31:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 23:09:13 ----D---- C:\WSI
2008-10-16 18:34:08 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 18:33:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 18:32:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 17:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 17:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-14 11:43:39 ----D---- C:\Program Files\coyqhyf
2008-10-14 11:43:25 ----D---- C:\Documents and Settings\All Users\Application Data\uzobabwf
2008-10-04 16:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\unszuzix
2008-10-04 16:08:37 ----D---- C:\Documents and Settings\All Users\Application Data\xcnojorw
2008-10-04 10:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\sbmzarer
2008-10-04 08:46:21 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-03 08:51:15 ----D---- C:\Documents and Settings\All Users\Application Data\tipwjcdk

======List of files/folders modified in the last 1 months======

2008-10-25 20:19:55 ----D---- C:\WINDOWS\Prefetch
2008-10-25 20:17:48 ----D---- C:\WINDOWS\system32
2008-10-25 20:17:42 ----D---- C:\WINDOWS
2008-10-25 20:17:39 ----D---- C:\WINDOWS\Temp
2008-10-25 20:17:26 ----A---- C:\WINDOWS\zsmscc16.ini
2008-10-25 20:17:26 ----A---- C:\WINDOWS\system32\D2846900.DLL
2008-10-25 20:17:20 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 12:57:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-25 12:57:18 ----HD---- C:\WINDOWS\inf
2008-10-25 12:57:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 12:56:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-25 10:51:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-23 16:07:22 ----D---- C:\Program Files\mIRC
2008-10-23 16:06:06 ----D---- C:\Documents and Settings\Le\Application Data\mIRC
2008-10-23 15:30:48 ----D---- C:\Documents and Settings\Le\Application Data\uTorrent
2008-10-23 14:58:05 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-22 17:08:28 ----RD---- C:\Program Files
2008-10-22 13:49:53 ----SHD---- C:\WINDOWS\Installer
2008-10-22 13:49:53 ----D---- C:\Program Files\Windows Live
2008-10-22 13:49:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 13:48:24 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-22 13:44:15 ----D---- C:\WINDOWS\system32\drivers
2008-10-21 16:26:46 ----D---- C:\Program Files\Windows Media Player
2008-10-21 16:26:45 ----D---- C:\Program Files\Winamp
2008-10-21 16:26:45 ----D---- C:\Program Files\QuickTime
2008-10-21 16:26:41 ----D---- C:\Program Files\Internet Explorer
2008-10-21 16:26:40 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-21 16:26:40 ----D---- C:\Program Files\DivX
2008-10-21 16:26:40 ----D---- C:\Program Files\Common Files
2008-10-21 16:26:29 ----D---- C:\Program Files\Common Files\Motive
2008-10-21 12:19:47 ----AC---- C:\WINDOWS\IFinst27.exe
2008-10-19 12:44:08 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-17 12:33:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 12:33:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-17 12:32:35 ----D---- C:\Program Files\Adobe
2008-10-15 17:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 17:09:19 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 12:40:04 ----D---- C:\Fraps
2008-10-04 16:06:22 ----SHD---- C:\WINDOWS\CSC
2008-10-01 17:49:11 ----D---- C:\Documents and Settings\Le\Application Data\Aegisub

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-01-31 25900]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-21 130192]
R3 FETNDIS;10/100Mbps Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-03-06 40448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-21 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Le\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
S3 XDva104;XDva104; \??\C:\WINDOWS\system32\XDva104.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-07-27 45056]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 A87221CE;A87221CE; C:\WINDOWS\system32\1B738376.EXE [2008-10-23 14935]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

=====================
info.txt logfile of random's system information tool 1.04 2008-10-25 20:20:13

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Aegisub 2.1.2 Release Preview r1987-->"D:\Korean Dramas-OSTs\Aegisub\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sho Online-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\ShoOnline\IFU2C.inf
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UniKey 3.63-->C:\Program Files\UniKey\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
winpwn 2.0.0.4-->C:\Documents and Settings\Le\Desktop\itouch\winpwn\uninstall winpwn.exe
WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 localhost

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 27 October 2008 - 06:29 AM

Hi akiana,


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

Viewpoint
Viewpoint Manager
Viewpoint Media Player.



I also notice you have not any antivirus program installed in your system. it's somewhat suicidal in this digital world nowadays.
Please get ONE antivirus and install it. Restart the computer for changes to take effect.


avast! 4 Home Edition
AntiVir Free Edition

From your previous fixed, we find you have infected online game spyware which always steals your password or some valuable virtual products. You are well advised to change your passwords in a virus-free computer.
Remember to get one antivirus installed in your system,update your virus definitions, start scanning and post the scan results in your next reply. Thanks.



Step1


Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico (If you didn't set this Window Title by yourself, then fix checked)
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (If you didn't set this restrictions by yourself, then fix checked)
O20 - AppInit_DLLs: karna.dat
O23 - Service: A87221CE - Unknown owner - C:\WINDOWS\system32\1B738376.EXE


Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Click Start>Run>copy/paste the following in Open box> and Click OK

sc delete A87221CE

Reboot your pc.



Step2
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Step3

Download OTMoveIt3.exe by OldTimer and save it to your desktop.

  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    :Processes 
    explorer.exe
    
    :Files
    C:\WINDOWS\system32\k12249802621.exe
    C:\WINDOWS\system32\k12249465611.exe
    C:\WINDOWS\system32\k12247859271.exe
    C:\WINDOWS\system32\k12247636741.exe
    C:\WINDOWS\system32\k12247192931.exe
    C:\WINDOWS\system32\k12247143421.exe
    C:\WINDOWS\system32\zsmscc32.dll
    C:\WINDOWS\system32\zsmscc071001.dll
    C:\WINDOWS\system32\zsmscc071001.exe
    C:\WINDOWS\system32\k12246974991.exe
    C:\auto.exe
    C:\WINDOWS\system32\1B738376.EXE
    C:\Program Files\coyqhyf
    C:\WINDOWS\zsmscc16.ini
    C:\WINDOWS\system32\D2846900.DLL
    C:\WINDOWS\karna.dat
    C:\WINDOWS\system32\drivers\svchost.exe
    
    :Folders
    C:\Documents and Settings\All Users\Application Data\uzobabwf
    C:\Documents and Settings\All Users\Application Data\unszuzix
    C:\Documents and Settings\All Users\Application Data\xcnojorw
    C:\Documents and Settings\All Users\Application Data\sbmzarer
    C:\Documents and Settings\All Users\Application Data\tipwjcdk
    
    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\Azureus\Azureus.exe"=-
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    "C:\WINDOWS\system32\drivers\svchost.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5158fc32-9d37-11dd-a0e0-b6588697d68f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e6e21c0-75d8-11dd-a066-0010a720cb9e}]
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
You can refer to this thread for your reference.

Step4

Download to the desktop: Dr.Web CureIt

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Posted Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Please post back the logs in your next reply


1.OTmoveIT. text
2.DrWeb.csv
3.RSIT log.txt and info.txt

Tell me how things are going now.

#5 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 27 October 2008 - 07:48 PM

Hi,

I downloaded the avast program you listed but haven't done a scan with it, yet. I'm not sure if it's needed but it seems to interfere with OTMoveIt and Dr.Web, so I had it turned off while doing the scans with those two programs.

=================
OTMoveIt log:


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\k12249802621.exe moved successfully.
C:\WINDOWS\system32\k12249465611.exe moved successfully.
C:\WINDOWS\system32\k12247859271.exe moved successfully.
C:\WINDOWS\system32\k12247636741.exe moved successfully.
C:\WINDOWS\system32\k12247192931.exe moved successfully.
C:\WINDOWS\system32\k12247143421.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\zsmscc32.dll
C:\WINDOWS\system32\zsmscc32.dll NOT unregistered.
C:\WINDOWS\system32\zsmscc32.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\zsmscc071001.dll
C:\WINDOWS\system32\zsmscc071001.dll NOT unregistered.
C:\WINDOWS\system32\zsmscc071001.dll moved successfully.
C:\WINDOWS\system32\zsmscc071001.exe moved successfully.
C:\WINDOWS\system32\k12246974991.exe moved successfully.
C:\auto.exe moved successfully.
C:\WINDOWS\system32\1B738376.EXE moved successfully.
C:\Program Files\coyqhyf moved successfully.
C:\WINDOWS\zsmscc16.ini moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\D2846900.DLL
C:\WINDOWS\system32\D2846900.DLL NOT unregistered.
C:\WINDOWS\system32\D2846900.DLL moved successfully.
File/Folder C:\WINDOWS\karna.dat not found.
File/Folder C:\WINDOWS\system32\drivers\svchost.exe not found.
Error: Unable to interpret <:Folders> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\uzobabwf> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\unszuzix> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\xcnojorw> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\sbmzarer> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\tipwjcdk> in the current context!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5158fc32-9d37-11dd-a0e0-b6588697d68f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e6e21c0-75d8-11dd-a066-0010a720cb9e}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_740.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_98.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_ff0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\~DFE6AA.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_694.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10272008_121118

Files moved on Reboot...
File C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_740.dat not found!
File C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_98.dat not found!
File C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_ff0.dat not found!
C:\DOCUME~1\Le\LOCALS~1\Temp\~DFE6AA.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_694.dat not found!
C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Le\Local Settings\Application Data\Mozilla\Firefox\Profiles\f4rneqhr.default\XUL.mfl moved successfully.

=================
Dr.Web CureIt log:


autorun.inf;c:;Corrupt autorun file;Invalid path to file ;
auto.exe;d:\;Trojan.Popwin;Deleted.;
A0019232.exe\data002;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133\A0019232.exe;BackDoor.Sakl.135;;
A0019232.exe;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Archive contains infected objects;Moved.;
data002\data015;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP154\A0023284.exe\data002;Program.mIRC.623;;
data002;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP154\A0023284.exe;Archive contains infected objects;;
A0023284.exe;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP154;Archive contains infected objects;Moved.;
A0039611.inf;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin.857;Deleted.;
A0039612.exe;D:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin;Deleted.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Le\Desktop\SDFix\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Le\Desktop\SDFix;Archive contains infected objects;Moved.;
Process.exe;C:\Documents and Settings\Le\Desktop\SDFix\apps;Tool.Prockill;Incurable.Moved.;
Preview-T-3545425-hello vietnam.mp3;C:\Documents and Settings\Le\My Documents\LimeWire\Incomplete;Trojan.Click.18899;Incurable.Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.623;Incurable.Moved.;
A0019218.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0019219.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0019241.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0019243.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0019251.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0019253.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0020251.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP133;Trojan.Popwin;Deleted.;
A0020265.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP134;Trojan.Popwin;Deleted.;
A0020278.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP134;Trojan.Popwin;Deleted.;
A0020283.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP134;Trojan.Popwin;Deleted.;
A0020334.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP134;Trojan.Popwin;Deleted.;
A0020343.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP135;Trojan.Popwin;Deleted.;
A0020376.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin.origin;Incurable.Moved.;
A0020378.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin;Deleted.;
A0020386.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin;Deleted.;
A0020425.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin.origin;Incurable.Moved.;
A0020427.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin;Deleted.;
A0020435.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin;Deleted.;
A0020445.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP136;Trojan.Popwin.origin;Incurable.Moved.;
A0020603.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP138;Trojan.Popwin;Deleted.;
A0020623.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP138;Trojan.Popwin.origin;Incurable.Moved.;
A0020627.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP138;Trojan.Popwin;Deleted.;
A0020684.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP138;Trojan.Popwin;Deleted.;
A0020686.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP138;Trojan.Popwin;Deleted.;
A0020721.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP140;Trojan.Popwin;Deleted.;
A0020724.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP140;Trojan.Popwin;Deleted.;
A0020757.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP142;Trojan.Popwin;Deleted.;
A0020766.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP142;Trojan.Popwin;Deleted.;
A0020986.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP142;Trojan.Popwin;Deleted.;
A0020988.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP142;Trojan.Popwin;Deleted.;
A0021031.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP143;Trojan.Popwin;Deleted.;
A0021071.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP143;Trojan.Popwin;Deleted.;
A0021073.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP143;Trojan.Popwin;Deleted.;
A0021088.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP144;Trojan.Popwin;Deleted.;
A0021132.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP144;Trojan.Popwin.origin;Incurable.Moved.;
A0021136.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP144;Trojan.Popwin;Deleted.;
A0021162.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP144;Trojan.Popwin;Deleted.;
A0021194.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP144;Trojan.Popwin.origin;Incurable.Moved.;
A0021196.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP144;Trojan.Popwin;Deleted.;
A0021227.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin;Deleted.;
A0021280.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin.origin;Incurable.Moved.;
A0021282.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin;Deleted.;
A0021290.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin;Deleted.;
A0021301.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin.origin;Incurable.Moved.;
A0021310.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin.origin;Incurable.Moved.;
A0021321.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin.origin;Incurable.Moved.;
A0021332.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP145;Trojan.Popwin.origin;Incurable.Moved.;
A0021359.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin.origin;Incurable.Moved.;
A0021361.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021370.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021389.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin.origin;Incurable.Moved.;
A0021393.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021414.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021420.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021439.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021450.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin.origin;Incurable.Moved.;
A0021474.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin.origin;Incurable.Moved.;
A0021476.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021484.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021509.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin.origin;Incurable.Moved.;
A0021511.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021523.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin;Deleted.;
A0021532.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP146;Trojan.Popwin.origin;Incurable.Moved.;
A0021736.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP147;Trojan.Popwin.origin;Incurable.Moved.;
A0021747.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP147;Trojan.Popwin.origin;Incurable.Moved.;
A0021760.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP147;Trojan.Popwin.origin;Incurable.Moved.;
A0021788.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin;Deleted.;
A0021797.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin.origin;Incurable.Moved.;
A0021799.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin;Deleted.;
A0021832.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin;Deleted.;
A0021848.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin.origin;Incurable.Moved.;
A0021850.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin;Deleted.;
A0021858.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin;Deleted.;
A0021867.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP149;Trojan.Popwin.origin;Incurable.Moved.;
A0021894.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0022869.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin.origin;Incurable.Moved.;
A0022871.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0022888.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0022898.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin.origin;Incurable.Moved.;
A0022907.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin.origin;Incurable.Moved.;
A0022921.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin.origin;Incurable.Moved.;
A0022923.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0022942.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0022944.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0022952.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP150;Trojan.Popwin;Deleted.;
A0023049.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP151;Trojan.Popwin.origin;Incurable.Moved.;
A0023053.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP151;Trojan.Popwin;Deleted.;
A0023061.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP151;Trojan.Popwin;Deleted.;
A0023116.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP152;Trojan.Popwin.origin;Incurable.Moved.;
A0023122.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP152;Trojan.Popwin;Deleted.;
A0023129.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP152;Trojan.Popwin;Deleted.;
A0023138.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP152;Trojan.Popwin.origin;Incurable.Moved.;
A0023189.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP152;Trojan.Popwin.origin;Incurable.Moved.;
A0023208.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP153;Trojan.Popwin.origin;Incurable.Moved.;
A0023240.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP153;Trojan.Popwin.origin;Incurable.Moved.;
A0023292.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP154;Trojan.Popwin.origin;Incurable.Moved.;
A0023294.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP154;Trojan.Popwin;Deleted.;
A0023350.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP155;Trojan.Popwin;Deleted.;
A0023355.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP155;Trojan.Popwin;Deleted.;
A0023367.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP155;Trojan.Popwin.origin;Incurable.Moved.;
A0023420.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP155;Trojan.Popwin.origin;Incurable.Moved.;
A0023464.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP156;Trojan.Popwin.origin;Incurable.Moved.;
A0023481.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP157;Trojan.Popwin.origin;Incurable.Moved.;
A0023505.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP157;Trojan.Popwin.origin;Incurable.Moved.;
A0023522.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP157;Trojan.Popwin.origin;Incurable.Moved.;
A0023558.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP158;Trojan.Popwin.origin;Incurable.Moved.;
A0023567.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP158;Trojan.Popwin.origin;Incurable.Moved.;
A0023574.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP158;Trojan.Popwin.origin;Incurable.Moved.;
A0023584.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP158;Trojan.Popwin.origin;Incurable.Moved.;
A0023593.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP158;Trojan.Popwin.origin;Incurable.Moved.;
A0023626.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP159;Trojan.Popwin.origin;Incurable.Moved.;
A0023630.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP159;Trojan.Popwin;Deleted.;
A0023877.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP160;Trojan.Popwin;Deleted.;
A0023914.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP161;Trojan.Popwin.origin;Incurable.Moved.;
A0023924.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP161;Trojan.Popwin.origin;Incurable.Moved.;
A0023949.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP161;Trojan.Popwin.origin;Incurable.Moved.;
A0023951.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP161;Trojan.Popwin;Deleted.;
A0023966.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP162;Trojan.Popwin;Deleted.;
A0023999.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP163;Trojan.Popwin.origin;Incurable.Moved.;
A0024026.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP164;Trojan.Popwin.origin;Incurable.Moved.;
A0024028.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP164;Trojan.Popwin;Deleted.;
A0024042.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP164;Trojan.Popwin;Deleted.;
A0024076.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP165;Trojan.Popwin.origin;Incurable.Moved.;
A0024096.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP166;Trojan.Popwin.origin;Incurable.Moved.;
A0024118.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP167;Trojan.Popwin.origin;Incurable.Moved.;
A0024138.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin.origin;Incurable.Moved.;
A0024148.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin.origin;Incurable.Moved.;
A0025151.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin.origin;Incurable.Moved.;
A0025172.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin.origin;Incurable.Moved.;
A0025174.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin;Deleted.;
A0025181.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin;Deleted.;
A0027276.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin.origin;Incurable.Moved.;
A0027281.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP168;Trojan.Popwin;Deleted.;
A0027356.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP169;Trojan.Popwin;Deleted.;
A0027358.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP169;Trojan.Popwin;Deleted.;
A0027377.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP169;Trojan.Popwin;Deleted.;
A0027386.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP169;Trojan.Popwin;Deleted.;
A0027388.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP169;Trojan.Popwin;Deleted.;
A0027404.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP170;Trojan.Popwin;Deleted.;
A0029422.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin.origin;Incurable.Moved.;
A0029432.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin.origin;Incurable.Moved.;
A0029451.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin.origin;Incurable.Moved.;
A0029455.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin;Deleted.;
A0029466.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin;Deleted.;
A0029488.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin.origin;Incurable.Moved.;
A0029509.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin.origin;Incurable.Moved.;
A0029529.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP171;Trojan.Popwin.origin;Incurable.Moved.;
A0031548.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin.origin;Incurable.Moved.;
A0031571.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin.origin;Incurable.Moved.;
A0031578.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031582.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031589.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031597.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031604.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031606.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031619.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP172;Trojan.Popwin;Deleted.;
A0031659.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP174;Trojan.Popwin.origin;Incurable.Moved.;
A0031678.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP174;Trojan.Popwin.origin;Incurable.Moved.;
A0031680.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP174;Trojan.Popwin;Deleted.;
A0031695.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP174;Trojan.Popwin;Deleted.;
A0035800.sys;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Fakealert.458;Deleted.;
A0035809.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin.origin;Incurable.Moved.;
A0035818.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0035824.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0035826.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0035840.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0035844.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0035855.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0037869.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin;Deleted.;
A0037877.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin.origin;Incurable.Moved.;
A0037887.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP175;Trojan.Popwin.origin;Incurable.Moved.;
A0038028.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin.origin;Incurable.Moved.;
A0038043.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin.origin;Incurable.Moved.;
A0038045.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038058.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038067.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin.origin;Incurable.Moved.;
A0038086.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin.origin;Incurable.Moved.;
A0038094.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038096.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038147.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038159.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038163.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038175.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP176;Trojan.Popwin;Deleted.;
A0038212.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin.origin;Incurable.Moved.;
A0038224.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin.origin;Incurable.Moved.;
A0038236.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin.origin;Incurable.Moved.;
A0038246.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin.origin;Incurable.Moved.;
A0038594.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin.origin;Incurable.Moved.;
A0038596.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin;Deleted.;
A0038608.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin;Deleted.;
A0038659.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin.origin;Incurable.Moved.;
A0038667.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP178;Trojan.Popwin;Deleted.;
A0038721.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038736.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038739.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038746.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038755.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038803.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Tool.Prockill;Incurable.Moved.;
A0038833.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038836.inf;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.857;Deleted.;
A0038837.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038841.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038842.inf;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.857;Deleted.;
A0038843.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038881.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038897.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038908.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038910.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038920.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0038922.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0038944.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Tool.Prockill;Incurable.Moved.;
A0039005.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Tool.Prockill;Incurable.Moved.;
A0039083.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Tool.Prockill;Incurable.Moved.;
A0039123.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin;Deleted.;
A0039143.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP179;Trojan.Popwin.origin;Incurable.Moved.;
A0039160.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP180;Trojan.Popwin.origin;Incurable.Moved.;
A0039162.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP180;Trojan.Popwin;Deleted.;
A0039174.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP180;Trojan.Popwin;Deleted.;
A0039185.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP180;Trojan.Popwin.origin;Incurable.Moved.;
A0039194.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP180;Trojan.Popwin.origin;Incurable.Moved.;
A0039230.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP180;Trojan.Popwin.origin;Incurable.Moved.;
A0039273.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039277.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin;Deleted.;
A0039286.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin;Deleted.;
A0039293.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039302.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039308.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039320.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039328.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039337.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039349.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039369.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP181;Trojan.Popwin.origin;Incurable.Moved.;
A0039434.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Click.5042;Deleted.;
A0039435.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin.origin;Incurable.Moved.;
A0039443.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Click.5042;Deleted.;
A0039445.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin.origin;Incurable.Moved.;
A0039458.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Click.5042;Deleted.;
A0039460.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin.origin;Incurable.Moved.;
A0039464.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin.origin;Incurable.Moved.;
A0039480.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Click.5042;Deleted.;
A0039482.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin.origin;Incurable.Moved.;
A0039484.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin;Deleted.;
A0039497.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Click.5042;Deleted.;
A0039499.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP184;Trojan.Popwin;Deleted.;
A0039514.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Click.5042;Deleted.;
A0039516.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin.origin;Incurable.Moved.;
A0039525.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Click.5042;Deleted.;
A0039527.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin.origin;Incurable.Moved.;
A0039531.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin.origin;Incurable.Moved.;
A0039542.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Click.5042;Deleted.;
A0039544.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin.origin;Incurable.Moved.;
A0039546.EXE;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin;Deleted.;
A0039552.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Click.5042;Deleted.;
A0039554.DLL;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin;Deleted.;
A0039580.dll;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Click.5042;Deleted.;
A0039610.inf;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Trojan.Popwin.857;Deleted.;
A0039613.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185\A0039613.exe;Tool.Prockill;;
A0039613.exe;C:\System Volume Information\_restore{57A92B01-94ED-4E37-8086-12D3FE530E52}\RP185;Archive contains infected objects;Moved.;
k12250381761.exe;C:\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12250689131.exe;C:\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12251223711.exe;C:\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
auto.exe;C:\_OTMoveIt\MovedFiles\10272008_121118;Trojan.Popwin;Deleted.;
1B738376.EXE;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.Popwin.origin;Incurable.Moved.;
D2846900.DLL;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.Popwin.origin;Incurable.Moved.;
k12246974991.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12247143421.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12247192931.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12247636741.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12247859271.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12249465611.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
k12249802621.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
zsmscc071001.dll;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.6747;Deleted.;
zsmscc071001.exe;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.PWS.Gamania.5414;Deleted.;
zsmscc32.dll;C:\_OTMoveIt\MovedFiles\10272008_121118\WINDOWS\system32;Trojan.Click.5042;Deleted.;

=================
For some reason, RSIT didn't give an info.txt. I tried executing the program twice and both time, only the log.txt showed up.
log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Le at 2008-10-27 20:33:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 18 GB (45%) free of 40 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:15 PM, on 27/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Le\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Le.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7738A49F-BC52-4AD8-93BC-BCBF3F492F0C}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 8819 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-01 2403392]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"MotiveReportAgent"=C:\Program Files\Common Files\Motive\McciBootStrapper.exe [2007-08-14 202240]
"StandardInstall"= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-24 68856]
"cdloader"=C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe [2007-12-21 50520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Le\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Rohan\rohanclient.exe"="C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Aeria Games\Dreamlords\dreamlords.exe"="C:\Aeria Games\Dreamlords\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe46aa4-05a6-11dd-9f31-0010a720cb9e}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 1 months======

2008-10-27 12:11:18 ----D---- C:\_OTMoveIt
2008-10-27 11:52:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-27 11:52:45 ----D---- C:\Program Files\Alwil Software
2008-10-25 20:20:07 ----D---- C:\rsit
2008-10-25 12:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 17:08:28 ----D---- C:\Program Files\Trend Micro
2008-10-21 12:20:02 ----D---- C:\Program Files\ShoOnline
2008-10-19 12:42:00 ----D---- C:\WINDOWS\ERUNT
2008-10-18 09:31:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 23:09:13 ----D---- C:\WSI
2008-10-16 18:34:08 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 18:33:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 18:32:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 17:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 17:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-14 11:43:25 ----D---- C:\Documents and Settings\All Users\Application Data\uzobabwf
2008-10-04 16:08:55 ----D---- C:\Documents and Settings\All Users\Application Data\unszuzix
2008-10-04 16:08:37 ----D---- C:\Documents and Settings\All Users\Application Data\xcnojorw
2008-10-04 10:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\sbmzarer
2008-10-04 08:46:21 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-03 08:51:15 ----D---- C:\Documents and Settings\All Users\Application Data\tipwjcdk

======List of files/folders modified in the last 1 months======

2008-10-27 20:30:04 ----D---- C:\Program Files\Mozilla Firefox
2008-10-27 20:17:19 ----D---- C:\WINDOWS\Temp
2008-10-27 20:17:09 ----D---- C:\WINDOWS
2008-10-27 19:21:47 ----D---- C:\WINDOWS\system32
2008-10-27 12:21:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-27 12:17:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 12:11:52 ----RD---- C:\Program Files
2008-10-27 12:11:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-27 12:10:44 ----D---- C:\WINDOWS\Prefetch
2008-10-27 12:06:33 ----D---- C:\WINDOWS\system32\config
2008-10-27 11:53:11 ----D---- C:\WINDOWS\system32\drivers
2008-10-27 11:47:50 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-26 14:21:04 ----D---- C:\Program Files\mIRC
2008-10-26 13:50:05 ----D---- C:\Documents and Settings\Le\Application Data\mIRC
2008-10-25 12:57:18 ----HD---- C:\WINDOWS\inf
2008-10-25 12:57:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 12:56:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 15:30:48 ----D---- C:\Documents and Settings\Le\Application Data\uTorrent
2008-10-23 14:58:05 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-22 13:49:53 ----SHD---- C:\WINDOWS\Installer
2008-10-22 13:49:53 ----D---- C:\Program Files\Windows Live
2008-10-22 13:49:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 13:48:24 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-21 16:26:46 ----D---- C:\Program Files\Windows Media Player
2008-10-21 16:26:45 ----D---- C:\Program Files\Winamp
2008-10-21 16:26:45 ----D---- C:\Program Files\QuickTime
2008-10-21 16:26:41 ----D---- C:\Program Files\Internet Explorer
2008-10-21 16:26:40 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-21 16:26:40 ----D---- C:\Program Files\DivX
2008-10-21 16:26:40 ----D---- C:\Program Files\Common Files
2008-10-21 16:26:29 ----D---- C:\Program Files\Common Files\Motive
2008-10-21 12:19:47 ----AC---- C:\WINDOWS\IFinst27.exe
2008-10-17 12:33:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 12:33:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-17 12:32:35 ----D---- C:\Program Files\Adobe
2008-10-15 17:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 17:09:19 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 12:40:04 ----D---- C:\Fraps
2008-10-04 16:06:22 ----SHD---- C:\WINDOWS\CSC
2008-10-01 17:49:11 ----D---- C:\Documents and Settings\Le\Application Data\Aegisub

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-01-31 25900]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-21 130192]
R3 FETNDIS;10/100Mbps Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-03-06 40448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-21 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Le\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
S3 XDva104;XDva104; \??\C:\WINDOWS\system32\XDva104.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-07-27 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

After those scans, my computer runs much faster than it did yesterday. Plus, I was able to open C:/D: drives without having them loaded to separate windows. IE/rundll32 aren't in the task manager whenever I reboot. So are the logs clean, or is it still too early?

Edited by akiana, 27 October 2008 - 08:01 PM.


#6 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 29 October 2008 - 02:07 PM

Hi,

Since yesterday, there were a couple of "windows alerts" , saying that my computer has been infected with "Trojan-Keylogger.WIN32.FUNG" and in the task manager, I saw a process by the name of: mupd1_2_1165664.exe. Avast also detected a virus in svchost.exe.

Are these infections from the remnants of the above infected files or are they newly acquired?

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 31 October 2008 - 05:49 AM

Hi akiana,

...,I had it turned off while doing the scans with those two programs.

:thumbsup:

For some reason, RSIT didn't give an info.txt. I tried executing the program twice and both time, only the log.txt showed up


That's ok. When running RSIT in the second time, The info.txt should be deleted in the C:\rist folder beforehand.

Are these infections from the remnants of the above infected files or are they newly acquired?


I have no idea about this. but you can go to Here for your reference. If not working, we will deal with it after all.

You're doing well. :) The clean process is not instant, and we need to check your system with different ways to ensure you are free of virus.
Until then, you are good to go. Please be patient and follow all instructions below. Thanks.


Step1

Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK

Use Windows Explorer to find and delete these folders(if found):

C:\Documents and Settings\All Users\Application Data\uzobabwf
C:\Documents and Settings\All Users\Application Data\unszuzix
C:\Documents and Settings\All Users\Application Data\xcnojorw
C:\Documents and Settings\All Users\Application Data\sbmzarer
C:\Documents and Settings\All Users\Application Data\tipwjcdk



Step2

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 10 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

Step3

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
You can refer to this thread for your reference.



Please post back the logs in your next reply


1.KAS online scan report
2.RSIT log.txt and info.txt

Thanks

#8 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 31 October 2008 - 04:40 PM

Hello,

I tried to follow the steps to remove mupd1_2_1165664.exe manually but it didn't seem to work (it isn't a .dll). I located where the file reside but wasn't sure if it was safe to just delete it. So I downloaded the tool to remove it but didn't know it was a pay-for-service type of program.. heh :thumbsup:

Anyway, here are the logs you requested:

===================
Kaspersky scan:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, October 31, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 31, 2008 13:19:31
Records in database: 1363805
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 61852
Threat name: 9
Infected objects: 123
Suspicious objects: 0
Duration of the scan: 01:51:48


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\1B738376.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0019232.exe Infected: Trojan.Win32.Agent.xjc 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020376.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020425.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020445.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020623.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021132.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021194.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021280.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021301.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021310.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021321.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021332.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021359.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021389.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021450.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021474.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021509.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021532.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021736.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021747.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021760.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021797.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021848.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021867.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022869.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022898.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022907.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022921.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023049.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023116.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023138.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023189.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023208.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023240.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023284.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023292.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023367.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023420.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023464.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023481.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023505.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023522.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023558.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023567.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023574.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023584.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023593.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023626.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023914.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023924.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023949.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023999.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024026.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024076.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024096.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024118.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024138.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024148.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0025151.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0025172.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0027276.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029422.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029432.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029451.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029488.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029509.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029529.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031548.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031571.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031659.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031678.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0035809.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0037877.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0037887.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038028.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038043.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038067.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038086.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038212.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038224.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038236.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038246.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038594.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038659.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038739.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038746.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038755.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038841.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038908.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038910.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038920.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039143.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039160.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039185.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039194.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039230.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039273.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039293.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039302.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039308.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039320.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039328.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039337.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039349.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039369.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039435.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039445.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039460.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039464.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039482.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039516.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039527.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039531.EXE Infected: Trojan-GameThief.Win32.Magania.gen 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039544.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\autorun.inf Infected: Worm.Win32.AutoRun.aaz 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\D2846900.DLL Infected: Worm.Win32.AutoRun.lyj 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\Preview-T-3545425-hello vietnam.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe Infected: not-a-virus:FraudTool.Win32.PersonalDefender2009.a 1
C:\Documents and Settings\Le\Desktop\SDFix\backups\backups.zip Infected: Backdoor.Win32.Agent.cpc 1
C:\Documents and Settings\Le\Desktop\SDFix\backups\backups.zip Infected: Worm.Win32.AutoRun.aaz 1
C:\_OTMoveIt\MovedFiles\10272008_121118\Program Files\coyqhyf\WebSrvSys.dll Infected: Trojan.Win32.Obfuscated.viz 1

The selected area was scanned.

===================
Log text


Logfile of random's system information tool 1.04 (written by random/random)
Run by Le at 2008-10-31 17:31:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (47%) free of 40 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:20 PM, on 31/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Le\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Le.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Documents and Settings\Le\Desktop\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7738A49F-BC52-4AD8-93BC-BCBF3F492F0C}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 9461 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-01 2403392]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"MotiveReportAgent"=C:\Program Files\Common Files\Motive\McciBootStrapper.exe [2007-08-14 202240]
"StandardInstall"= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SNM"=C:\Documents and Settings\Le\Desktop\SpyNoMore\SNM.exe /startup []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-31 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-24 68856]
"cdloader"=C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe [2007-12-21 50520]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-10-28 32256]
"asus32"=C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe [2008-10-28 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Le\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Rohan\rohanclient.exe"="C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Aeria Games\Dreamlords\dreamlords.exe"="C:\Aeria Games\Dreamlords\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe46aa4-05a6-11dd-9f31-0010a720cb9e}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 1 months======

2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\java.exe
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-31 14:23:16 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-27 12:11:18 ----D---- C:\_OTMoveIt
2008-10-27 11:52:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-27 11:52:45 ----D---- C:\Program Files\Alwil Software
2008-10-25 20:20:07 ----D---- C:\rsit
2008-10-25 12:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 17:08:28 ----D---- C:\Program Files\Trend Micro
2008-10-21 12:20:02 ----D---- C:\Program Files\ShoOnline
2008-10-19 12:42:00 ----D---- C:\WINDOWS\ERUNT
2008-10-18 09:31:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 23:09:13 ----D---- C:\WSI
2008-10-16 18:34:08 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 18:33:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 18:32:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 17:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 17:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-04 08:46:21 ----HD---- C:\WINDOWS\system32\GroupPolicy

======List of files/folders modified in the last 1 months======

2008-10-31 17:30:53 ----D---- C:\WINDOWS\Temp
2008-10-31 17:30:41 ----D---- C:\WINDOWS
2008-10-31 17:29:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-31 15:11:21 ----D---- C:\WINDOWS\Prefetch
2008-10-31 15:01:00 ----D---- C:\Program Files\Mozilla Firefox
2008-10-31 14:45:49 ----SHD---- C:\WINDOWS\Installer
2008-10-31 14:45:45 ----D---- C:\WINDOWS\system32
2008-10-31 14:45:28 ----D---- C:\Program Files\Java
2008-10-31 14:44:50 ----D---- C:\Program Files\Common Files
2008-10-29 16:54:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 21:05:06 ----D---- C:\Documents and Settings\Le\Application Data\Ahead
2008-10-28 21:05:06 ----D---- C:\Documents and Settings\Le\Application Data\AdobeUM
2008-10-28 21:05:06 ----D---- C:\Documents and Settings\Le\Application Data\Adobe
2008-10-28 21:04:06 ----D---- C:\Documents and Settings\Le\Application Data\Google
2008-10-28 20:59:40 ----D---- C:\WINDOWS\system32\drivers
2008-10-27 12:21:40 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-27 12:11:52 ----RD---- C:\Program Files
2008-10-27 12:06:33 ----D---- C:\WINDOWS\system32\config
2008-10-27 11:47:50 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-26 14:21:04 ----D---- C:\Program Files\mIRC
2008-10-26 13:50:05 ----D---- C:\Documents and Settings\Le\Application Data\mIRC
2008-10-25 12:57:18 ----HD---- C:\WINDOWS\inf
2008-10-25 12:57:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 12:56:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 15:30:48 ----D---- C:\Documents and Settings\Le\Application Data\uTorrent
2008-10-23 14:58:05 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-22 13:49:53 ----D---- C:\Program Files\Windows Live
2008-10-22 13:49:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 13:48:24 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-21 16:26:46 ----D---- C:\Program Files\Windows Media Player
2008-10-21 16:26:45 ----D---- C:\Program Files\Winamp
2008-10-21 16:26:45 ----D---- C:\Program Files\QuickTime
2008-10-21 16:26:41 ----D---- C:\Program Files\Internet Explorer
2008-10-21 16:26:40 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-21 16:26:40 ----D---- C:\Program Files\DivX
2008-10-21 16:26:29 ----D---- C:\Program Files\Common Files\Motive
2008-10-21 12:19:47 ----AC---- C:\WINDOWS\IFinst27.exe
2008-10-17 12:33:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 12:33:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-17 12:32:35 ----D---- C:\Program Files\Adobe
2008-10-15 17:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 17:09:19 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 12:40:04 ----D---- C:\Fraps
2008-10-04 16:06:22 ----SHD---- C:\WINDOWS\CSC
2008-10-01 17:49:11 ----D---- C:\Documents and Settings\Le\Application Data\Aegisub

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-01-31 25900]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-21 130192]
R3 FETNDIS;10/100Mbps Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-03-06 40448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-21 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Le\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
S3 XDva104;XDva104; \??\C:\WINDOWS\system32\XDva104.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-07-27 45056]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

===================
Info text:


info.txt logfile of random's system information tool 1.04 2008-10-31 17:31:27

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Aegisub 2.1.2 Release Preview r1987-->"D:\Korean Dramas-OSTs\Aegisub\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sho Online-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\ShoOnline\IFU2C.inf
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UniKey 3.63-->C:\Program Files\UniKey\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
winpwn 2.0.0.4-->C:\Documents and Settings\Le\Desktop\itouch\winpwn\uninstall winpwn.exe
WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O23 - Service: A87221CE - Unknown owner - C:\WINDOWS\system32\1B738376.EXE
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O20 - AppInit_DLLs: karna.dat

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081031-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 01 November 2008 - 12:36 PM

Hi akiana,


Please delete the SDFix folder from your desktop. We need to download new update verson of SDFix since it updates quickly, and following all instructions in the following.


Step1

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."

Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe



Step2

A.
Open Task Manager by pressing Ctrl + Alt + Delete keys simultaneously
Click Processes
Click Image Name to Alphabetize the list, locate (if found)

mupd1_2_1165664.exe
mupd1_2_1711951.exe


and Click on it, Click End Process, Close Task Manager


B.
Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe"

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".


C.
Run OTMoveIt3 from your desktop
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    [size="2"]
    :Processes 
    explorer.exe
    
    :Files
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.


Step3
  • Please go to F-Secure website to perform an online scan. Click on Start scanning at the bottom of the page.
  • You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
  • Click on Accept to accept the License Agreement.
  • Click on Custom Scan.
  • Under Virus Scan Options, select the Scan whole system option.
  • Under Other Scan Options, select these options:
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Scan inside archives
  • Use advanced heuristics
[*]Click Start.
[*]It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
[*]Click on I want decide item by item.
[*]Under Actions, select None for all infections found.
[*]Click Next.
[*]Click on Show Report.
[*]Please copy and paste this report in your next reply.
[*]Click Finish.
[/list]Note:
You also can find F-Secure report from C:\Documents and Settings\<user name>\Application Data\Local\Temp\OnlineScanner\ols_report.html



Please post back the logs in your next reply


1.F-Secure online scan report
2.OTMoveIT log
3.RSIT log.txt

Tell me how things are going now.

#10 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 01 November 2008 - 10:39 PM

Hello,

I downloaded SDFix, but instead of letting me choose where to extract the files, it automatically extracted itself to my desktop; then it couldn't find the install.txt (which wasn't in the directory path it was looking for). Other than that, everything worked fine with program.

I checked my C drive after the online scan at F-Secure and noticed a newly created folder with the name: fsaua.data -- what is it?

Here are the logs:

====================================
SDFIX


SDFix: Version 1.238
Run by Le on 01/11/2008 at 05:06 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Le\Desktop\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\svchost.exe - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 17:16:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Rohan\\rohanclient.exe"="C:\\Rohan\\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Le\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\Le\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"
"C:\\Aeria Games\\Dreamlords\\dreamlords.exe"="C:\\Aeria Games\\Dreamlords\\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\Le\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 12 Jun 2008 827,000 A..H. --- "C:\Documents and Settings\Le\Application Data\mjusbsp\install.exe"
Fri 21 Dec 2007 6,157,296 A..H. --- "C:\Documents and Settings\Le\Application Data\mjusbsp\in00000\setup.exe"
Fri 21 Dec 2007 873,704 A..H. --- "C:\Documents and Settings\Le\Application Data\mjusbsp\Upgrade\install1.exe"
Fri 21 Dec 2007 6,157,296 A..H. --- "C:\Documents and Settings\Le\Application Data\mjusbsp\Upgrade\setup1.exe"

Finished!


====================================
F-Secure online scan


Scanning Report
Saturday, November 01, 2008 17:35:44 - 23:18:31

Computer name: VIETSOFT-42F828
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 120 malware found
Backdoor:W32/Popwin.O (virus)

* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\1B738376.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020376.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020425.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020445.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0020623.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021132.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021194.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021280.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021301.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021310.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021321.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021332.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021359.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021389.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021450.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021474.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021509.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021532.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021736.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021747.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021760.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021797.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021848.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0021867.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022869.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022898.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022907.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0022921.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023049.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023116.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023138.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023189.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023208.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023240.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023292.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023367.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023420.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023464.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023481.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023505.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023522.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023558.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023567.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023574.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023584.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023593.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023626.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023914.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023924.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023949.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0023999.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024026.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024076.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024096.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024118.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024138.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0024148.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0025151.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0025172.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0027276.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029422.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029432.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029451.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029488.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029509.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0029529.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031548.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031571.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031659.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0031678.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0035809.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0037877.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0037887.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038028.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038043.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038067.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038086.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038212.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038224.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038236.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038246.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038594.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038659.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038739.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038746.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038755.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038841.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038908.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038910.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0038920.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039143.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039160.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039185.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039194.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039230.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039273.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039293.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039302.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039308.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039320.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039328.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039337.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039349.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039369.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039435.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039445.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039460.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039464.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039482.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039516.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039527.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039531.EXE
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0039544.DLL
* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\D2846900.DLL

Trojan-Downloader.WMA.GetCodec.c (virus)

* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\Preview-T-3545425-hello vietnam.mp3

Trojan.Win32.Agent.xjc (virus)

* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\A0019232.exe

Trojan.Win32.Obfuscated.viz (virus)

* C:\_OTMoveIt\MovedFiles\10272008_121118\Program Files\coyqhyf\WebSrvSys.dll

W32/Suspicious_U.gen (virus)

* C:\WINDOWS\system32\k12186252261.exe
* C:\WINDOWS\system32\k12188176511.exe

Worm.Win32.AutoRun.aaz (virus)

* C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\autorun.inf

Statistics
Scanned:

* Files: 241162
* System: 3423
* Not scanned: 451

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 120
* Submitted: 0

Files not scanned:

* x�x�IBERFIL.SYS C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_54C.DAT
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
* C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
* root.img
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LE\NTUSER.DAT
* C:\DOCUMENTS AND SETTINGS\LE\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\LE\LOCAL SETTINGS\TEMP\JAR_CACHE60244.TMP
* C:\DOCUMENTS AND SETTINGS\LE\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_2D4.DAT
* C:\DOCUMENTS AND SETTINGS\LE\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_CF8.DAT
* C:\DOCUMENTS AND SETTINGS\LE\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_D14.DAT
* C:\DOCUMENTS AND SETTINGS\LE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
* C:\DOCUMENTS AND SETTINGS\LE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
* C:\Documents and Settings\Le\Desktop\itouch\iPod1,1_2.0.1_5B108_Restore.ipsw\.fseventsd\000000000af159ea\
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{06A6B68D-61C8-492A-9A03-365E5BE9DBF8}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{07213858-77B4-4729-AB57-39E2B6123F1D}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{087C8BF1-524A-4AB6-8206-8335A58EA8A8}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{0D501BB4-4D17-4996-9F6B-0EF9FBF3BA89}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{0FC8AF5E-F783-40D6-93FA-393620EB606A}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{1039332F-C5EE-40BE-A3C6-A878504960E5}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{14AAC95D-5FE4-4A4E-A80E-5EF99FA356AF}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{17CFE232-58AB-4023-B59C-464CBAEF8A3E}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{1969AED0-CF21-4D1E-B553-67509FA688C0}
* C:\Documents and Settings\Le\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 10-05-2008 - 14-08-28.SBU\{:��
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_54C.DAT
* C:\WINDOWS\TEMP\PERFLIB_PERFDATA_790.DAT
* C:\WINDOWS\SYSTEM32\BIOS1.ROM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS�T

Options
Scanning engines:

* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2008-11-01
* F-Secure AVP: 7.0.171, 2008-10-31
* F-Secure Pegasus: 1.20.0, 2008-09-21
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure


====================================
OTMoveIt


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\svchost.exe not found.
C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_b50.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_ed4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_edc.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 11012008_172533

Files moved on Reboot...
File C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_b50.dat not found!
File C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_ed4.dat not found!
File C:\DOCUME~1\Le\LOCALS~1\Temp\Perflib_Perfdata_edc.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7cc.dat not found!


====================================
Log text


Logfile of random's system information tool 1.04 (written by random/random)
Run by Le at 2008-11-01 23:20:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (47%) free of 40 GB
Total RAM: 511 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:13 PM, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Le\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Le.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MotiveReportAgent] "C:\Program Files\Common Files\Motive\McciBootStrapper.exe" /url="-url=file://C:\Program Files\Common Files\Motive\ReportAgent.html" /browsertype=CustomMSIE /browserpath="C:\Program Files\Common Files\Motive\motivebrowser.exe" /hidden
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SNM] C:\Documents and Settings\Le\Desktop\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7738A49F-BC52-4AD8-93BC-BCBF3F492F0C}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 9281 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-01 2403392]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"StatusClient"=C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]
"TomcatStartup"=C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"MotiveReportAgent"=C:\Program Files\Common Files\Motive\McciBootStrapper.exe [2007-08-14 202240]
"StandardInstall"= []
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SNM"=C:\Documents and Settings\Le\Desktop\SpyNoMore\SNM.exe /startup []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-31 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-24 68856]
"cdloader"=C:\Documents and Settings\Le\Application Data\mjusbsp\cdloader2.exe [2007-12-21 50520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Le\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Rohan\rohanclient.exe"="C:\Rohan\rohanclient.exe:*:Enabled:Rohan Online Game"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Le\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Aeria Games\Dreamlords\dreamlords.exe"="C:\Aeria Games\Dreamlords\dreamlords.exe:*:Enabled:Dreamlords Game Client"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe46aa4-05a6-11dd-9f31-0010a720cb9e}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 1 months======

2008-11-01 17:29:54 ----D---- C:\fsaua.data
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\java.exe
2008-10-31 14:45:45 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-31 14:23:16 ----D---- C:\Program Files\Common Files\Download Manager
2008-10-27 12:11:18 ----D---- C:\_OTMoveIt
2008-10-27 11:52:47 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-27 11:52:45 ----D---- C:\Program Files\Alwil Software
2008-10-25 20:20:07 ----D---- C:\rsit
2008-10-25 12:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 17:08:28 ----D---- C:\Program Files\Trend Micro
2008-10-21 12:20:02 ----D---- C:\Program Files\ShoOnline
2008-10-19 12:42:00 ----D---- C:\WINDOWS\ERUNT
2008-10-18 09:31:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 23:09:13 ----D---- C:\WSI
2008-10-16 18:34:08 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 18:33:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 18:32:34 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 17:09:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 17:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 17:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 17:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 17:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 17:06:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-04 08:46:21 ----HD---- C:\WINDOWS\system32\GroupPolicy

======List of files/folders modified in the last 1 months======

2008-11-01 23:18:45 ----D---- C:\Program Files\Mozilla Firefox
2008-11-01 21:31:00 ----D---- C:\WINDOWS\Temp
2008-11-01 17:35:54 ----D---- C:\WINDOWS\Prefetch
2008-11-01 17:35:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-01 17:29:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 17:27:18 ----D---- C:\WINDOWS
2008-11-01 17:26:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 17:25:33 ----D---- C:\Documents and Settings\Le\Application Data\Google
2008-11-01 17:09:27 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 17:05:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-31 14:45:49 ----SHD---- C:\WINDOWS\Installer
2008-10-31 14:45:45 ----D---- C:\WINDOWS\system32
2008-10-31 14:45:28 ----D---- C:\Program Files\Java
2008-10-31 14:44:50 ----D---- C:\Program Files\Common Files
2008-10-28 21:05:06 ----D---- C:\Documents and Settings\Le\Application Data\Ahead
2008-10-28 21:05:06 ----D---- C:\Documents and Settings\Le\Application Data\AdobeUM
2008-10-28 21:05:06 ----D---- C:\Documents and Settings\Le\Application Data\Adobe
2008-10-27 12:11:52 ----RD---- C:\Program Files
2008-10-27 12:06:33 ----D---- C:\WINDOWS\system32\config
2008-10-27 11:47:50 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-26 14:21:04 ----D---- C:\Program Files\mIRC
2008-10-26 13:50:05 ----D---- C:\Documents and Settings\Le\Application Data\mIRC
2008-10-25 12:57:18 ----HD---- C:\WINDOWS\inf
2008-10-25 12:57:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 12:56:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-23 15:30:48 ----D---- C:\Documents and Settings\Le\Application Data\uTorrent
2008-10-23 14:58:05 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-22 13:49:53 ----D---- C:\Program Files\Windows Live
2008-10-22 13:49:28 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 13:48:24 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-10-21 16:26:46 ----D---- C:\Program Files\Windows Media Player
2008-10-21 16:26:45 ----D---- C:\Program Files\Winamp
2008-10-21 16:26:45 ----D---- C:\Program Files\QuickTime
2008-10-21 16:26:41 ----D---- C:\Program Files\Internet Explorer
2008-10-21 16:26:40 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-21 16:26:40 ----D---- C:\Program Files\DivX
2008-10-21 16:26:29 ----D---- C:\Program Files\Common Files\Motive
2008-10-21 12:19:47 ----AC---- C:\WINDOWS\IFinst27.exe
2008-10-17 12:33:02 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-17 12:32:35 ----D---- C:\Program Files\Adobe
2008-10-15 17:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-15 17:09:19 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 12:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 12:40:04 ----D---- C:\Fraps
2008-10-04 16:06:22 ----SHD---- C:\WINDOWS\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-01-31 25900]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-21 130192]
R3 FETNDIS;10/100Mbps Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2006-03-06 40448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-21 178672]
R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Le\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 XDva037;XDva037; \??\C:\WINDOWS\system32\XDva037.sys []
S3 XDva076;XDva076; \??\C:\WINDOWS\system32\XDva076.sys []
S3 XDva104;XDva104; \??\C:\WINDOWS\system32\XDva104.sys []
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE [2008-07-27 45056]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-03-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


====================================
Info text


info.txt logfile of random's system information tool 1.04 2008-11-01 23:20:21

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Audition 2.0-->msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Aegisub 2.1.2 Release Preview r1987-->"D:\Korean Dramas-OSTs\Aegisub\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sho Online-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\ShoOnline\IFU2C.inf
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
UniKey 3.63-->C:\Program Files\UniKey\uninst.exe
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
winpwn 2.0.0.4-->C:\Documents and Settings\Le\Desktop\itouch\winpwn\uninstall winpwn.exe
WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O23 - Service: A87221CE - Unknown owner - C:\WINDOWS\system32\1B738376.EXE
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O20 - AppInit_DLLs: karna.dat
O4 - HKCU\..\Run: [asus32] "C:\Documents and Settings\Le\Application Data\Google\mupd1_2_1165664.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081101-0] (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 02 November 2008 - 10:33 AM

Hi akiana,



I checked my C drive after the online scan at F-Secure and noticed a newly created folder with the name: fsaua.data -- what is it?


You can delete it while your system is clean. Go to this thread for your reference.

Things are getting better. :thumbsup: but we still have something to do, please do the following.



Step1


Run OTMoveIt3 from your desktop
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    :Processes 
    explorer.exe
    
    :Files
    C:\WINDOWS\system32\k12186252261.exe
    C:\WINDOWS\system32\k12188176511.exe 
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Step2


Go to Start > My Computer
Go to Tools > Folder Options
Click on the View tab
Untick the following:
  • Hide extensions for known file types
  • Hide protected operating system files (Recommended)
You will get a message warning you about showing protected operating system files, click Yes
Make sure this option is selected:
  • Show hidden files and folders
Click Apply and then click OK


Use Windows Explorer to find and delete these folders(if found):

C:\Documents and Settings\Administrator\DoctorWeb
C:\Documents and Settings\Le\Desktop\SDFix
C:\Program Files\Trend Micro\HijackThis\Backups
C:\_OTMoveIt\MovedFiles


After that, we do the last check to ensure your system is clean, all clean, nothing but clean. Until then, you are good to go.


Step3

Please download F-Secure Blacklight (fsbl.exe) and save to your C:\ drive.
  • Open a command window by going to Start > Run and typing: cmd
  • Copy/paste or type the following in the command window: C:\fsbl.exe /expert
  • Hit "Enter" to start the program and then close the cmd box.
  • Accept the user agreement and click "Next".
  • Click "Scan".
  • After the scan is complete, click "Next", then "Exit".
  • BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
  • The log will have a list of all items found. Do not choose to rename any yet!
    I want to see the log first because legitimate items can also be present...like "wbemtest.exe" and "tcptest.exe.
  • Exit Blacklight and post the contents of the log in your next reply.


Step4

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.



Please post back the logs in your next reply

1.OTMoveit log
2.F-Secure Blacklight log
3.Bitdefender scan results.

Tell me how things are running now.

#12 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 02 November 2008 - 02:34 PM

Hi,

I couldn't get BitDefender to work -- it tried to update the virus database but only got as far as 6% (after 4 attempts). I clicked "yes" to the alert to see what would happen after the failed update, but it couldn't (didn't) scan my computer at all. Should I end all unnecessary processes running in the background? Or is this something else?

F-Secure Backlight log
=================================
11/02/08 12:44:56 [Info]: BlackLight Engine 2.2.1092 initialized
11/02/08 12:44:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/02/08 12:44:56 [Note]: 7019 4
11/02/08 12:44:56 [Note]: 7005 0
11/02/08 12:45:05 [Note]: 7006 0
11/02/08 12:45:05 [Note]: 7022 0
11/02/08 12:45:05 [Note]: 7011 1516
11/02/08 12:45:05 [Note]: 7035 0
11/02/08 12:45:06 [Note]: 7026 0
11/02/08 12:45:06 [Note]: 7026 0
11/02/08 12:45:06 [Note]: FSRAW library version 1.7.1024
11/02/08 12:47:37 [Note]: 7007 0

OTMoveIt
=================================
I forgot to save the log in a different place before deleting the folder :thumbsup: But I remember it as a small file, similar to the one previous minus difference in files being moved.

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 03 November 2008 - 01:44 AM

OK!! Try this instead.

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
You can refer to this thread for your reference.

Good luck!! :thumbsup:

#14 akiana

akiana
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 03 November 2008 - 04:57 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 03, 2008 16:07:33
Records in database: 1368989
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 61687
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:48:57

No malware has been detected. The scan area is clean.

The selected area was scanned.

=================================
This is it?? All clean? :thumbsup:

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:21 PM

Posted 04 November 2008 - 06:30 AM

Hi akiana,


Since you have uninstalled SpyNoMore, then the entry is no more needed. Please run HJT, and Fix Checked this entry as follows:

O4 - HKLM\..\Run: [SNM] C:\Documents and Settings\Le\Desktop\SpyNoMore\SNM.exe /startup

The log looks good. :thumbsup: Any issues left? If not, Now you are all clean.

Let's do some tidyup. Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • It will remove all the tools we have used. if not, You can delete it manually.
  • The tool will delete itself once it finishes, if not, delete it by yourself.
Now, you are good to go. Follow this list below and your potential for being infected again will reduce dramatically.

Glad to be of help. Safe surfing. :)


1.Flush System Restore---Don't forget it.

Please go to Windows XP System Restore Guide

Flush system restore points as instructed on Windows XP System Restore Guide. The infected files in SR would be removed automatically

NOTE: only do this ONCE,not on a regular basis


2.Reconfigure Windows XP to hide hidden files:

Click Start. Open My Computer.
Select the "Tools menu" and click "Folder Options". Select the "View Tab".

Under the Hidden files and folders heading deselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Click Yes to confirm. Click OK.



3.Update SP3

Microsoft has released the latest upgrades to the XP OS platform, which can be referenced HERE
It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems.
Windows XP Service Pack 3 (SP3) includes all previously released updates for the operating system.
I recommend that you visit the link above and apply the SP3 patch.



4.Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls



5.Make your Internet Explorer more secure

For Internet Explorer 6
  • Open Internet Explorer. Click on Tools > Options.
  • Click on the Security tab.
  • Click on the Internet icon.
  • Click on the Custom Level button.
  • Under Download signed ActiveX controls, select Prompt.
  • Under Download unsigned ActiveX controls, select Disable.
  • Under Initialize and script ActiveX controls not marked as safe, select Disable.
  • Under Installation of desktop items, select Prompt.
  • Under Launching programs and files in an IFRAME, select Prompt.
  • Under Navigate sub-frames across different domains, select Prompt.
  • Under Allow paste operations via script, select Disable.
  • Click OK to apply these settings.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Press OK to exit the Internet Properties page.
6.Update your AntiVirus Software

It is important that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


7.Install anti-spyware programs

Spyware Blaster

SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool.

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.


a-squared Free

A-squared Free is also another program for scanning spywares and adwares.

You can download a-squared Free from here.

Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

8.Backup regularly

You never know when your PC will become unstable or get infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. It can be found at Bleeping Computer
.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users