Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

got some bad stuff going on


  • This topic is locked This topic is locked
32 replies to this topic

#1 kagera

kagera

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 22 October 2008 - 09:47 PM

so this spyhunter3 and PCHealthCenter, and 5329.exe keep popping up.

I downloaded a video (not porn) and it prompted me to install a HDdivx codec. Thinking to myself, hey this could be a virus....... but i went ahead and hit ok anyway. Ive ran spyware maleware and virus scans, as well as a cleanup utility. So far its only got rid of the porn popups.

Anyway here is my latest hijack log, I appreciate any help you can give me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:52 AM, on 10/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\BandwidthMonitor\BWMonitor.exe
C:\Users\kagera\AppData\Roaming\Adobe\Player.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\kagera\AppData\Local\Temp\sft_ver1.1454.0.exe
C:\Users\kagera\AppData\Local\Temp\57329.exe
C:\Program Files\Trend Micro\HijackThis\This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe
O4 - HKCU\..\Run: [Player] C:\Users\kagera\AppData\Roaming\Adobe\Player.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kagera\AppData\Local\Temp\tuvSmjkI.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kagera\AppData\Local\Temp\mlJBqOhF.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} - http://www.pc.gc.ca/apps/dci/src/bin/iS3dSetup.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C07F667-D321-49F8-A5D3-7CBAFA33A1B1}: NameServer = 68.87.64.146,68.87.75.194
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9707 bytes

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 23 October 2008 - 08:09 AM

Hello kagera :thumbsup: Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your computer.


I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your macnine. The reason for this is so we know what is going on with the system at any time. Some programs can interfere with others and hamper the recovery process.


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.







Please perform the following:



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)





When completed please both both logs fromRSIT as well as the one from Kaspersky.





Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 25 October 2008 - 04:34 PM

On top of all this, my power supply just blew. I have another one coming monday. Ill post the logs when my computer is once again functional.

thanks for the help!

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 25 October 2008 - 05:43 PM

Sorry about all of your bad luck. Hope you get it running soon and then we'll try to get it all cleaned up.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 27 October 2008 - 11:26 PM

Ok, new power supply did the job, back up and running. now i just need to get the system cleaned out. Thanks for waiting, and for the help.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 28, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 27, 2008 23:28:48
Records in database: 1352171
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 128565
Threat name: 16
Infected objects: 24
Suspicious objects: 8
Duration of the scan: 03:01:59


File name / Threat name / Threats count
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$REPE05D\sample.avi Infected: Backdoor.Win32.VB.gid 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$REPE05D\sample.avi Infected: Trojan-Downloader.Win32.Small.afkg 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$REPE05D\sample.avi Infected: Trojan-Downloader.Win32.Delf.phh 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$REPE05D\sample.avi Infected: Trojan-Downloader.Win32.Agent.ahus 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$RF6U9PH.rar Infected: Backdoor.Win32.VB.gid 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$RF6U9PH.rar Infected: Trojan-Downloader.Win32.Small.afkg 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$RF6U9PH.rar Infected: Trojan-Downloader.Win32.Delf.phh 1
C:\$Recycle.Bin\S-1-5-21-4278037107-4023800049-1940501097-1000\$RF6U9PH.rar Infected: Trojan-Downloader.Win32.Agent.ahus 1
C:\Program Files\HDTVNetworks\MediaXCodec.exe Infected: Trojan-Downloader.Win32.Delf.phh 1
C:\Program Files\PCHealthCenter\5.exe Infected: Backdoor.Win32.Frauder.nd 1
C:\Users\kagera\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KWDMZL7\TotalSecure2009[1].exe Infected: not-a-virus:FraudTool.Win32.TotalSecure2009.ad 1
C:\Users\kagera\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4KWDMZL7\TotalSecure2009[1].exe Infected: Trojan.Win32.BHO.hfl 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\23BF529E-00000452.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\18BE6784-0000017C.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\235022EE-0000001B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\2CD672AE-0000040A.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\40877B44-00000061.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\4AE13D6C-00000220.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\591D252A-0000005D.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\7F967FF5-00000014.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.mv 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.nc 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.mr 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.mo 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.mu 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.nd 1
C:\Users\kagera\AppData\Local\Temp\57329.exe Infected: Backdoor.Win32.Frauder.mb 1
C:\Users\kagera\AppData\Local\Temp\pwrmgr.exe Infected: not-a-virus:FraudTool.Win32.TotalSecure2009.ad 1
C:\Users\kagera\AppData\Local\Temp\pwrmgr.exe Infected: Trojan.Win32.BHO.hfl 1
C:\Users\kagera\AppData\Local\Temp\sft_ver1.1454.0.exe Infected: Trojan.Win32.Vapsup.mpn 1
C:\Users\kagera\AppData\Roaming\Adobe\Player.exe Infected: Trojan-Downloader.Win32.Delf.phh 1
C:\Users\kagera\Documents\LimeWire\Saved\sweetheart in summer.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.

now the rsit logs:

Logfile of random's system information tool 1.04 (written by random/random)
Run by kagera at 2008-10-28 00:21:21
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 168 GB (35%) free of 477 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:28 AM, on 10/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kagera\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\kagera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe
O4 - HKCU\..\Run: [Player] C:\Users\kagera\AppData\Roaming\Adobe\Player.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\kagera\AppData\Local\Temp\tuvSmjkI.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\kagera\AppData\Local\Temp\mlJBqOhF.dll,c
O4 - HKCU\..\Run: [TotalSecure2009] C:\Program Files\TS-2009\scan.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} - http://www.pc.gc.ca/apps/dci/src/bin/iS3dSetup.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C07F667-D321-49F8-A5D3-7CBAFA33A1B1}: NameServer = 68.87.64.146,68.87.75.194
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8729 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{2649919B-8165-4AAE-89C5-0E43B1AEF7ED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-18 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-02-18 2554944]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-02 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-02 92704]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-16 1257104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-19 2153472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-18 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-12 50528]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"BandwidthMonitor"=C:\Program Files\BandwidthMonitor\BWMonitor.exe [2008-08-15 577536]
"Player"=C:\Users\kagera\AppData\Roaming\Adobe\Player.exe [2008-10-19 16896]
"MSServer"=C:\Users\kagera\AppData\Local\Temp\tuvSmjkI.dll []
"cmds"=C:\Users\kagera\AppData\Local\Temp\mlJBqOhF.dll []
"TotalSecure2009"=C:\Program Files\TS-2009\scan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
C:\Program Files\ASUS\AI Gear\GearHelp.exe [2006-07-27 415744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
C:\Program Files\ASUS\AI Booster\OverClk.exe [2006-12-08 3714048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c57a9c4-be13-11dc-b21f-806e6f6e6963}]
shell\AutoRun\command - D:\Autobrowse.exe start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de6814cb-d9e5-11dc-808f-001e8c3ab248}]
shell\AutoRun\command - F:\SETUP.EXE


======List of files/folders created in the last 1 months======

2008-10-28 00:21:21 ----D---- C:\rsit
2008-10-22 09:08:46 ----D---- C:\Program Files\PCHealthCenter
2008-10-22 00:26:28 ----D---- C:\Avenger
2008-10-22 00:26:28 ----A---- C:\avenger.txt
2008-10-22 00:20:54 ----D---- C:\Users\kagera\AppData\Roaming\Malwarebytes
2008-10-22 00:20:49 ----D---- C:\ProgramData\Malwarebytes
2008-10-22 00:20:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 23:14:58 ----D---- C:\Program Files\CCleaner
2008-10-21 23:03:27 ----D---- C:\Program Files\Trend Micro
2008-10-21 19:28:40 ----A---- C:\Windows\system32\MSVCP71.dll
2008-10-21 19:28:40 ----A---- C:\Windows\system32\MFC71.dll
2008-10-21 19:28:40 ----A---- C:\Windows\system32\aswBoot.exe
2008-10-21 19:28:38 ----D---- C:\Program Files\Alwil Software
2008-10-21 09:02:21 ----D---- C:\Program Files\Enigma Software Group
2008-10-20 23:31:45 ----D---- C:\Users\kagera\AppData\Roaming\OpenOffice.org
2008-10-20 23:21:52 ----D---- C:\Program Files\HDTVNetworks
2008-10-19 20:21:39 ----D---- C:\Program Files\JRE
2008-10-19 20:21:28 ----D---- C:\Program Files\OpenOffice.org 3
2008-10-17 19:31:42 ----D---- C:\Program Files\Spectromancer
2008-10-15 09:06:44 ----D---- C:\Program Files\Common Files\Akamai
2008-10-15 09:06:37 ----D---- C:\ProgramData\Metacafe
2008-10-15 09:06:35 ----D---- C:\Program Files\Metacafe
2008-10-14 19:29:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 19:29:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 19:29:03 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 19:29:02 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 19:29:02 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 19:29:01 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 19:29:01 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 19:29:00 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 19:29:00 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-11 21:41:47 ----A---- C:\Windows\system32\javaws.exe
2008-10-11 21:41:47 ----A---- C:\Windows\system32\javaw.exe
2008-10-11 21:41:47 ----A---- C:\Windows\system32\java.exe
2008-10-08 09:10:28 ----D---- C:\Program Files\Apple Software Update
2008-10-08 09:09:51 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-08 09:09:31 ----D---- C:\Program Files\iPod
2008-10-08 09:09:30 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 09:09:30 ----D---- C:\Program Files\iTunes
2008-10-08 09:07:39 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2008-10-28 00:21:25 ----D---- C:\Windows\Temp
2008-10-27 22:03:48 ----D---- C:\ProgramData\Google Updater
2008-10-27 21:56:01 ----D---- C:\Downloads
2008-10-27 21:08:19 ----D---- C:\Windows\Prefetch
2008-10-27 21:05:38 ----D---- C:\Windows\System32
2008-10-27 21:05:38 ----D---- C:\Windows\inf
2008-10-27 21:05:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-27 21:02:24 ----D---- C:\Windows\winsxs
2008-10-27 21:02:15 ----SHD---- C:\System Volume Information
2008-10-27 20:57:42 ----RD---- C:\Program Files
2008-10-27 20:57:42 ----HD---- C:\Config.Msi
2008-10-27 20:52:11 ----SD---- C:\ProgramData\Microsoft
2008-10-27 20:52:08 ----SHD---- C:\Windows\Installer
2008-10-27 20:51:59 ----HD---- C:\ProgramData
2008-10-27 20:51:52 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-27 20:51:47 ----D---- C:\Windows\system32\drivers
2008-10-27 20:51:33 ----D---- C:\Windows\system32\catroot
2008-10-27 20:51:33 ----D---- C:\Program Files\Common Files
2008-10-27 20:50:24 ----D---- C:\Windows\system32\catroot2
2008-10-27 20:46:26 ----D---- C:\Windows
2008-10-21 23:18:35 ----D---- C:\Windows\Debug
2008-10-21 23:10:30 ----D---- C:\Program Files\osu!
2008-10-21 23:10:04 ----D---- C:\Program Files\isite
2008-10-21 23:01:14 ----D---- C:\Users\kagera\AppData\Roaming\uTorrent
2008-10-21 22:59:15 ----D---- C:\Program Files\BitComet
2008-10-21 09:02:25 ----D---- C:\Windows\system32\Tasks
2008-10-20 23:54:03 ----D---- C:\Program Files\DivX
2008-10-20 23:21:58 ----D---- C:\Users\kagera\AppData\Roaming\Adobe
2008-10-20 20:51:21 ----D---- C:\Program Files\Safari
2008-10-20 20:44:01 ----D---- C:\Users\kagera\AppData\Roaming\LimeWire
2008-10-19 20:23:51 ----RSD---- C:\Windows\assembly
2008-10-19 20:21:56 ----RSD---- C:\Windows\Fonts
2008-10-15 09:52:46 ----D---- C:\Windows\system32\migration
2008-10-15 09:52:46 ----D---- C:\Program Files\Windows Mail
2008-10-11 21:41:47 ----D---- C:\Program Files\Java
2008-10-08 09:08:34 ----D---- C:\Program Files\Bonjour
2008-10-08 09:07:43 ----D---- C:\Program Files\Common Files\Apple
2008-10-07 15:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM; \??\C:\Program Files\VMLaunch\BuddyVM.sys [2005-02-17 15488]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [2008-06-25 23217]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-15 316928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-02 7460320]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 288256]
S3 awzuqc24;awzuqc24; C:\Windows\system32\drivers\awzuqc24.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [2008-06-25 15472]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-28 611664]
R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-02 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-12 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-21 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-28 00:21:33

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AI Booster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x9
AI Gear-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B568B64-0BDE-4FB2-A1AB-8A41DF033C57}\setup.exe" -l0x9
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Avant Browser (remove only)-->"C:\Program Files\Avant Browser\uninst.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bandwidth Monitor 3.4 build 749-->C:\Program Files\BandwidthMonitor\uninst.exe
Bazooka Cafe-->C:\Windows\unvise32.exe C:\Program Files\G-Collections\uninstal.log
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Utilities ZoomBrowser EX-->C:\Windows\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\PROGRAM\uninstallutilities.dll"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Delete Virtual-Mate Launcher-->"C:\Program Files\VMLaunch\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EasyJob Resume Builder 4.06.2134-->"C:\Program Files\EasyJob Resume Builder\unins000.exe"
Eschalon Book 1 v1.042-->"C:\Program Files\Eschalon Book I\unins000.exe"
Fairway Solitaire-->"C:\Program Files\Fairway Solitaire\Uninstall.exe"
FINAL FANTASY XI: Chains of Promathia-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3C0619B4-4A2C-4244-8077-488E420DF907}
FINAL FANTASY XI: Rise of the Zilart-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
FINAL FANTASY XI: Treasures of Aht Urhgan-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A606C6FF-12E7-40BE-B777-D8F360FF00CD}
foldit-->"C:\Program Files\foldit\uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hoyle Card Games 2007-->MsiExec.exe /I{5597E9B6-161E-40C6-849A-392121B42AA9}
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{E6FC4EEE-2EEA-49A7-B036-908B9BD4BB70}
Metacafe-->C:\Program Files\Metacafe\uninstaller.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NetSend-->"C:\Program Files\NetSend\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PC Probe II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peggle Nights Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Nights Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Nights Deluxe\Install.log"
PlayOnline Viewer & Tetra Master-->C:\Program Files\InstallShield Installation Information\{47004155-7376-403E-89E9-4C9F44AAF0D0}\setup.exe -runfromtemp -l0x0409
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pretty Soldier Wars A.D. 2048-->C:\Windows\unvise32.exe C:\PROGRA~1\G-Collections\Pretty Soldier Wars A.D. 2048\uninstal.log
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK RTL8187 Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Sam and Max - Season One - Sam and Max Episode 101 - Culture Shock-->C:\Program Files\Telltale Games\Sam and Max - Season One\Uninstall Episode 101 - Culture Shock.exe
ScummVM 0.8.2-->"C:\Program Files\ScummVM\unins000.exe"
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Spectromancer-->"C:\Program Files\Spectromancer\Uninstall.exe" "C:\Program Files\Spectromancer\install.log"
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Super Collapse! Puzzle Gallery-->C:\PROGRA~1\GAMEHO~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SUPERC~1\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TestDrive Client-->MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
The Sims™ Life Stories-->C:\Program Files\Electronic Arts\The Sims Life Stories\EAUninstall.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Version: 4.12-->"C:\Program Files\HDTVNetworks\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Firefox-->"C:\Users\kagera\AppData\Roaming\Mozilla\Firefox\Profiles\rml46j7l.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
xyAlgebra 6.0 Trial-->"C:\ProgramData\{F7D9204B-2E69-45FF-B4BD-0FD9C7F6B5E4}\iaxytrial.exe" REMOVE=TRUE MODIFY=FALSE
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081027-1] (disabled)
AS: Windows Defender (disabled)
AS: avast! antivirus 4.8.1229 [VPS 081027-1] (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 29 October 2008 - 03:06 PM

One or more of the identified infections is a backdoor trojan This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

For the time being I will proceed on the assumption you wish to clean up your computer. If you do not and would rather reformat or reinstall let me know in your next reply.


Keep in mind also that Total Secure 2009 which is on your computer is a rogue application. These programs try to get you to buy their product to clean up a computer they are implicit in infecting to begin with. Real pieces of work they are.


1.)

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".




2.)

Next we will use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

How To Use ComboFix

Please ensure you read this guide carefully and install the Recovery Console first.>>> Do not skip this section. If you cannot perform the Recovery Console install please STOP and let us know.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs including TeaTimer if you have it so they do not interfere with the running of ComboFix. Instructions for doing so are located here]
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New RSIT log.
(There will be only one this time).
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 29 October 2008 - 10:30 PM

ok, ran the atf cleaner, but had some issues with the combofix.

From the command prompt, when i tryed to run combofix.exe it brings up the windows vista Install now screen.

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 30 October 2008 - 07:46 AM

ok, ran the atf cleaner, but had some issues with the combofix.

From the command prompt, when i tryed to run combofix.exe it brings up the windows vista Install now screen.



Not sure I totally understand here. Are you double clicking on the icon which should be on your desktop to get it to run? Just want to make sure before we proceed.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 30 October 2008 - 07:53 AM

following the directions, it told me to boot into the vista recovery environment. from there the instructions are on how to access the command prompt. so i assumed i was to run it from the command prompt.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 30 October 2008 - 09:01 AM

The Vista Recovery Environment is the same thing for Vista that we use RC for in XP. It's there to assist us should something go wrong. Since we know you have what you need go on past that and double click on the ComboFix icon which should be on your Desktop. Just keep in mind as the instructions state to not click anywhere on your machine while CF is running.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 30 October 2008 - 08:19 PM

ok got it. my bad. here is the log.

ComboFix 08-10-30.09 - kagera 2008-10-30 21:06:23.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1202 [GMT -4:00]
Running from: C:\Users\kagera\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
.
---- Previous Run -------
.
C:\Program Files\PCHealthCenter
C:\Program Files\PCHealthCenter\0.gif
C:\Program Files\PCHealthCenter\1.gif
C:\Program Files\PCHealthCenter\1.ico
C:\Program Files\PCHealthCenter\2.gif
C:\Program Files\PCHealthCenter\2.ico
C:\Program Files\PCHealthCenter\3.gif
C:\Program Files\PCHealthCenter\5.exe
C:\Program Files\PCHealthCenter\foo.txt
C:\Program Files\PCHealthCenter\sc.html
C:\Users\kagera\AppData\Roaming\Adobe\Player.exe
C:\Users\kagera\AppData\Roaming\Adobe\Player.exe.bak

----- BITS: Possible infected sites -----

hxxp://78.157.143.198
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-30 09:09 . 2008-10-30 09:10 1,905 --a------ C:\Windows\diagwrn.xml
2008-10-30 09:09 . 2008-10-30 09:10 1,905 --a------ C:\Windows\diagerr.xml
2008-10-28 19:31 . 2008-10-28 19:31 <DIR> d-------- C:\Program Files\uTorrent
2008-10-28 19:28 . 2008-08-11 23:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 19:28 . 2008-09-18 00:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 19:28 . 2008-09-18 00:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-28 00:21 . 2008-10-28 00:21 <DIR> d-------- C:\rsit
2008-10-27 20:51 . 2008-08-05 05:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-27 20:51 . 2008-08-05 05:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-27 20:51 . 2008-08-05 05:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-27 20:51 . 2008-08-05 05:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-27 20:51 . 2008-08-05 05:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-22 00:20 . 2008-10-22 00:20 <DIR> d-------- C:\Users\kagera\AppData\Roaming\Malwarebytes
2008-10-22 00:20 . 2008-10-22 00:20 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-22 00:20 . 2008-10-22 00:20 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-22 00:20 . 2008-10-22 00:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 00:20 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-22 00:20 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-21 23:14 . 2008-10-21 23:14 <DIR> d-------- C:\Program Files\CCleaner
2008-10-21 23:03 . 2008-10-21 23:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-21 19:28 . 2008-10-21 19:28 <DIR> d-------- C:\Program Files\Alwil Software
2008-10-21 19:28 . 2003-03-18 17:20 1,060,864 --a------ C:\Windows\System32\MFC71.dll
2008-10-21 19:28 . 2003-03-18 16:14 499,712 --a------ C:\Windows\System32\MSVCP71.dll
2008-10-21 19:28 . 2008-07-19 10:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-21 09:02 . 2008-10-21 09:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-20 23:31 . 2008-10-20 23:31 <DIR> d-------- C:\Users\kagera\AppData\Roaming\OpenOffice.org
2008-10-20 23:22 . 2008-10-20 23:22 108,336 --a------ C:\Windows\System32\mswinsck.ocx
2008-10-20 23:21 . 2008-10-21 21:32 <DIR> d-------- C:\Program Files\HDTVNetworks
2008-10-19 20:21 . 2008-10-19 20:21 <DIR> d-------- C:\Program Files\OpenOffice.org 3
2008-10-19 20:21 . 2008-10-19 20:21 <DIR> d-------- C:\Program Files\JRE
2008-10-17 19:31 . 2008-10-17 19:31 <DIR> d-------- C:\Program Files\Spectromancer
2008-10-15 09:06 . 2008-10-15 09:06 <DIR> d-------- C:\Users\All Users\Metacafe
2008-10-15 09:06 . 2008-10-15 09:06 <DIR> d-------- C:\ProgramData\Metacafe
2008-10-15 09:06 . 2008-10-15 09:06 <DIR> d-------- C:\Program Files\Metacafe
2008-10-15 09:06 . 2008-10-30 20:17 <DIR> d-------- C:\Program Files\Common Files\Akamai
2008-10-14 19:29 . 2008-09-18 01:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-14 19:29 . 2008-09-18 01:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-14 19:29 . 2008-10-01 23:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-14 19:29 . 2008-08-26 21:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 19:28 . 2008-09-17 22:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-14 19:28 . 2008-10-01 21:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-08 09:10 . 2008-10-08 09:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-08 09:09 . 2008-10-08 09:09 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 09:09 . 2008-10-08 09:09 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 09:09 . 2008-10-08 09:09 <DIR> d-------- C:\Program Files\iTunes
2008-10-08 09:09 . 2008-10-08 09:09 <DIR> d-------- C:\Program Files\iPod
2008-10-08 09:09 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-08 09:09 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-10-08 09:07 . 2008-10-08 09:08 <DIR> d-------- C:\Program Files\QuickTime
2008-09-28 11:18 . 2008-09-28 11:18 <DIR> d-------- C:\Users\All Users\PopCap Games
2008-09-28 11:18 . 2008-09-28 11:18 <DIR> d-------- C:\ProgramData\PopCap Games
2008-09-28 11:18 . 2008-09-28 11:18 <DIR> d-------- C:\Program Files\PopCap Games
2008-09-23 21:12 . 2008-09-23 21:12 <DIR> d-------- C:\Users\kagera\AppData\Roaming\Runaware
2008-09-23 21:12 . 2008-09-23 21:12 <DIR> d-------- C:\Users\kagera\AppData\Roaming\ICAClient
2008-09-19 10:07 . 2008-09-19 10:07 <DIR> d-------- C:\Users\kagera\AppData\Roaming\BWMonitor
2008-09-19 10:07 . 2008-09-19 10:07 <DIR> d-------- C:\Program Files\BandwidthMonitor
2008-09-15 20:14 . 2008-09-15 20:14 3,596,288 --a------ C:\Windows\System32\qt-dx331.dll
2008-09-15 20:14 . 2008-09-15 20:14 524,288 --a------ C:\Windows\System32\DivXsm.exe
2008-09-15 20:14 . 2008-09-15 20:14 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-09-15 20:12 . 2008-09-15 20:12 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-09-15 20:12 . 2008-09-15 20:12 593,920 --a------ C:\Windows\System32\dpuGUI11.dll
2008-09-15 20:12 . 2008-09-15 20:12 344,064 --a------ C:\Windows\System32\dpus11.dll
2008-09-15 20:12 . 2008-09-15 20:12 294,912 --a------ C:\Windows\System32\dpu11.dll
2008-09-15 20:12 . 2008-09-15 20:12 294,912 --a------ C:\Windows\System32\dpu10.dll
2008-09-15 20:12 . 2008-09-15 20:12 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-09-15 20:12 . 2008-09-15 20:12 196,608 --a------ C:\Windows\System32\dtu100.dll
2008-09-15 20:12 . 2008-09-15 20:12 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-09-15 20:12 . 2008-09-15 20:12 57,344 --a------ C:\Windows\System32\dpv11.dll
2008-09-15 20:12 . 2008-09-15 20:12 53,248 --a------ C:\Windows\System32\dpuGUI10.dll
2008-09-15 20:12 . 2008-09-15 20:12 416 --a------ C:\Windows\System32\dtu100.dll.manifest
2008-09-15 20:12 . 2008-09-15 20:12 416 --a------ C:\Windows\System32\dpl100.dll.manifest
2008-09-15 20:11 . 2008-09-15 20:11 823,296 --a------ C:\Windows\System32\divx_xx0c.dll
2008-09-15 20:11 . 2008-09-15 20:11 823,296 --a------ C:\Windows\System32\divx_xx07.dll
2008-09-15 20:11 . 2008-09-15 20:11 815,104 --a------ C:\Windows\System32\divx_xx0a.dll
2008-09-15 20:11 . 2008-09-15 20:11 802,816 --a------ C:\Windows\System32\divx_xx11.dll
2008-09-15 20:11 . 2008-09-15 20:11 683,520 --a------ C:\Windows\System32\DivX.dll
2008-09-15 20:11 . 2008-09-15 20:11 634,880 --a------ C:\Windows\System32\divxdec.ax
2008-09-15 20:11 . 2008-09-15 20:11 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-09-15 20:11 . 2008-09-15 20:11 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll
2008-09-10 08:46 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 08:46 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 08:46 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 08:46 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 08:46 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 08:46 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 08:46 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 08:46 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-10 08:46 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-07 16:49 . 2008-09-07 16:50 <DIR> d-------- C:\Users\kagera\AppData\Roaming\SPORE
2008-09-06 23:03 . 2008-09-06 23:04 <DIR> d-------- C:\xyAlgebra TRIAL
2008-09-06 23:03 . 2008-09-06 23:03 <DIR> d-------- C:\Users\All Users\{F7D9204B-2E69-45FF-B4BD-0FD9C7F6B5E4}
2008-09-06 23:03 . 2008-09-06 23:03 <DIR> d-------- C:\ProgramData\{F7D9204B-2E69-45FF-B4BD-0FD9C7F6B5E4}
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-09-05 13:11 . 2008-09-05 13:11 <DIR> d-------- C:\Users\All Users\Winamp Toolbar
2008-09-05 13:11 . 2008-09-05 13:12 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-09-05 13:11 . 2008-09-05 13:11 <DIR> d-------- C:\ProgramData\Winamp Toolbar
2008-09-05 13:11 . 2008-09-05 13:12 <DIR> d-------- C:\ProgramData\OrbNetworks
2008-09-05 13:11 . 2008-09-05 13:11 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-09-05 13:11 . 2008-09-05 13:11 <DIR> d-------- C:\Program Files\Winamp Remote
2008-09-05 13:10 . 2008-09-05 13:34 <DIR> d-------- C:\Users\kagera\AppData\Roaming\Winamp
2008-09-05 13:10 . 2008-09-05 13:11 <DIR> d-------- C:\Program Files\Winamp
2008-09-05 13:10 . 2007-03-07 19:51 129,784 --------- C:\Windows\System32\pxafs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 00:28 --------- d-----w C:\ProgramData\Google Updater
2008-10-30 13:58 --------- d-----w C:\Users\kagera\AppData\Roaming\uTorrent
2008-10-22 03:10 --------- d-----w C:\Program Files\osu!
2008-10-22 03:10 --------- d-----w C:\Program Files\isite
2008-10-22 02:59 --------- d-----w C:\Program Files\BitComet
2008-10-21 03:54 --------- d-----w C:\Program Files\DivX
2008-10-21 00:51 --------- d-----w C:\Program Files\Safari
2008-10-21 00:44 --------- d-----w C:\Users\kagera\AppData\Roaming\LimeWire
2008-10-15 13:52 --------- d-----w C:\Program Files\Windows Mail
2008-10-12 01:41 --------- d-----w C:\Program Files\Java
2008-10-08 13:08 --------- d-----w C:\Program Files\Bonjour
2008-10-08 13:07 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-24 22:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 20:45 4,276 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-09-07 20:34 --------- d-----w C:\Program Files\Electronic Arts
2008-08-30 16:56 --------- d---a-w C:\ProgramData\TEMP
2008-08-30 15:30 --------- d-----w C:\Program Files\HoyleCardGames2007
2008-08-30 15:25 --------- d-----w C:\Users\kagera\AppData\Roaming\GetRightToGo
2008-08-29 14:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-28 13:16 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-18 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-12 50528]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 486856]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-03-31 507904]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BandwidthMonitor"="C:\Program Files\BandwidthMonitor\BWMonitor.exe" [2008-08-15 577536]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 166304]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 92704]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-16 1257104]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2008-06-29 145736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 21:39 415744 C:\Program Files\ASUS\AI Gear\GearHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-12-08 16:24 3714048 C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4AEC8D6E-F905-4315-A6C5-C88EEA6EF298}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2F5FFC48-FAE8-4816-B35E-22B47878546C}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C9E05756-A5F6-4638-B2E4-E9945CA30E6D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D6705348-1D2D-4252-AF29-2823ADDE8273}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{723C27A4-0953-4505-A08E-A497AD40C22C}"= UDP:C:\Users\kagera\Downloads\wowclient-downloader.exe:wowclient-downloader
"{76AB72A2-528B-46BF-BA46-629A447D8188}"= TCP:C:\Users\kagera\Downloads\wowclient-downloader.exe:wowclient-downloader
"{2DA8FBE4-B20E-47B6-BBAD-EC86CA4130BA}"= UDP:3724:warcraft downloader
"{F6357C97-995E-46F8-8D05-1F3541688B1D}"= UDP:6112:warcraft downloader 2
"{687D2CC5-58F0-45F0-B8CB-A4F11B714E10}"= UDP:6331:Windows Live OneCare
"{34F27B6A-8C31-4571-A12A-17905B5E0B8E}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{D4E44B08-349B-44F3-AF61-F8AF2C4A7754}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{88DEECD3-7F95-4E81-946B-08D52E2E0477}"= UDP:C:\Program Files\BitComet\BitComet.exe:BitComet
"{1C09AF67-4DD6-47C1-93A1-8D127FFC8C46}"= TCP:C:\Program Files\BitComet\BitComet.exe:BitComet
"{C3454D4F-FF06-43C2-8C8A-3EAA1CEC8F9C}"= UDP:59064:utorrent
"{DC57183C-86EC-4DB9-92EA-9B436E248C2E}"= TCP:59064:uotrrent2
"{B2FA6772-7F0F-478E-AC5C-2BEA5A3E1DE7}"= UDP:C:\Nexon\MapleStory\MapleStory.exe:MapleStory
"{1F12F977-8F7E-4AF0-98C1-4B2F902CA3F7}"= TCP:C:\Nexon\MapleStory\MapleStory.exe:MapleStory
"{39FC304C-C920-4F87-89B0-31F4F249B754}"= UDP:C:\Program Files\AC3Filter\ac3config.exe:AC3Filter Config
"{520AB1B1-1DDB-41AC-B60E-24EFA12E15DD}"= TCP:C:\Program Files\AC3Filter\ac3config.exe:AC3Filter Config
"{5AEDF3C5-07D7-46E9-8C96-8E0402588446}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{674FAFCB-7878-483C-AE5B-62A3892CDB74}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{B9BF6B10-30EB-4C44-8BA7-4D809187EDE2}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{AFC42061-3EFE-4608-9457-38C5CB397E82}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{12822990-9309-4AA4-B3E1-B48507414331}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{86BBA768-CA7B-4480-A12E-61250526DE45}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{84BEDF96-0355-4894-BADB-E7D7B0A99E10}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{695672B4-F17C-4BD9-B6B2-E2FD90ECD998}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D2C43417-1352-4278-8C99-78187F88C112}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{1DD17230-1A01-4383-A147-96B606232130}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{299FA5BD-536D-4CC9-8F3D-3ABD6245DD90}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{40344962-DA59-4182-8E42-E8D671B1B9A2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B594B2D6-F9BB-44A2-889E-BD87FC4B2573}"= UDP:9420:Akamai NetSession Interface
"{2592DD35-A9CF-4FE3-9851-1B36AF6F86FC}"= TCP:5000:Akamai NetSession Interface
"{4004C13A-5946-4A3F-8C76-E4E1525F9F23}"= UDP:9420:Akamai NetSession Interface
"{980420AA-B4C0-4BD2-AF33-CFDF50F2E62A}"= TCP:5000:Akamai NetSession Interface
"TCP Query User{9FB1FB75-B1DA-49CB-AED7-5B0FFD453977}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{D56ADBC0-6CE6-4DAC-8CAE-C099B9E34595}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{1248CAF7-38F2-4E0B-8035-5066E2976553}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{F3A2FB91-6917-431B-B2C4-0B712CB16308}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"{7D65C157-6B9F-4E03-9276-F2C4AC6B2367}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4273C829-667D-4080-BCDA-B4131AACC390}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{DE094B77-B012-4EE8-BCAB-9EE7501C0256}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{15026ABD-1C69-4523-9E2D-A2B6E46E3996}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;C:\Program Files\VMLaunch\BuddyVM.sys [2005-02-17 15488]
R2 Akamai;Akamai;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 288256]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\drivers\usbprint.sys [2006-11-02 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c57a9c4-be13-11dc-b21f-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de6814cb-d9e5-11dc-808f-001e8c3ab248}]
\shell\AutoRun\command - F:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 C:\Windows\Tasks\User_Feed_Synchronization-{2649919B-8165-4AAE-89C5-0E43B1AEF7ED}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Player - C:\Users\kagera\AppData\Roaming\Adobe\Player.exe
HKCU-Run-TotalSecure2009 - C:\Program Files\TS-2009\scan.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\kagera\AppData\Roaming\Mozilla\Firefox\Profiles\rml46j7l.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 21:11:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-30 21:14:17
ComboFix-quarantined-files.txt 2008-10-31 01:13:14

Pre-Run: 186,406,637,568 bytes free
Post-Run: 186,379,898,880 bytes free

302 --- E O F --- 2008-10-31 00:21:16

#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 31 October 2008 - 03:03 PM

How is your computer running now? Any symptoms still showing up?
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 31 October 2008 - 11:40 PM

it can be sluggish at times, and i have this c++ run time error when it boots, when i close it it says spyhunter 3 has stopped working.

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:29 AM

Posted 01 November 2008 - 10:47 AM

OK, let's run a Kaspersky scan again and another RSIT log and see what is showing. RSIT will have only one log this time.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 kagera

kagera
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 01 November 2008 - 10:41 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 1, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 01, 2008 20:21:57
Records in database: 1366501
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 129911
Threat name: 4
Infected objects: 4
Suspicious objects: 8
Duration of the scan: 02:11:54


File name / Threat name / Threats count
C:\Program Files\HDTVNetworks\MediaXCodec.exe Infected: Trojan-Downloader.Win32.Delf.phh 1
C:\Qoobox\Quarantine\C\Program Files\PCHealthCenter\5.exe.vir Infected: Backdoor.Win32.Frauder.nd 1
C:\Qoobox\Quarantine\C\Users\kagera\AppData\Roaming\Adobe\Player.exe.vir Infected: Trojan-Downloader.Win32.Delf.phh 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\23BF529E-00000452.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\18BE6784-0000017C.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\235022EE-0000001B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\2CD672AE-0000040A.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\40877B44-00000061.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\4AE13D6C-00000220.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\591D252A-0000005D.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\AppData\Local\Microsoft\Windows Mail\Local Folders\Junk E-mail\7F967FF5-00000014.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Users\kagera\Documents\LimeWire\Saved\sweetheart in summer.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

The selected area was scanned.


and the rsit

Logfile of random's system information tool 1.04 (written by random/random)
Run by kagera at 2008-11-01 23:38:27
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 175 GB (37%) free of 477 GB
Total RAM: 2046 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:33 PM, on 11/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\AASP\1.00.25\aaCenter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kagera\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\kagera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BandwidthMonitor] C:\Program Files\BandwidthMonitor\BWMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {1E3F888F-96D7-4A1B-8514-8991264E8B7D} - http://www.pc.gc.ca/apps/dci/src/bin/iS3dSetup.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C07F667-D321-49F8-A5D3-7CBAFA33A1B1}: NameServer = 68.87.64.146,68.87.75.194
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8167 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{2649919B-8165-4AAE-89C5-0E43B1AEF7ED}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-18 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-27 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-02-18 2554944]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-02 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-02 92704]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-10-16 1257104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2008-01-19 2153472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-18 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-06-12 50528]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"BandwidthMonitor"=C:\Program Files\BandwidthMonitor\BWMonitor.exe [2008-08-15 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
C:\Program Files\ASUS\AI Gear\GearHelp.exe [2006-07-27 415744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
C:\Program Files\ASUS\AI Booster\OverClk.exe [2006-12-08 3714048]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c57a9c4-be13-11dc-b21f-806e6f6e6963}]
shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de6814cb-d9e5-11dc-808f-001e8c3ab248}]
shell\AutoRun\command - F:\SETUP.EXE


======List of files/folders created in the last 1 months======

2008-10-30 21:14:18 ----A---- C:\ComboFix.txt
2008-10-30 21:11:10 ----D---- C:\Windows\temp
2008-10-30 21:05:40 ----D---- C:\ComboFix
2008-10-29 22:34:31 ----A---- C:\Windows\zip.exe
2008-10-29 22:34:31 ----A---- C:\Windows\VFIND.exe
2008-10-29 22:34:31 ----A---- C:\Windows\SWXCACLS.exe
2008-10-29 22:34:31 ----A---- C:\Windows\SWSC.exe
2008-10-29 22:34:31 ----A---- C:\Windows\SWREG.exe
2008-10-29 22:34:31 ----A---- C:\Windows\sed.exe
2008-10-29 22:34:31 ----A---- C:\Windows\NIRCMD.exe
2008-10-29 22:34:31 ----A---- C:\Windows\grep.exe
2008-10-29 22:34:31 ----A---- C:\Windows\fdsv.exe
2008-10-29 22:34:27 ----D---- C:\Windows\ERDNT
2008-10-29 22:34:27 ----D---- C:\Qoobox
2008-10-28 19:31:32 ----D---- C:\Program Files\uTorrent
2008-10-28 19:28:24 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 19:28:24 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-28 19:28:22 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 00:48:46 ----A---- C:\Windows\ntbtlog.txt
2008-10-28 00:21:21 ----D---- C:\rsit
2008-10-27 20:51:06 ----A---- C:\Windows\system32\EncDec.dll
2008-10-27 20:51:04 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-27 20:50:56 ----A---- C:\Windows\system32\netapi32.dll
2008-10-22 00:26:28 ----A---- C:\avenger.txt
2008-10-22 00:20:54 ----D---- C:\Users\kagera\AppData\Roaming\Malwarebytes
2008-10-22 00:20:49 ----D---- C:\ProgramData\Malwarebytes
2008-10-22 00:20:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 23:14:58 ----D---- C:\Program Files\CCleaner
2008-10-21 23:03:27 ----D---- C:\Program Files\Trend Micro
2008-10-21 19:28:40 ----A---- C:\Windows\system32\MSVCP71.dll
2008-10-21 19:28:40 ----A---- C:\Windows\system32\MFC71.dll
2008-10-21 19:28:40 ----A---- C:\Windows\system32\aswBoot.exe
2008-10-21 19:28:38 ----D---- C:\Program Files\Alwil Software
2008-10-21 09:02:21 ----D---- C:\Program Files\Enigma Software Group
2008-10-20 23:31:45 ----D---- C:\Users\kagera\AppData\Roaming\OpenOffice.org
2008-10-20 23:21:52 ----D---- C:\Program Files\HDTVNetworks
2008-10-19 20:21:39 ----D---- C:\Program Files\JRE
2008-10-19 20:21:28 ----D---- C:\Program Files\OpenOffice.org 3
2008-10-17 19:31:42 ----D---- C:\Program Files\Spectromancer
2008-10-15 09:06:44 ----D---- C:\Program Files\Common Files\Akamai
2008-10-15 09:06:37 ----D---- C:\ProgramData\Metacafe
2008-10-15 09:06:35 ----D---- C:\Program Files\Metacafe
2008-10-14 19:29:04 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 19:29:04 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 19:29:03 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 19:29:02 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 19:29:02 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 19:29:01 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 19:29:01 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 19:29:00 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 19:29:00 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-11 21:41:47 ----A---- C:\Windows\system32\javaws.exe
2008-10-11 21:41:47 ----A---- C:\Windows\system32\javaw.exe
2008-10-11 21:41:47 ----A---- C:\Windows\system32\java.exe
2008-10-08 09:10:28 ----D---- C:\Program Files\Apple Software Update
2008-10-08 09:09:51 ----A---- C:\Windows\system32\GEARAspi.dll
2008-10-08 09:09:31 ----D---- C:\Program Files\iPod
2008-10-08 09:09:30 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 09:09:30 ----D---- C:\Program Files\iTunes
2008-10-08 09:07:39 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2008-11-01 23:38:33 ----D---- C:\Windows\Prefetch
2008-11-01 22:24:14 ----SHD---- C:\System Volume Information
2008-11-01 19:28:56 ----D---- C:\Windows\System32
2008-11-01 19:28:56 ----D---- C:\Windows\inf
2008-11-01 19:28:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-01 10:57:01 ----D---- C:\Users\kagera\AppData\Roaming\uTorrent
2008-11-01 00:46:31 ----D---- C:\ProgramData\Google Updater
2008-10-30 21:14:19 ----D---- C:\Windows
2008-10-30 21:11:23 ----A---- C:\Windows\system.ini
2008-10-30 21:10:20 ----D---- C:\Windows\system32\drivers
2008-10-30 21:10:20 ----D---- C:\Windows\AppPatch
2008-10-30 21:10:20 ----D---- C:\Program Files\Common Files
2008-10-30 21:05:40 ----D---- C:\Windows\system32\en-US
2008-10-30 20:55:00 ----SD---- C:\Windows\Downloaded Program Files
2008-10-29 22:37:14 ----D---- C:\Users\kagera\AppData\Roaming\Adobe
2008-10-29 22:36:22 ----RD---- C:\Program Files
2008-10-28 19:57:51 ----D---- C:\Windows\winsxs
2008-10-28 19:28:19 ----D---- C:\Windows\system32\catroot
2008-10-28 19:24:18 ----D---- C:\Windows\Microsoft.NET
2008-10-28 19:24:04 ----D---- C:\Windows\system32\catroot2
2008-10-28 09:04:30 ----D---- C:\Windows\ehome
2008-10-27 21:56:01 ----D---- C:\Downloads
2008-10-27 20:57:42 ----HD---- C:\Config.Msi
2008-10-27 20:52:11 ----SD---- C:\ProgramData\Microsoft
2008-10-27 20:52:08 ----SHD---- C:\Windows\Installer
2008-10-27 20:51:59 ----HD---- C:\ProgramData
2008-10-27 20:51:52 ----DC---- C:\Windows\system32\DRVSTORE
2008-10-21 23:18:35 ----D---- C:\Windows\Debug
2008-10-21 23:10:30 ----D---- C:\Program Files\osu!
2008-10-21 23:10:04 ----D---- C:\Program Files\isite
2008-10-21 22:59:15 ----D---- C:\Program Files\BitComet
2008-10-21 09:02:25 ----D---- C:\Windows\system32\Tasks
2008-10-20 23:54:03 ----D---- C:\Program Files\DivX
2008-10-20 20:51:21 ----D---- C:\Program Files\Safari
2008-10-20 20:44:01 ----D---- C:\Users\kagera\AppData\Roaming\LimeWire
2008-10-19 20:23:51 ----RSD---- C:\Windows\assembly
2008-10-19 20:21:56 ----RSD---- C:\Windows\Fonts
2008-10-15 09:52:46 ----D---- C:\Windows\system32\migration
2008-10-15 09:52:46 ----D---- C:\Program Files\Windows Mail
2008-10-11 21:41:47 ----D---- C:\Program Files\Java
2008-10-08 09:08:34 ----D---- C:\Program Files\Bonjour
2008-10-08 09:07:43 ----D---- C:\Program Files\Common Files\Apple
2008-10-07 15:19:40 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM; \??\C:\Program Files\VMLaunch\BuddyVM.sys [2005-02-17 15488]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [2008-06-25 23217]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-01-15 316928]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-02 7460320]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2007-08-21 24064]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 288256]
S3 ai2k269k;ai2k269k; C:\Windows\system32\drivers\ai2k269k.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys [2008-06-25 15472]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-28 611664]
R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-27 168432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-02 118784]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-12 72704]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-21 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users