Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log: IEXPLORE.EXE


  • This topic is locked This topic is locked
13 replies to this topic

#1 Patient

Patient

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 18 November 2008 - 03:05 PM

Pretty sure this is not Internet Explorer!
Formatting/installing SP3 is not an option currently, but otherwise up-to-date as far as SP2 is concerned.
Very grateful for any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:50, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sopcast.com/download/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\WINDOWS\system32\ati2sgav.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62101695-9578-4D77-A232-1F65059407C3}: NameServer = 212.74.112.66,212.74.112.67
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 4480 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 18 November 2008 - 06:29 PM

Hello! :thumbsup:
My name is Sam and I will be helping you.

I will do my best to communicate clearly to you so that we can resolve your issues as quickly as possible. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to fix your computer. Please communicate freely with me about how your computer is reacting and behaving as we work through this process.


Please download random's system information tool (RSIT) and save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Patient

Patient
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 19 November 2008 - 02:08 PM

Files attached.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-19 19:03:09
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 14 GB (9%) free of 153 GB
Total RAM: 2046 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:10, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
E:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sopcast.com/download/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\WINDOWS\system32\ati2sgav.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62101695-9578-4D77-A232-1F65059407C3}: NameServer = 212.74.112.66,212.74.112.67
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 4473 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-04 266497]
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe [2007-09-07 159744]
"RivaTuner"=C:\Program Files\RivaTuner v2.11\RivaTuner.exe [2008-09-16 2715648]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.11\RivaTuner.exe [2008-09-16 2715648]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2008-02-26 1012736]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-23 13672448]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ati2sgav"=C:\WINDOWS\system32\ati2sgav.exe [2008-10-28 239863]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"=C:\Program Files\Strokeit\strokeit.exe [2005-02-17 21504]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3
"sdCoreService"=3
"sdAuxService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe"="C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe"
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe"="C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe"
"C:\Program Files\PANDORA.TV\Live\Live.exe"="C:\Program Files\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe"
"C:\Program Files\PANDORA.TV\Live\PANDORATVLive.exe"="C:\Program Files\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\autoplay\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a17d5f4e-aff5-11dc-851f-806d6172696f}]
shell\AutoRun\command - F:\install.EXE id= ver=1.0.0.0


======List of files/folders created in the last 1 months======

2008-11-19 18:49:30 ----A---- C:\info.txt
2008-11-19 18:49:09 ----D---- C:\rsit
2008-11-19 18:49:09 ----A---- C:\log.txt
2008-11-19 03:58:15 ----HDC---- C:\WINDOWS\ie8
2008-11-19 03:55:21 ----A---- C:\WINDOWS\imsins.BAK
2008-11-19 03:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-11-18 19:47:33 ----D---- C:\Program Files\Trend Micro
2008-11-18 19:30:22 ----D---- C:\WINDOWS\pss
2008-11-18 05:37:43 ----D---- C:\Program Files\Lavasoft
2008-11-18 05:37:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-18 05:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-18 05:36:44 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-18 05:36:44 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-18 04:59:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-11 22:03:12 ----D---- C:\WINDOWS\Applian FLV Player
2008-11-11 19:07:38 ----D---- C:\Documents and Settings\Owner\Application Data\Log
2008-11-11 18:49:30 ----A---- C:\WINDOWS\system32\PanInstaller.dll
2008-11-11 18:49:24 ----A---- C:\WINDOWS\system32\FirstLoad.dll
2008-11-02 20:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-10-31 23:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2008-10-31 23:32:17 ----D---- C:\Program Files\Bethesda Softworks
2008-10-31 23:31:45 ----D---- C:\Program Files\MSBuild
2008-10-31 23:30:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-31 23:30:07 ----D---- C:\Program Files\Reference Assemblies
2008-10-31 23:29:10 ----A---- C:\WINDOWS\system32\ati2sgav.exe
2008-10-25 16:32:17 ----D---- C:\Program Files\Ubisoft
2008-10-25 16:26:57 ----A---- C:\Documents and Settings\Owner\Application Data\PnkBstrB.exe
2008-10-25 16:26:45 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-25 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 16:30:50 ----D---- C:\WINDOWS\nview
2008-10-24 16:30:50 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-24 16:30:38 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-23 20:50:58 ----D---- C:\Documents and Settings\Owner\Application Data\XRay Engine
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of files/folders modified in the last 1 months======

2008-11-19 19:01:30 ----D---- C:\WINDOWS\Temp
2008-11-19 18:54:55 ----D---- C:\Program Files\Mozilla Firefox
2008-11-19 18:53:17 ----D---- C:\Documents and Settings\Owner\Application Data\foobar2000
2008-11-19 18:49:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-19 17:14:16 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-11-19 14:56:27 ----D---- C:\Program Files\Trillian
2008-11-19 04:40:57 ----D---- C:\Documents and Settings\Owner\Application Data\.purple
2008-11-19 04:40:53 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-11-19 04:01:52 ----D---- C:\WINDOWS
2008-11-19 04:01:51 ----D---- C:\WINDOWS\system32
2008-11-19 04:01:27 ----D---- C:\WINDOWS\system32\en-us
2008-11-19 04:01:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-19 04:01:26 ----HD---- C:\WINDOWS\inf
2008-11-19 04:01:26 ----D---- C:\WINDOWS\Media
2008-11-19 04:01:26 ----D---- C:\WINDOWS\Help
2008-11-19 04:01:26 ----D---- C:\Program Files\Internet Explorer
2008-11-19 03:55:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-19 03:47:21 ----SHD---- C:\WINDOWS\Installer
2008-11-19 03:47:21 ----D---- C:\WINDOWS\WinSxS
2008-11-19 03:47:08 ----D---- C:\Program Files\MSN Messenger
2008-11-19 00:07:16 ----A---- C:\WINDOWS\win.ini
2008-11-18 20:06:04 ----RD---- C:\Program Files
2008-11-18 19:38:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-18 19:32:13 ----RSH---- C:\boot.ini
2008-11-18 19:32:13 ----N---- C:\WINDOWS\system.ini
2008-11-18 05:37:43 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 05:37:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 05:25:22 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-18 05:23:52 ----D---- C:\WINDOWS\ie7updates
2008-11-18 05:22:51 ----HD---- C:\WUTemp
2008-11-18 04:58:37 ----D---- C:\WINDOWS\system32\txp
2008-11-11 20:12:39 ----D---- C:\Program Files\SopCast
2008-11-10 16:46:14 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-10 16:40:51 ----D---- C:\Program Files\Activision
2008-11-10 15:58:53 ----D---- C:\Program Files\Sports Interactive
2008-11-10 15:58:10 ----D---- C:\Documents and Settings\Owner\Application Data\Sports Interactive
2008-11-04 16:46:57 ----D---- C:\Program Files\Combined Community Codec Pack
2008-10-31 23:48:37 ----RSD---- C:\WINDOWS\assembly
2008-10-31 23:48:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-31 23:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 23:30:31 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 13:48:42 ----D---- C:\WINDOWS\system32\DirectX
2008-10-28 13:48:42 ----D---- C:\Program Files\Electronic Arts
2008-10-25 16:40:28 ----D---- C:\Program Files\AMD
2008-10-23 06:42:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-21 00:39:33 ----D---- C:\Program Files\Pidgin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-18 75072]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-02-06 446336]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-20 279712]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-20 25888]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-21 206224]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-23 6187040]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.11\RivaTuner32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 a4h6y599;a4h6y599; C:\WINDOWS\system32\drivers\a4h6y599.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-11-12 60800]
S3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-02-06 33024]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CyUsb;Cypress Generic USB Driver; C:\WINDOWS\System32\Drivers\CyUsb.sys [2005-03-03 31104]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-11-12 61824]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys []
S3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-02-26 1176904]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-04 151297]
S3 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-04 68865]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-23 163908]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-07-17 337800]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-07-17 1017224]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-11-19 19:03:11

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agnitum Outpost Firewall Pro-->"C:\Program Files\Agnitum\Outpost Firewall Pro\unins000.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Company of Heroes-->MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Creative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
Driver Sweeper 1.5.5-->"C:\Program Files\Driver Sweeper\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
foobar2000 v0.9.5.4-->"C:\Program Files\foobar2000\uninstall.exe"
Football Manager 2009 Demo-->"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\Uninstall_Football Manager 2009 Demo\Uninstall Football Manager 2009 Demo.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Fraps (remove only)-->"C:\Program Files\FRAPS\uninstall.exe"
Gimp 2.6.0-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
GTK2-Runtime-->C:\Program Files\GTK2-Runtime\gtk2_runtime_uninst.exe
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB924441)-->"C:\WINDOWS\$NtUninstallKB924441$\spuninst\spuninst.exe"
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Movica-->MsiExec.exe /I{DEC0260E-680A-4E50-AE95-F2F75D95D442}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision-->MsiExec.exe /I{5FE1E412-D114-46E8-A891-5BE087B256A5}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Razer DeathAdder™ Mouse-->C:\Program Files\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\Setup.exe -runfromtemp -l0x0009 -removeonly
Real Alternative 1.60 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Revo Uninstaller 1.40-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RivaTuner v2.11-->"C:\Program Files\RivaTuner v2.11\uninstall.exe"
S.T.A.L.K.E.R. - Clear Sky [v1.0005]-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Clear Sky\unins000.exe"
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Smart Mod Manager-->MsiExec.exe /I{7D51E126-8606-4DAA-B283-85798A803D3F}
SopCast 1.1.2-->C:\Program Files\SopCast\uninst.exe
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StrokeIt (remove only)-->"C:\Program Files\Strokeit\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tango Patcher 2600 8.06-->C:\WINDOWS\Tango Patcher 2600\uninst.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TmNationsForever_Fix_2008_07_25-->"C:\Program Files\TmNationsForever\unins000.exe"
TUGZip 3.4-->"C:\Program Files\TUGZip\unins000.exe"
Turok-->C:\Program Files\InstallShield Installation Information\{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}\setup.exe -runfromtemp -l0x0009Turok -removeonly
TVUPlayer 2.3.7.1-->C:\Program Files\TVUPlayer\uninst.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinMerge 2.10.0.0-->"C:\Program Files\WinMerge\unins000.exe"
World Class Poker-->C:\Program Files\Masque\wcPoker\uninstall.exe "World Class Poker.ilg"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)
FW: Outpost Firewall Pro

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\GTK2-Runtime\lib
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Attached Files

  • Attached File  log.txt   23.66KB   3 downloads
  • Attached File  info.txt   12.42KB   4 downloads

Edited by Buckeye_Sam, 19 November 2008 - 07:39 PM.
paste logs directly into post


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 19 November 2008 - 07:47 PM

Going forward, please copy and paste your logs directly into the post. It just makes it much easier for me to review if they are already visible.

Please visit the online Jotti Virus Scanner
  • Click on Posted Image button.
  • Copy and paste the following filepath in the box:


    C:\WINDOWS\system32\ati2sgav.exe


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html


=================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Patient

Patient
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 19 November 2008 - 10:01 PM

Scanner results
Scan taken on 20 Nov 2008 02:50:08 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found Trojan.Psw.Ldpinch.Beo
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan:W32/AutoIt.A
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Malwarebytes' Anti-Malware 1.30
Database version: 1412
Windows 5.1.2600 Service Pack 2

20/11/2008 02:55:24
mbam-log-2008-11-20 (02-55-24).txt

Scan type: Quick Scan
Objects scanned: 46791
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 20 November 2008 - 10:28 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run.
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\system32\ati2sgav.exe
    
    :Commands
    [EmptyTemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


=================




Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Also post a new log from RSIT.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Patient

Patient
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 22 November 2008 - 10:38 AM

========== FILES ==========
C:\WINDOWS\system32\ati2sgav.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_MOPJ6HbIR7E4z6aZTAXW scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF2C49.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC433.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFDE91.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFDF08.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF5D8.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF67D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF7DB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF7E8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11202008_193451

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_MOPJ6HbIR7E4z6aZTAXW not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Perflib_Perfdata_5b4.dat not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF2C49.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFC433.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFDE91.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFDF08.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF5D8.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF67D.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF7DB.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF7E8.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\mvapy574.default\XUL.mfl moved successfully.

info.txt logfile of random's system information tool 1.04 2008-11-22 15:42:11

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agnitum Outpost Firewall Pro-->"C:\Program Files\Agnitum\Outpost Firewall Pro\unins000.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Company of Heroes-->MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Creative EAX Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Crysis WARHEAD®-->"C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Crysis WARHEAD®-->C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Device Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
Driver Sweeper 1.5.5-->"C:\Program Files\Driver Sweeper\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
foobar2000 v0.9.5.4-->"C:\Program Files\foobar2000\uninstall.exe"
Football Manager 2009 Demo-->"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\Uninstall_Football Manager 2009 Demo\Uninstall Football Manager 2009 Demo.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Fraps (remove only)-->"C:\Program Files\FRAPS\uninstall.exe"
Gimp 2.6.0-->"C:\Program Files\Gimp-2.0\setup\unins000.exe"
GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe"
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
GTK2-Runtime-->C:\Program Files\GTK2-Runtime\gtk2_runtime_uninst.exe
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB924441)-->"C:\WINDOWS\$NtUninstallKB924441$\spuninst\spuninst.exe"
Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Movica-->MsiExec.exe /I{DEC0260E-680A-4E50-AE95-F2F75D95D442}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision-->MsiExec.exe /I{5FE1E412-D114-46E8-A891-5BE087B256A5}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
QuickTime Alternative 1.95-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Razer DeathAdder™ Mouse-->C:\Program Files\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\Setup.exe -runfromtemp -l0x0009 -removeonly
Real Alternative 1.60 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Revo Uninstaller 1.40-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RivaTuner v2.20-->"C:\Program Files\RivaTuner v2.20\uninstall.exe"
S.T.A.L.K.E.R. - Clear Sky [v1.0005]-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Clear Sky\unins000.exe"
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]-->"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Smart Mod Manager-->MsiExec.exe /I{7D51E126-8606-4DAA-B283-85798A803D3F}
SopCast 1.1.2-->C:\Program Files\SopCast\uninst.exe
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StrokeIt (remove only)-->"C:\Program Files\Strokeit\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tango Patcher 2600 8.06-->C:\WINDOWS\Tango Patcher 2600\uninst.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TmNationsForever_Fix_2008_07_25-->"C:\Program Files\TmNationsForever\unins000.exe"
Tomb Raider: Underworld 1.0-->C:\Program Files\Tomb Raider - Underworld\uninst.exe
TUGZip 3.4-->"C:\Program Files\TUGZip\unins000.exe"
Turok-->C:\Program Files\InstallShield Installation Information\{1BC3AF44-D80E-4744-A8E1-9BC540424AC9}\setup.exe -runfromtemp -l0x0009Turok -removeonly
TVUPlayer 2.3.7.1-->C:\Program Files\TVUPlayer\uninst.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinMerge 2.10.0.0-->"C:\Program Files\WinMerge\unins000.exe"
World Class Poker-->C:\Program Files\Masque\wcPoker\uninstall.exe "World Class Poker.ilg"

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)
FW: Outpost Firewall Pro

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\GTK2-Runtime\lib
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-22 15:42:09
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (4%) free of 153 GB
Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:09, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\RivaTuner v2.20\RivaTuner.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
E:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sopcast.com/download/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.20\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.20\RivaTuner.exe" /T
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\WINDOWS\system32\ati2sgav.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62101695-9578-4D77-A232-1F65059407C3}: NameServer = 212.74.112.66,212.74.112.67
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 4500 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=Rundll32 P17.dll []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-04 266497]
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe [2007-09-07 159744]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2008-02-26 1012736]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.20\RivaTuner.exe [2008-11-19 2727936]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"RivaTuner"=C:\Program Files\RivaTuner v2.20\RivaTuner.exe [2008-11-19 2727936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ati2sgav"=C:\WINDOWS\system32\ati2sgav.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StrokeIt"=C:\Program Files\Strokeit\strokeit.exe [2005-02-17 21504]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3
"sdCoreService"=3
"sdAuxService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe"="C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe"
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe"="C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe"
"C:\Program Files\PANDORA.TV\Live\Live.exe"="C:\Program Files\PANDORA.TV\Live\Live.exe:*:Enabled:Live.exe"
"C:\Program Files\PANDORA.TV\Live\PANDORATVLive.exe"="C:\Program Files\PANDORA.TV\Live\PANDORATVLive.exe:*:Enabled:PANDORATVLive.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\autoplay\autoplay.exe


======List of files/folders created in the last 1 months======

2008-11-22 15:24:26 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2008-11-21 19:32:07 ----D---- C:\WINDOWS\LastGood
2008-11-21 18:32:53 ----D---- C:\Program Files\Tomb Raider - Underworld
2008-11-20 19:54:49 ----D---- C:\fsaua.data
2008-11-20 19:45:50 ----D---- C:\_OTMoveIt
2008-11-20 14:08:42 ----D---- C:\Program Files\RivaTuner v2.20
2008-11-20 14:01:38 ----D---- C:\WINDOWS\nview
2008-11-20 14:01:38 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-20 14:01:19 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-20 14:01:08 ----D---- C:\NVIDIA
2008-11-20 03:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-11-20 03:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure
2008-11-20 02:51:20 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-11-20 02:51:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-20 02:51:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-19 18:49:30 ----A---- C:\info.txt
2008-11-19 18:49:09 ----D---- C:\rsit
2008-11-19 18:49:09 ----A---- C:\log.txt
2008-11-19 03:58:15 ----HDC---- C:\WINDOWS\ie8
2008-11-19 03:55:18 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-11-18 19:47:33 ----D---- C:\Program Files\Trend Micro
2008-11-18 19:30:22 ----D---- C:\WINDOWS\pss
2008-11-18 05:37:43 ----D---- C:\Program Files\Lavasoft
2008-11-18 05:37:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-18 05:36:52 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-18 05:36:44 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-18 05:36:44 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-11-18 04:59:18 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-11-11 22:03:12 ----D---- C:\WINDOWS\Applian FLV Player
2008-11-11 19:07:38 ----D---- C:\Documents and Settings\Owner\Application Data\Log
2008-11-11 18:49:30 ----A---- C:\WINDOWS\system32\PanInstaller.dll
2008-11-11 18:49:24 ----A---- C:\WINDOWS\system32\FirstLoad.dll
2008-11-02 20:06:20 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2008-10-31 23:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2008-10-31 23:32:17 ----D---- C:\Program Files\Bethesda Softworks
2008-10-31 23:31:45 ----D---- C:\Program Files\MSBuild
2008-10-31 23:30:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-31 23:30:07 ----D---- C:\Program Files\Reference Assemblies
2008-10-25 16:32:17 ----D---- C:\Program Files\Ubisoft
2008-10-25 16:26:57 ----A---- C:\Documents and Settings\Owner\Application Data\PnkBstrB.exe
2008-10-25 16:26:45 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-25 16:09:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 20:50:58 ----D---- C:\Documents and Settings\Owner\Application Data\XRay Engine

======List of files/folders modified in the last 1 months======

2008-11-22 15:40:48 ----D---- C:\Documents and Settings\Owner\Application Data\.purple
2008-11-22 15:40:22 ----D---- C:\Program Files\Mozilla Firefox
2008-11-22 15:39:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-22 15:34:25 ----RD---- C:\Program Files
2008-11-22 15:15:57 ----D---- C:\Documents and Settings\Owner\Application Data\foobar2000
2008-11-22 15:14:14 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-11-22 02:45:43 ----D---- C:\WINDOWS\Temp
2008-11-22 00:01:24 ----D---- C:\WINDOWS
2008-11-21 19:32:36 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-21 19:32:07 ----HD---- C:\WINDOWS\inf
2008-11-20 19:54:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-20 19:34:51 ----D---- C:\WINDOWS\system32
2008-11-20 18:15:53 ----SHD---- C:\WINDOWS\Installer
2008-11-20 14:01:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-20 14:01:38 ----D---- C:\WINDOWS\Help
2008-11-20 14:01:33 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 06:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-19 14:56:27 ----D---- C:\Program Files\Trillian
2008-11-19 04:40:53 ----D---- C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-11-19 04:01:27 ----D---- C:\WINDOWS\system32\en-us
2008-11-19 04:01:26 ----D---- C:\WINDOWS\Media
2008-11-19 04:01:26 ----D---- C:\Program Files\Internet Explorer
2008-11-19 03:55:16 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-19 03:47:21 ----D---- C:\WINDOWS\WinSxS
2008-11-19 03:47:08 ----D---- C:\Program Files\MSN Messenger
2008-11-19 00:07:16 ----A---- C:\WINDOWS\win.ini
2008-11-18 19:32:13 ----RSH---- C:\boot.ini
2008-11-18 19:32:13 ----N---- C:\WINDOWS\system.ini
2008-11-18 05:37:11 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-18 05:25:22 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-18 05:23:52 ----D---- C:\WINDOWS\ie7updates
2008-11-18 05:22:51 ----HD---- C:\WUTemp
2008-11-18 04:58:37 ----D---- C:\WINDOWS\system32\txp
2008-11-11 20:12:39 ----D---- C:\Program Files\SopCast
2008-11-10 16:46:14 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-10 16:40:51 ----D---- C:\Program Files\Activision
2008-11-10 15:58:53 ----D---- C:\Program Files\Sports Interactive
2008-11-10 15:58:10 ----D---- C:\Documents and Settings\Owner\Application Data\Sports Interactive
2008-11-04 16:46:57 ----D---- C:\Program Files\Combined Community Codec Pack
2008-10-31 23:48:37 ----RSD---- C:\WINDOWS\assembly
2008-10-31 23:48:14 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-31 23:32:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 23:30:31 ----RSD---- C:\WINDOWS\Fonts
2008-10-28 13:48:42 ----D---- C:\WINDOWS\system32\DirectX
2008-10-28 13:48:42 ----D---- C:\Program Files\Electronic Arts
2008-10-25 16:40:28 ----D---- C:\Program Files\AMD

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-18 75072]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SandBox;SandBox; C:\WINDOWS\system32\DRIVERS\SandBox.sys [2008-02-06 446336]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-20 279712]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-20 25888]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2008-02-21 206224]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-04-14 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-04-14 13056]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.20\RivaTuner32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 a1328hi6;a1328hi6; C:\WINDOWS\system32\drivers\a1328hi6.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-11-12 60800]
S3 ASWFilt;ASWFilt; C:\WINDOWS\system32\Filt\ASWFilt.dll [2008-02-06 33024]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CyUsb;Cypress Generic USB Driver; C:\WINDOWS\System32\Drivers\CyUsb.sys [2005-03-03 31104]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-02-01 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-11-12 61824]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys []
S3 p17filt;p17filt; C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2008-02-26 1176904]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-04 151297]
S3 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-04 68865]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-10-11 38912]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-07-17 337800]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-07-17 1017224]

-----------------EOF-----------------


Sorry for the delayed response, but I have been unable to run F-Secure. Is there an alternative?

The process is no longer apparent at start-up, and the computer seems to be healthy.

Edited by Patient, 22 November 2008 - 10:43 AM.


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 22 November 2008 - 10:57 AM

No problem. Let's clean up a couple things in your log then we'll try another virus scan.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Policies\Explorer\Run: [ati2sgav] "C:\WINDOWS\system32\ati2sgav.exe"



=================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Patient

Patient
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 23 November 2008 - 07:35 AM

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 22, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 22, 2008 16:51:12
Records in database: 1403049
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
Scan statistics
Files scanned 97065
Threat name 2
Infected objects 3
Suspicious objects 0
Duration of the scan 02:11:15

File name Threat name Threats count
C:\WINDOWS\system32\drivers\etc\r\spsexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.13 1
C:\WINDOWS\Tango Patcher (Applications)\Tools\wfpdisable.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
C:\WINDOWS\Tango Patcher 2600\Tools\wfpdisable.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:43, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\RivaTuner v2.20\RivaTuner.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sopcast.com/download/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.20\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.20\RivaTuner.exe" /T
O4 - HKCU\..\Run: [StrokeIt] C:\Program Files\Strokeit\strokeit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62101695-9578-4D77-A232-1F65059407C3}: NameServer = 212.74.112.66,212.74.112.67
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 4307 bytes

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 23 November 2008 - 12:37 PM

Copy this text into OTMoveIt3 just like you did before.

:files
C:\WINDOWS\system32\drivers\etc\r\spsexec.exe 
C:\WINDOWS\Tango Patcher (Applications)\Tools\wfpdisable.exe 
C:\WINDOWS\Tango Patcher 2600\Tools\wfpdisable.exe


Please post back with the resulting log.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Patient

Patient
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 23 November 2008 - 12:49 PM

Tango Patcher's wfpdisable.exe is not malicious. It is used to stop Windows complaining when certain files are replaced (in this instance, to replace their icons). As I understand, wfpdisable.exe is no longer necessary for Tango Patcher to function after the initial install so it can be removed safely, however I have elected not to. I hope this is useful information to you. :thumbsup:

========== FILES ==========
C:\WINDOWS\system32\drivers\etc\r\spsexec.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11242008_033552

The computer continues to appear healthy and stable, untroubled by processes I cannot account for.

Edited by Patient, 23 November 2008 - 10:48 PM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 24 November 2008 - 12:22 PM

Unfortunately we see a lot of cracked software here. If a virus scan identifies something as malware and I don't know better I tend to recommend removal. But if you are comfortable with that file remaining on your computer, it's ok with me. :)

It's time to clean up.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Patient

Patient
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 24 November 2008 - 06:45 PM

Thank you very much for your help, Sam. You've been excellent!

:thumbsup:

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:14 AM

Posted 24 November 2008 - 06:49 PM

I'm glad I could help you out! :thumbsup:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users