Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware - redirection!


  • This topic is locked This topic is locked
21 replies to this topic

#1 p0rty

p0rty

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 13 July 2009 - 11:03 AM

Hi there


I recently removed a virus of some sort using spybot/superantispyware and combo fix.


Recently on firefox I have a lot of annoying redirects to various sites including: 7klik, searchbitannia and various others.


I am posting my lastes HJT log and various others...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:56, on 13/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\isass.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1239307851970
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239397546765
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CSNetManagerXp - Unknown owner - C:\WINDOWS\system32\isass.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)

--
End of file - 7859 bytes




Interestly, after i ran this scan, NOD32 told me it has cleaned a trojan at c:\windows\system32\isass.exe

MBAM LOG:


Malwarebytes' Anti-Malware 1.38
Database version: 2412
Windows 5.1.2600 Service Pack 3

12/07/2009 18:10:02
mbam-log-2009-07-12 (18-10-02).txt

Scan type: Quick Scan
Objects scanned: 68515
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SPYBOT LOG:


All clean except the following tracking cookie:




Right Media: Tracking cookie (Internet Explorer: Amit) (Cookie, nothing done)



Cleaned...



All clean following scan with superantispyware....

BC AdBot (Login to Remove)

 


#2 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:14 AM

Posted 13 July 2009 - 01:35 PM

Hello p0rty, and welcome to BleepingComputer.com! I will be handling your log to help you get cleaned up.

Please take note of the following:
  • I will start working on your malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clean. Just because a symptom disappears does not mean your system is clean.
  • Please set aside enough time to complete all the steps in each post and follow the instructions in the order stated.
  • Please don't run any extra scans or fix programs not requested by me as it could change the results in the reports I request.
  • If there's anything that you don't understand, stop and ask your question(s) before proceeding with the fixes.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you have circumstances that you are aware of that will delay your response, then please let me know. This is to ensure that your topic remains open and I don't close it to start a new post.
    NOTE: In the upper right hand corner of the topic you will see a button called Options. If you click on this button, a drop-down menu will expand. By choosing Track this topic and then choosing Immediate Email Notification, followed by clicking Proceed, you will be advised when I respond to your topic. This facilitates the cleaning procedure.
  • Please reply to this thread. Do not start a new topic.
Reviewing your log(s) requires an amount of research, so please be patient. Thanks.



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


Step #1: GooredFix
Let's run GooredFix:
  • Please download GooredFix from one of the locations below and save it to your Desktop.
  • Ensure all Firefox windows are closed.
  • To run the GooredFix tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
    GooredFix will check for infections, and then a log will appear.
  • Please post the entire contents of that log in your next reply (it can also be found on your Desktop, called GooredFix.txt).
Step #2: DDS
We need to use DDS to see some information about what is happening in your machine:
  • Please download DDS by sUBs from one of the links below and save it to your Desktop.
  • Double-click on the DDS icon, and allow the program to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results soon.
  • Follow the instructions that pop up for posting the results and click OK. The black and message box window shall then disappear.
  • Save both log files on your Desktop and post the DDS.txt and zip up and attach Attach.txt as instructed.

    NOTE: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE: BleepingComputer.com - How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs.


So in your next reply, please post the entire contents of:
  • GooredFix.txt
  • DDS.txt
  • Attach.txt (attached)
NOTE: Use several posts if necessary to include everything in the requested logs.
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#3 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 13 July 2009 - 01:48 PM

GooredFix by jpshortstuff (12.07.09)
Log created at 19:47 on 13/07/2009 (Amit)
Firefox version 3.0.11 (en-GB)

========== GooredScan ==========

Deleting C:\Program Files\Mozilla Firefox\extensions\{E73C4873-F58B-45DC-90CC-02C5BF6E6919} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:24 09/04/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [01:07 27/05/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [23:09 10/04/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:06 27/05/2009]

-=E.O.F=-

#4 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 13 July 2009 - 01:50 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Amit at 19:48:58.24 on 13/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2347 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\isass.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Amit\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239307851970
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239397546765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amit\applic~1\mozilla\firefox\profiles\s7cfjkze.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\amit\application data\mozilla\firefox\profiles\s7cfjkze.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\amit\application data\mozilla\firefox\profiles\s7cfjkze.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\amit\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2009-4-10 77312]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 CSNetManagerXp;CSNetManagerXp;c:\windows\system32\isass.exe [2009-7-13 234496]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2009-4-7 36256]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-6-18 38176]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S0 nrlu;nrlu;c:\windows\system32\drivers\rtjswnyx.sys --> c:\windows\system32\drivers\rtjswnyx.sys [?]
S0 wbbd;wbbd;c:\windows\system32\drivers\owcu.sys --> c:\windows\system32\drivers\owcu.sys [?]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 wlidsvc;Windows Live ID Sign-in Assistant;"c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" --> c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [?]
S4 0137061243211311mcinstcleanup;McAfee Application Installer Cleanup (0137061243211311);c:\docume~1\amit\locals~1\temp\013706~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\amit\locals~1\temp\013706~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2009-07-13 16:30 234,496 -------- c:\windows\system32\isass.exe
2009-07-11 01:44 <DIR> --d----- c:\program files\VideoLAN
2009-07-10 06:16 <DIR> --d----- c:\program files\Total Video Converter
2009-07-10 02:06 31 a------- c:\windows\system32\windosdwsp32.dll
2009-07-10 01:33 90,112 a------- c:\windows\system32\videoul.tmp
2009-07-10 01:31 200 a------- c:\windows\asfbinapp.INI
2009-07-08 04:50 <DIR> --d----- c:\program files\Microsoft Calculator Plus
2009-07-07 13:40 <DIR> --d----- c:\documents and settings\amit\DoctorWeb
2009-07-07 13:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-07 13:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-07 13:29 <DIR> --d----- c:\docume~1\amit\applic~1\SUPERAntiSpyware.com
2009-07-05 23:28 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 01:16 <DIR> -cd-h--- C:\86e56eedd6f8740f2ffcc341b81ff3
2009-06-20 07:10 <DIR> --d----- c:\program files\WinPcap
2009-06-19 00:53 <DIR> --d----- c:\windows\NV32242100.TMP
2009-06-19 00:52 <DIR> --d----- c:\windows\NV32243720.TMP
2009-06-19 00:22 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-19 00:22 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 00:22 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-19 00:22 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-19 00:18 76 a------- c:\windows\BricoPackFoldersDelete.cmd
2009-06-18 23:28 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-06-18 23:28 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-06-18 23:28 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-06-18 23:28 24,064 -c------ c:\windows\system32\dllcache\pidgen.dll
2009-06-18 22:53 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-18 22:53 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-18 22:53 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-18 22:53 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-18 22:53 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-06-18 22:53 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-18 22:53 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-18 22:52 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-18 22:52 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-18 22:52 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-18 22:51 345,600 -c------ c:\windows\system32\dllcache\localspl.dll
2009-06-18 22:51 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-18 22:51 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 22:51 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-18 22:51 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-06-18 22:50 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-06-18 22:50 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-06-18 22:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-18 22:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-18 22:21 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-18 22:21 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2009-06-18 22:21 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-06-18 22:21 28,672 a------- c:\windows\system32\vidcap.ax
2009-06-18 22:21 49,408 ac------ c:\windows\system32\dllcache\stream.sys
2009-06-18 22:21 16,896 ac------ c:\windows\system32\dllcache\msyuv.dll
2009-06-18 22:21 294,912 a------- c:\windows\system32\msh263.drv
2009-06-18 22:21 49,408 a------- c:\windows\system32\drivers\stream.sys
2009-06-18 22:21 16,896 a------- c:\windows\system32\msyuv.dll
2009-06-18 22:19 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 22:19 446,464 a------- c:\windows\system32\nvunrm.exe
2009-06-18 22:19 6,045 a------- c:\windows\system32\nvnrm.nvu
2009-06-18 22:19 380,416 -------- c:\windows\system32\irprops.cpl
2009-06-18 22:19 57,667 a------- c:\windows\system32\ieuinit.inf
2009-06-18 22:19 929 a------- c:\windows\system32\homepage.inf
2009-06-18 22:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 22:10 <DIR> --d----- c:\windows\system32\Asuscq_V21711
2009-06-18 22:09 1,746 a------- c:\windows\Language_trs.ini
2009-06-18 22:06 8,192 ac------ c:\windows\system32\dllcache\tsbyuv.dll
2009-06-18 22:06 8,192 a------- c:\windows\system32\tsbyuv.dll
2009-06-18 22:06 47,616 ac------ c:\windows\system32\dllcache\iyuv_32.dll
2009-06-18 22:06 47,616 a------- c:\windows\system32\iyuv_32.dll
2009-06-18 22:04 442,368 a------- c:\windows\system32\nvuhda.exe
2009-06-18 22:04 41,984 a------- c:\windows\system32\nvcohda.dll
2009-06-18 22:04 38,176 a------- c:\windows\system32\drivers\nvhda32.sys
2009-06-18 22:04 351 a------- c:\windows\system32\nvhda.nvu
2009-06-18 22:04 <DIR> --d----- c:\windows\system32\HDMI
2009-06-18 22:00 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-06-18 21:58 213,016 a------- c:\windows\system32\wuaucpl.cpl
2009-06-18 21:42 30,600 a------- c:\windows\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 30,600 a------- c:\windows\system32\BMXState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 29,604 a------- c:\windows\system32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 29,604 a------- c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 11,564 a------- c:\windows\system32\DVCState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-06-18 21:42 1,080 a------- c:\windows\system32\settings.sfm
2009-06-18 21:41 4,958,588 a------- c:\windows\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-06-18 21:30 <DIR> -cd-h--- C:\f2c6246b83671395532e90b9d0c99e92
2009-06-18 21:25 <DIR> --d----- c:\windows\ASUSInstAll
2009-06-18 21:23 28,160 a------- c:\windows\system32\PostProc.dll
2009-06-18 21:23 392,960 a------- c:\windows\system32\drivers\senfilt.sys
2009-06-18 21:23 313,856 a------- c:\windows\system32\drivers\ADIHdAud.sys
2009-06-18 21:23 103,424 a------- c:\windows\system32\drivers\aeaudio.sys
2009-06-18 21:23 1,285,632 -------- c:\windows\system32\SMMedia.dll
2009-06-18 21:23 53,248 -------- c:\windows\system32\wdmioctl.dll
2009-06-18 21:23 <DIR> --d----- c:\program files\Analog Devices
2009-06-18 21:23 49,152 -------- c:\windows\system32\DSndUp.exe
2009-06-18 21:23 45,056 -------- c:\windows\system32\CleanUp.exe
2009-06-18 21:22 <DIR> --d----- c:\program files\profile
2009-06-18 21:22 <DIR> --d----- c:\program files\bin32
2009-06-18 21:21 <DIR> --d----- c:\windows\NV35643864.TMP
2009-06-18 21:21 215,465 a------- c:\windows\system32\nvapps.nvb
2009-06-18 21:20 13,312 a----r-- c:\windows\system32\drivers\nvsmu.sys
2009-06-18 21:19 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-18 21:19 195,973 a------- c:\windows\system32\nvapps.xml
2009-06-18 21:19 453,152 a------- c:\windows\system32\nvudisp.exe
2009-06-18 21:19 19,054 a------- c:\windows\system32\nvdisp.nvu
2009-06-18 21:19 <DIR> --d----- c:\windows\nview
2009-06-18 21:19 <DIR> --d----- c:\windows\NV39763980.TMP
2009-06-18 21:19 53,248 a----r-- c:\windows\system32\InstMed.exe
2009-06-18 21:18 256 a------- c:\windows\_delis32.ini
2009-06-18 21:18 3,948 a----r-- c:\windows\system32\drivers\nvphy.bin
2009-06-18 21:18 356,352 a----r-- c:\windows\system32\nvusmu.exe
2009-06-18 21:18 659 a----r-- c:\windows\system32\nvsmu.nvu
2009-06-18 21:18 442,368 a----r-- c:\windows\system32\nvusmb.exe
2009-06-18 21:18 2,016 a----r-- c:\windows\system32\nvsmb.nvu
2009-06-18 21:18 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-06-18 21:17 34,836 a------- c:\windows\Ascd_log.ini
2009-06-18 21:16 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys
2009-06-18 21:15 <DIR> --d----- c:\program files\Creative
2009-06-18 21:14 46,593 a----r-- c:\windows\system32\e10kxwdm.ini
2009-06-18 21:14 11,776 a------- c:\windows\INRES.DLL
2009-06-18 21:14 10,240 a------- c:\windows\CTDCRES.DLL
2009-06-18 21:14 0 a------- c:\windows\system32\ctzapxx.ini
2009-06-18 21:14 <DIR> --d----- c:\windows\system32\Data
2009-06-18 21:10 16,176 -------- c:\windows\system32\drivers\NVXBAR.SYS
2009-06-18 21:10 141,246 -------- c:\windows\system32\drivers\NVCAP.SYS
2009-06-18 21:10 29,696 -------- c:\windows\system32\FILTER.AX
2009-06-18 20:51 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-06-18 20:50 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-06-18 20:49 544 a------- c:\windows\DFC.INI
2009-06-18 20:44 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-18 20:41 267,272 a------- c:\windows\system32\xactengine2_10.dll
2009-06-18 20:40 261,480 a------- c:\windows\system32\xactengine2_7.dll
2009-06-18 20:39 51,200 a------- c:\windows\system32\drivers\msdv.sys
2009-06-18 20:39 83,456 a------- c:\windows\system32\l3codecx.ax
2009-06-18 20:39 66,056 a------- c:\windows\system32\dxdllreg.exe
2009-06-18 20:38 <DIR> --d----- c:\program files\XpertVision
2009-06-18 20:34 <DIR> -cd-h--- c:\windows\$xpsp1hfm$
2009-06-18 20:34 <DIR> -cd-h--- C:\63272dd
2009-06-18 20:34 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-18 20:34 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-18 20:32 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
2009-06-18 20:30 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-06-18 20:29 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-06-18 20:28 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-06-18 20:28 40,840 a------- c:\windows\system32\drivers\termdd.sys
2009-06-18 20:26 13,608 a----r-- c:\windows\SET9B.tmp
2009-06-18 20:26 1,085,913 a----r-- c:\windows\SET8F.tmp
2009-06-13 21:34 <DIR> --d----- c:\program files\mIRC
2009-06-13 21:34 <DIR> --d----- c:\docume~1\amit\applic~1\mIRC

==================== Find3M ====================

2009-07-07 13:38 6,724 a------- c:\windows\system32\d3d9caps.dat
2009-06-19 00:18 66,706 a------- c:\windows\BricoPackUninst.cmd
2009-06-19 00:18 218,624 a------- c:\windows\system32\uxtheme.dll
2009-06-18 21:15 233,472 a------- c:\windows\system32\wrap_oal.dll
2009-06-18 21:15 81,920 a------- c:\windows\system32\OpenAL32.dll
2009-06-18 20:48 86,665 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-18 20:40 23,720 a------- c:\windows\system32\emptyregdb.dat
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-27 02:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-24 18:28 2,697,235 a---h--- c:\documents and settings\amit\kGnkzd.exe
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:49:17.10 ===============

#5 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 13 July 2009 - 01:51 PM

there we go :thumbup2:

Attached Files



#6 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:14 AM

Posted 14 July 2009 - 05:59 AM

Hello, p0rty.

NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up

What's this? It looks to me that you are using a cracked ESET NOD32. The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

REFERENCE: Trend Micro - CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

REFERENCE: Crack Sites Distribute VIRUX and FakeAV | Malware Blog | Trend Micro.

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the Operating System.

If you still need assistance please remove all cracks and cracked software from your system. If you only use ESET NOD32 Antivirus for illegal purposes, please remove it (including the crack program) from your system using Add or Remove Programs (under Start > Control Panel), then install one good free antivirus as an alternative as it is very important that your computer has an antivirus software running on your machine. New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Make sure you keep your antivirus program updated.
Two good antivirus programs free for non-commercial home use are avast! antivirus and Avira AntiVir.
NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


Posted Image Peer-to-peer (P2P) program WARNING Posted Image
Your log shows that you are using a so called peer-to-peer or file sharing program (in your case BitComet 1.10). Programs like this one allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File Sharing, otherwise known as Peer To Peer. (P2P) and Risks of File-Sharing Technology.

Avoid gaming sites, pirated software, cracking tools, keygens, and P2P file sharing programs:
  • They are a security risk which can make your computer susceptible to a sm÷rgňsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious flash ads that install viruses, trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

Due to the reasons mentioned above, I would strongly recommend that you uninstall BitComet 1.10. The choice to remove it is entirely up to you, however, but I strongly recommend getting rid of it. If you agree, go to Start > Control Panel > Add or Remove Programs and remove BitComet 1.10. If you do not agree, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.
Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as OpenOffice.


Step #1: McAfee Consumer Products Removal tool (MCPR.exe)
You appear to have had McAfee previously installed. Download and run the McAfee Consumer Products Removal tool (MCPR.exe) in order to clean possible McAfee leftovers:Step #2: Favorit uninstallation
You have Favorit installed. This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware. The application is known to deliver advertisements. For more information, see this reference: Favorit - Add or Remove Programs Entry Information. Please uninstall Favorit using Add or Remove Programs:
  • Click Start on the taskbar, then click on the Control Panel icon.
  • Double-click the Add or Remove Programs icon.
    • A list of programs installed will be "populated"; this may take a bit of time.
  • Uninstall Favorit if it is listed by clicking the entry and selecting the Remove (or Change/Remove) button.
Step #3: OTM
We need to run OTM with a specified script:
  • Please download the OTM by OldTimer and save it to your Desktop.
  • Double-click the OTM icon on your Desktop (OTM.exe) to run OTM.
  • Copy the lines in the CODE box below to the clipboard by highlighting ALL of them and pressing Ctrl + C (or, after highlighting, right-click and choose Copy):
    :processes
    isass.exe
    :services
    CSNetManagerXp
    nrlu
    wbbd
    0137061243211311mcinstcleanup
    :files
    C:\WINDOWS\system32\isass.exe
    c:\windows\system32\drivers\rtjswnyx.sys
    c:\windows\system32\drivers\owcu.sys
    c:\documents and settings\amit\kGnkzd.exe
    [EmptyTemp]
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Return to OTM, right-click in the Paste Instructions for Items to be Moved area (under the yellow bar) and choose Paste. Do NOT include the word "CODE" from the CODE box!
  • Click the red MoveIt! button.
    NOTE: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL contents and pressing Ctrl + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply. Then close OTM.
    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start > All Programs > Accessories > Notepad), click File > Open..., in the "File name:" box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Step #4: Jotti's malware/VirusTotal.com scan
We need to determine if some files are malware or not.
  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows.
  • Please go to Jotti: http://virusscan.jotti.org/.
  • When the Jotti page has finished loading, click the Browse... button at the top and navigate to each of the following files if they are present and click Submit:
    • c:\windows\system32\windosdwsp32.dll
      c:\windows\system32\videoul.tmp
      c:\windows\system32\deploytk.dll
      c:\windows\SET9B.tmp
    NOTE: You will only be able to have one file scanned at a time.
  • Please be patient as the file will be scanned.
  • Please post back the results of each scan in your next post.
NOTE: In case Jotti is busy, try the same at VirusTotal: http://www.virustotal.com/.

Step #5: random's system information tool
We need to create logs with random's system information tool (RSIT):
  • Please download random's system information tool (RSIT) by random/random from the link below and save it to your Desktop.
  • Double-click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.RSIT will now start its scan.
  • When the scan is complete, two logs will open in Notepad (if not, they both can be found in the C:\rsit folder):
    • log.txt <- will be maximized
    • info.txt <- will be minimized;
    please copy (Ctrl + A, then Ctrl + C) and paste (Ctrl + V) the entire contents of both logs in your next reply.


So in your next reply, please post the entire contents of:
  • OTM's log
  • Jotti's/VirusTotal's scan reports
  • RSIT's log.txt
  • RSIT's info.txt
NOTE: Use several posts if necessary to include everything in the requested logs.

Also please answer these two questions:
#1. Do you know what this program is in Add or Remove Programs? -> MSVCRT
#2. Are you aware of the fact that a policy is set on your system to restrict the use of Active Desktop?
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#7 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 15 July 2009 - 06:13 PM

Hi there and thanks a lot for your detailed response.


Ok firstly the answer your last post first:




- MSVCRT doesnt appear in my add/remove list of installed programs! How are you seeing this and where is it located?

- I was not aware of this policy about the active desktop, what are the implications of this?

- Also you mentioned I have FAVORIT installed. Again, this does not appear in my add/remove programs list. What is this and how do I remove it?

Edited by p0rty, 15 July 2009 - 06:20 PM.


#8 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 15 July 2009 - 06:14 PM

OTM LOG:


All processes killed
========== PROCESSES ==========
No active process named isass.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver CSNetManagerXp deleted successfully.

Service\Driver nrlu deleted successfully.

Service\Driver wbbd deleted successfully.

Service\Driver 0137061243211311mcinstcleanup deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\isass.exe not found.
File/Folder c:\windows\system32\drivers\rtjswnyx.sys not found.
File/Folder c:\windows\system32\drivers\owcu.sys not found.
c:\documents and settings\amit\kGnkzd.exe moved successfully.
File/Folder [EmptyTemp] not found.

OTM by OldTimer - Version 3.0.0.5 log created on 07152009_235650

Files moved on Reboot...

Registry entries deleted on Reboot...


virus scan results:




Filename: videoul.tmp
Status:
Scan finished. 0 out of 21 scanners reported malware.


Filename: windosdwsp32.dll
Status:
Scan finished. 0 out of 21 scanners reported malware.


Filename: deploytk.dll
Status:
Scan finished. 0 out of 20 scanners reported malware.


Filename: SET7.tmp
Status:
Scan finished. 0 out of 21 scanners reported malware.

#9 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 15 July 2009 - 06:16 PM

RSIT INFO.TXT



info.txt logfile of random's system information tool 1.06 2009-07-16 00:15:53

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy4\Program\SETUP.EXE" /S /U /W
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEF1025-6D3B-485C-9AC9-1A2D81665B7F}\setup.exe" -l0x9 /removeonly -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 /removeonly -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessDiver v4.120-->"C:\Program Files\Accessdiver\unins000.exe"
Ace Utilities-->"C:\Program Files\Ace Utilities\uninstall.exe"
Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Ahead Nero 6 Demo-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS Probe V2.23.03-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{685755F8-C74B-4613-8137-C90AF458228D}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
Auction Sentry Deluxe-->MsiExec.exe /X{01979CA0-B550-47D0-AD16-553B2C3FCF97}
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
BitComet 1.10-->C:\Program Files\BitComet\uninst.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dr SpeedTouch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE6D39E2-D4CB-4C49-ABD9-8724B095D1EF}\setup.exe" /l0009 -Control_Panel
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u
GPS Image Tracker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE35B247-F872-4FFD-BCD1-1970C7E86C84}\setup.exe" -l0x9 /removeonly uninstall -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Codec Pack 4.8.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech« Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Messenger Plus! Live-->"C:\Program Files\Windows Live\Messenger\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Excel 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall EXCEL /dll OSETUP.DLL
Microsoft Office Excel 2007-->MsiExec.exe /X{90120000-0016-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office PowerPoint 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall POWERPOINT /dll OSETUP.DLL
Microsoft Office PowerPoint 2007-->MsiExec.exe /X{90120000-0018-0000-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WORD /dll OSETUP.DLL
Microsoft Office Word 2007-->MsiExec.exe /X{90120000-001B-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\SETUP.EXE"
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\Vista Inspirat 2\Remove.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 /removeonly /cont -removeonly
Promise Array Management (PAM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC9D4665-8553-4EBB-9456-31FD98D8C62D}\Setup.exe" -l0x9
ProxyChecker (remove only)-->"C:\Program Files\mSoft\ProxyChecker\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sound Blaster Audigy 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}\SETUP.EXE" -l0x9 /remove
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0016-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0018-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-001B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
VIA Integrated Setup Wizard-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XpertVision 6.0-->"C:\Program Files\XpertVision\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

=====HijackThis Backups=====

O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe (file missing) [2009-06-03]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: TRADE-IY27PVXRC
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The manifest file contains one or more syntax errors.
.

Record Number: 3084
Source Name: SideBySide
Time Written: 20090618221125.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 33
Message: The application failed to launch because of an invalid manifest.

Record Number: 3083
Source Name: SideBySide
Time Written: 20090618221125.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 58
Message: Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy" on line 12.

Record Number: 3082
Source Name: SideBySide
Time Written: 20090618221125.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 64
Message: Syntax error in manifest or policy file "C:\WINDOWS\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.3053.policy" on line 12.
The root or application manifest contains the noInherit element but the dependent assembly manifest does not
contain the noInheritable element. Application manifests which contain the noInherit element may only
depend on assemblies which are noInheritable.

Record Number: 3081
Source Name: SideBySide
Time Written: 20090618221125.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\Microsoft Office\Office12\msohevi.dll.
Reference error message: The operation completed successfully.
.

Record Number: 3080
Source Name: SideBySide
Time Written: 20090618221125.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: TRADE-IY27PVXRC
Event Code: 1000
Message:
Record Number: 451
Source Name: Windows Live Messenger
Time Written: 20090417211814.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 1000
Message: Faulting application pg2.exe, version 1.0.6.5, faulting module pg2.exe, version 1.0.6.5, fault address 0x0004a51b.

Record Number: 437
Source Name: Application Error
Time Written: 20090414020946.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 1517
Message: Windows saved user TRADE-IY27PVXRC\Amit registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 433
Source Name: Userenv
Time Written: 20090413210855.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TRADE-IY27PVXRC
Event Code: 1000
Message: Faulting application pg2.exe, version 1.0.6.5, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.

Record Number: 426
Source Name: Application Error
Time Written: 20090413014419.000000+060
Event Type: error
User:

Computer Name: TRADE-IY27PVXRC
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 403
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090411211151.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ATI Technologies\ATI.ACE;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Edited by p0rty, 15 July 2009 - 06:17 PM.


#10 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 15 July 2009 - 06:18 PM

RSIT LOG.TXT



Logfile of random's system information tool 1.06 (written by random/random)
Run by Amit at 2009-07-16 00:15:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 3070 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:50, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Amit\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Amit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1239307851970
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239397546765
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Live ID Sign-in Assistant (wlidsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (file missing)

--
End of file - 7532 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-27 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-27 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"0137061243211311mcinstcleanup"=2
"iPod Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Thomson\drst.exe"="C:\Program Files\Thomson\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe"="C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Microsoft Help and Support Center"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2009-07-16 00:15:41 ----DC---- C:\rsit
2009-07-15 23:56:50 ----DC---- C:\_OTM
2009-07-15 23:47:42 ----D---- C:\Documents and Settings\Amit\Application Data\avidemux
2009-07-15 02:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 02:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 01:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-13 19:50:59 ----HDC---- C:\GooredFix Backups
2009-07-11 01:45:21 ----D---- C:\Documents and Settings\Amit\Application Data\vlc
2009-07-11 01:44:13 ----D---- C:\Program Files\VideoLAN
2009-07-10 06:16:42 ----D---- C:\Program Files\Total Video Converter
2009-07-10 02:06:37 ----A---- C:\WINDOWS\system32\windosdwsp32.dll
2009-07-10 01:33:15 ----A---- C:\WINDOWS\system32\videoul.tmp
2009-07-10 01:31:12 ----A---- C:\WINDOWS\asfbinapp.INI
2009-07-08 04:50:36 ----D---- C:\Program Files\Microsoft Calculator Plus
2009-07-07 15:54:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 13:36:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-07 13:29:58 ----DC---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-07 13:29:49 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-07 13:29:49 ----D---- C:\Documents and Settings\Amit\Application Data\SUPERAntiSpyware.com
2009-06-26 01:18:07 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-26 01:16:01 ----HDC---- C:\86e56eedd6f8740f2ffcc341b81ff3
2009-06-20 07:10:32 ----D---- C:\Program Files\WinPcap
2009-06-19 00:53:50 ----D---- C:\WINDOWS\NV32242100.TMP
2009-06-19 00:52:25 ----D---- C:\WINDOWS\NV32243720.TMP
2009-06-19 00:18:13 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-06-18 23:56:55 ----D---- C:\WINDOWS\Prefetch
2009-06-18 22:21:41 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-06-18 22:21:40 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-06-18 22:19:52 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-06-18 22:19:45 ----A---- C:\WINDOWS\system32\nvunrm.exe
2009-06-18 22:12:41 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-18 22:10:15 ----D---- C:\WINDOWS\system32\Asuscq_V21711
2009-06-18 22:09:31 ----A---- C:\WINDOWS\Language_trs.ini
2009-06-18 22:06:53 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-06-18 22:06:50 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-06-18 22:04:22 ----D---- C:\WINDOWS\system32\HDMI
2009-06-18 22:04:22 ----A---- C:\WINDOWS\system32\nvuhda.exe
2009-06-18 22:04:22 ----A---- C:\WINDOWS\system32\nvcohda.dll
2009-06-18 22:00:45 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-06-18 21:58:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-18 21:41:53 ----A---- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-06-18 21:40:56 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-06-18 21:40:51 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-06-18 21:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB833407$
2009-06-18 21:40:03 ----A---- C:\WINDOWS\system32\logonui.exe
2009-06-18 21:40:01 ----A---- C:\WINDOWS\system32\winsrv.dll
2009-06-18 21:40:01 ----A---- C:\WINDOWS\system32\WINNTBBU.DLL
2009-06-18 21:40:01 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\wiashext.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\wiaacmgr.exe
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\url.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\themeui.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\taskmgr.exe
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\syssetup.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\sysocmgr.exe
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\stobject.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-06-18 21:40:00 ----A---- C:\WINDOWS\system32\shimgvw.dll
2009-06-18 21:39:58 ----HDC---- C:\WINDOWS\$NtUninstallQ329834$
2009-06-18 21:39:57 ----HDC---- C:\8454b02756ddb86cf15937cb70
2009-06-18 21:39:56 ----A---- C:\WINDOWS\system32\shell32.dll
2009-06-18 21:39:54 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-06-18 21:39:53 ----A---- C:\WINDOWS\system32\shdoclc.dll
2009-06-18 21:39:53 ----A---- C:\WINDOWS\system32\rasdlg.dll
2009-06-18 21:39:53 ----A---- C:\WINDOWS\system32\printui.dll
2009-06-18 21:39:53 ----A---- C:\WINDOWS\regedit.exe
2009-06-18 21:39:52 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-18 21:39:52 ----A---- C:\WINDOWS\system32\ntshrui.dll
2009-06-18 21:39:52 ----A---- C:\WINDOWS\notepad.exe
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\newdev.dll
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\netshell.dll
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\netid.dll
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\narrator.exe
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\mydocs.dll
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\mstask.dll
2009-06-18 21:39:51 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-06-18 21:39:50 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-06-18 21:39:50 ----A---- C:\WINDOWS\system32\msgina.dll
2009-06-18 21:39:50 ----A---- C:\WINDOWS\system32\moricons.dll
2009-06-18 21:39:49 ----A---- C:\WINDOWS\system32\keymgr.dll
2009-06-18 21:39:49 ----A---- C:\WINDOWS\system32\inetcplc.dll
2009-06-18 21:39:49 ----A---- C:\WINDOWS\system32\hotplug.dll
2009-06-18 21:39:49 ----A---- C:\WINDOWS\system32\fontext.dll
2009-06-18 21:39:49 ----A---- C:\WINDOWS\system32\credui.dll
2009-06-18 21:39:49 ----A---- C:\WINDOWS\explorer.exe
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\console.dll
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\cmdial32.dll
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\cmd.exe
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\cleanmgr.exe
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\calc.exe
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\cabview.dll
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\browseui.dll
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\batmeter.dll
2009-06-18 21:39:48 ----A---- C:\WINDOWS\system32\ahui.exe
2009-06-18 21:39:39 ----HDC---- C:\WINDOWS\$NtUninstallKB823559$
2009-06-18 21:37:45 ----DC---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-06-18 21:30:35 ----HDC---- C:\WINDOWS\$NtUninstallQ329048$
2009-06-18 21:30:34 ----HDC---- C:\f2c6246b83671395532e90b9d0c99e92
2009-06-18 21:29:43 ----HDC---- C:\WINDOWS\$NtUninstallQ810577$
2009-06-18 21:25:21 ----D---- C:\WINDOWS\ASUSInstAll
2009-06-18 21:23:30 ----A---- C:\WINDOWS\system32\PostProc.dll
2009-06-18 21:23:14 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2009-06-18 21:23:14 ----N---- C:\WINDOWS\system32\SMMedia.dll
2009-06-18 21:23:12 ----N---- C:\WINDOWS\system32\DSndUp.exe
2009-06-18 21:23:12 ----N---- C:\WINDOWS\system32\CleanUp.exe
2009-06-18 21:23:12 ----D---- C:\Program Files\Analog Devices
2009-06-18 21:22:23 ----D---- C:\Program Files\profile
2009-06-18 21:22:18 ----D---- C:\Program Files\bin32
2009-06-18 21:21:50 ----D---- C:\WINDOWS\NV35643864.TMP
2009-06-18 21:20:17 ----HDC---- C:\WINDOWS\$NtUninstallQ810833$
2009-06-18 21:19:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-18 21:19:22 ----D---- C:\WINDOWS\nview
2009-06-18 21:19:22 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-06-18 21:19:21 ----D---- C:\WINDOWS\NV39763980.TMP
2009-06-18 21:19:17 ----RA---- C:\WINDOWS\system32\InstMed.exe
2009-06-18 21:18:43 ----A---- C:\WINDOWS\_delis32.ini
2009-06-18 21:18:23 ----RA---- C:\WINDOWS\system32\nvusmu.exe
2009-06-18 21:18:18 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2009-06-18 21:18:07 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-06-18 21:17:07 ----A---- C:\WINDOWS\Ascd_log.ini
2009-06-18 21:15:59 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-06-18 21:15:40 ----N---- C:\WINDOWS\Updreg.EXE
2009-06-18 21:15:40 ----D---- C:\WINDOWS\system32\Defaults
2009-06-18 21:15:34 ----D---- C:\Program Files\Creative
2009-06-18 21:15:27 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-06-18 21:15:27 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\piaproxy.dll
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\CTSBLFX.DLL
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\ctemupia.dll
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\CTEAPSFX.DLL
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\ctdvinst.dll
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\ctdproxy.dll
2009-06-18 21:15:15 ----A---- C:\WINDOWS\system32\ctcoinst.dll
2009-06-18 21:15:14 ----A---- C:\WINDOWS\system32\CTAUDFX.DLL
2009-06-18 21:15:14 ----A---- C:\WINDOWS\system32\COMMONFX.DLL
2009-06-18 21:15:14 ----A---- C:\WINDOWS\system32\a3d.dll
2009-06-18 21:15:02 ----D---- C:\Documents and Settings\Amit\Application Data\Creative
2009-06-18 21:14:25 ----RA---- C:\WINDOWS\system32\e10kxwdm.ini
2009-06-18 21:14:25 ----D---- C:\WINDOWS\system32\Data
2009-06-18 21:14:25 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-06-18 21:14:25 ----A---- C:\WINDOWS\INRES.DLL
2009-06-18 21:14:25 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-06-18 21:06:09 ----DC---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-06-18 21:06:07 ----DC---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-18 21:04:10 ----HDC---- C:\WINDOWS\$NtUninstallQ815021$
2009-06-18 20:57:03 ----HDC---- C:\WINDOWS\$NtUninstallQ329441$
2009-06-18 20:50:49 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-06-18 20:49:53 ----A---- C:\WINDOWS\DFC.INI
2009-06-18 20:44:21 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-06-18 20:43:37 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-06-18 20:43:28 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-06-18 20:43:28 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-06-18 20:43:27 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-06-18 20:43:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-06-18 20:43:23 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-06-18 20:43:23 ----A---- C:\WINDOWS\system32\srclient.dll
2009-06-18 20:43:21 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-06-18 20:43:21 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-06-18 20:43:21 ----A---- C:\WINDOWS\system32\ils.dll
2009-06-18 20:43:20 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-06-18 20:43:20 ----A---- C:\WINDOWS\system32\msconf.dll
2009-06-18 20:43:20 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-06-18 20:43:12 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-06-18 20:43:12 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-06-18 20:43:10 ----A---- C:\WINDOWS\system32\inetres.dll
2009-06-18 20:43:06 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-06-18 20:43:06 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-06-18 20:43:05 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-06-18 20:43:05 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-06-18 20:43:04 ----A---- C:\WINDOWS\system32\isign32.dll
2009-06-18 20:43:04 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-06-18 20:41:30 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-06-18 20:41:27 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-06-18 20:41:27 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-06-18 20:41:26 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-06-18 20:41:12 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-06-18 20:41:10 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-06-18 20:41:10 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-06-18 20:41:09 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-06-18 20:41:07 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-06-18 20:41:07 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-06-18 20:41:05 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-06-18 20:41:05 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-06-18 20:41:03 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-06-18 20:41:02 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-06-18 20:40:59 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-06-18 20:40:58 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-06-18 20:40:58 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-06-18 20:40:56 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-06-18 20:40:55 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-06-18 20:40:55 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-06-18 20:40:54 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-06-18 20:40:54 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-06-18 20:40:54 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-06-18 20:40:53 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-06-18 20:40:53 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-06-18 20:40:53 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-06-18 20:40:52 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-06-18 20:40:52 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-06-18 20:40:51 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-06-18 20:40:35 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-06-18 20:40:34 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-06-18 20:40:34 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-06-18 20:40:34 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-06-18 20:40:33 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-06-18 20:40:33 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-06-18 20:40:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-06-18 20:40:32 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-06-18 20:40:32 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-06-18 20:40:32 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-06-18 20:39:23 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-06-18 20:38:58 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-06-18 20:38:57 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-06-18 20:38:56 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-06-18 20:38:54 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-06-18 20:38:53 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-06-18 20:38:53 ----A---- C:\WINDOWS\system32\spider.exe
2009-06-18 20:38:52 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-06-18 20:38:52 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-06-18 20:38:51 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-06-18 20:38:50 ----D---- C:\Program Files\XpertVision
2009-06-18 20:38:50 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-06-18 20:38:50 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-06-18 20:38:50 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-06-18 20:38:50 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-06-18 20:38:49 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-06-18 20:38:49 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-06-18 20:38:49 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-06-18 20:38:49 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-06-18 20:38:49 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-06-18 20:38:48 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-06-18 20:38:48 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-06-18 20:38:48 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-06-18 20:38:48 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-06-18 20:38:48 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-06-18 20:38:47 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-06-18 20:38:47 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-06-18 20:38:45 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-06-18 20:38:45 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-06-18 20:38:45 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-06-18 20:38:45 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-06-18 20:38:45 ----A---- C:\WINDOWS\system32\colbact.dll
2009-06-18 20:38:44 ----A---- C:\WINDOWS\system32\stclient.dll
2009-06-18 20:38:44 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-06-18 20:38:44 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-06-18 20:38:44 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-06-18 20:38:43 ----HDC---- C:\8102ed5cd16ce04cc5df
2009-06-18 20:38:43 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-06-18 20:38:43 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-06-18 20:38:42 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-06-18 20:38:41 ----A---- C:\WINDOWS\system32\comuid.dll
2009-06-18 20:38:41 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-06-18 20:38:40 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-06-18 20:38:40 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-06-18 20:38:39 ----A---- C:\WINDOWS\system32\iisext.dll
2009-06-18 20:38:38 ----A---- C:\WINDOWS\system32\wamregps.dll
2009-06-18 20:38:38 ----A---- C:\WINDOWS\system32\infoadmn.dll
2009-06-18 20:38:38 ----A---- C:\WINDOWS\system32\inetsloc.dll
2009-06-18 20:38:38 ----A---- C:\WINDOWS\system32\iismui.dll
2009-06-18 20:38:38 ----A---- C:\WINDOWS\system32\iismap.dll
2009-06-18 20:38:38 ----A---- C:\WINDOWS\system32\adsiis.dll
2009-06-18 20:38:37 ----A---- C:\WINDOWS\system32\iisrtl.dll
2009-06-18 20:38:37 ----A---- C:\WINDOWS\system32\exstrace.dll
2009-06-18 20:38:37 ----A---- C:\WINDOWS\system32\admwprox.dll
2009-06-18 20:38:29 ----HDC---- C:\WINDOWS\$NtUninstallQ329170$
2009-06-18 20:38:18 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-06-18 20:38:18 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-06-18 20:38:17 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-06-18 20:38:17 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-06-18 20:35:35 ----HDC---- C:\WINDOWS\$NtUninstallQ329115$
2009-06-18 20:35:16 ----HDC---- C:\WINDOWS\$NtUninstallKB824151$
2009-06-18 20:34:50 ----HDC---- C:\WINDOWS\$NtUninstallQ329390$
2009-06-18 20:34:49 ----HDC---- C:\WINDOWS\$xpsp1hfm$
2009-06-18 20:34:49 ----HDC---- C:\63272dd
2009-06-18 20:27:25 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-06-18 20:27:25 ----A---- C:\WINDOWS\system32\irclass.dll
2009-06-18 20:27:24 ----A---- C:\WINDOWS\system32\storprop.dll
2009-06-18 20:26:55 ----RA---- C:\WINDOWS\SET9B.tmp
2009-06-18 20:26:51 ----RA---- C:\WINDOWS\SET8F.tmp
2009-06-13 21:34:07 ----D---- C:\Program Files\mIRC
2009-06-13 21:34:07 ----D---- C:\Documents and Settings\Amit\Application Data\mIRC
2009-06-11 21:05:42 ----D---- C:\Program Files\WGA Crack
2009-06-09 04:42:56 ----HD---- C:\WINDOWS\PIF
2009-06-08 22:34:50 ----D---- C:\Program Files\Navman
2009-06-08 01:46:09 ----D---- C:\WINDOWS\Sun
2009-06-04 00:32:04 ----A---- C:\WINDOWS\ProxyChecker.INI
2009-06-04 00:09:57 ----D---- C:\Program Files\mSoft
2009-06-03 23:52:50 ----D---- C:\Program Files\Accessdiver
2009-06-03 22:51:34 ----D---- C:\Program Files\Auction Sentry Deluxe
2009-06-02 22:27:24 ----SHDC---- C:\RECYCLER
2009-06-02 04:25:13 ----AHC---- C:\ComboFix.txt
2009-06-02 04:17:30 ----D---- C:\WINDOWS\temp
2009-06-02 04:14:18 ----SHC---- C:\Boot.bak
2009-06-02 04:13:59 ----RASHDC---- C:\cmdcons
2009-06-02 04:12:29 ----D---- C:\WINDOWS\ERDNT
2009-06-01 00:32:53 ----A---- C:\WINDOWS\zhehyxh.txt
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-05-30 03:25:46 ----N---- C:\WINDOWS\system32\px.dll
2009-05-30 03:25:42 ----D---- C:\Program Files\Winamp
2009-05-30 03:25:42 ----D---- C:\Documents and Settings\Amit\Application Data\Winamp
2009-05-27 02:06:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-27 02:06:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-27 02:06:59 ----A---- C:\WINDOWS\system32\java.exe
2009-05-27 02:06:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-27 02:06:29 ----D---- C:\Program Files\Java
2009-05-27 02:05:05 ----D---- C:\Documents and Settings\Amit\Application Data\Sun
2009-05-27 01:42:08 ----D---- C:\Program Files\Trend Micro
2009-05-27 00:05:14 ----A---- C:\WINDOWS\wininit.ini
2009-05-26 23:44:49 ----D---- C:\WINDOWS\pss
2009-05-26 23:39:04 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-26 23:39:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-25 14:51:21 ----D---- C:\Documents and Settings\Amit\Application Data\BSplayer Pro
2009-05-25 01:49:44 ----D---- C:\Program Files\Magic Video Converter
2009-05-25 00:15:19 ----D---- C:\Program Files\ATF Temp File Cleaner
2009-05-24 21:03:54 ----A---- C:\WINDOWS\system32\unrar.dll
2009-05-24 21:03:54 ----A---- C:\WINDOWS\avisplitter.ini
2009-05-24 21:03:53 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-05-24 21:03:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-05-24 21:03:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-05-24 21:03:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-05-24 21:03:52 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-05-24 21:03:52 ----A---- C:\WINDOWS\system32\divx.dll
2009-05-24 21:03:50 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-24 20:53:18 ----D---- C:\Documents and Settings\Amit\Application Data\Malwarebytes
2009-05-24 20:53:10 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-24 20:53:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-24 20:27:19 ----D---- C:\WINDOWS\Downloaded Installations
2009-05-24 20:17:06 ----A---- C:\WINDOWS\system32\ssleay32.dll
2009-05-24 20:17:06 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-05-24 20:16:46 ----DC---- C:\Documents and Settings\All Users\Application Data\iolo
2009-05-24 20:16:46 ----D---- C:\Documents and Settings\Amit\Application Data\iolo
2009-05-24 18:29:43 ----D---- C:\Program Files\Runtime Software
2009-05-21 22:06:37 ----D---- C:\Documents and Settings\Amit\Application Data\Media Player Classic
2009-05-21 21:55:48 ----D---- C:\Documents and Settings\Amit\Application Data\Spotify
2009-05-21 21:55:44 ----D---- C:\Program Files\Spotify
2009-05-08 04:22:38 ----D---- C:\WINDOWS\ie8updates
2009-05-08 04:19:47 ----HDC---- C:\WINDOWS\ie8
2009-04-23 17:31:28 ----A---- C:\WINDOWS\system32\LXAISUI.DLL
2009-04-23 09:17:03 ----AC---- C:\WINDOWS\system32\acaptuser32.dll
2009-04-17 22:18:00 ----DC---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-04-17 22:00:08 ----D---- C:\Program Files\Adobe Media Player
2009-04-17 21:56:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-17 21:30:48 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-04-17 21:30:28 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2009-04-17 21:30:28 ----A---- C:\WINDOWS\system32\AdobePDF.dll
2009-04-17 21:24:34 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-17 21:24:34 ----D---- C:\Program Files\Common Files\Adobe
2009-04-17 21:24:34 ----D---- C:\Program Files\Adobe

======List of files/folders modified in the last 3 months======

2009-07-16 00:03:12 ----D---- C:\WINDOWS\system32
2009-07-16 00:03:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 00:01:26 ----SD---- C:\Program Files
2009-07-16 00:00:48 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-16 00:00:25 ----D---- C:\Program Files\Mozilla Firefox
2009-07-15 23:54:50 ----SD---- C:\WINDOWS\Tasks
2009-07-15 23:54:48 ----D---- C:\Program Files\Common Files
2009-07-15 23:54:08 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-15 02:21:54 ----HD---- C:\WINDOWS
2009-07-15 02:00:57 ----HD---- C:\WINDOWS\inf
2009-07-15 02:00:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 02:00:51 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 02:00:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-14 00:20:24 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 18:04:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-10 10:48:25 ----D---- C:\Downloads
2009-07-10 07:41:29 ----D---- C:\Program Files\BitComet
2009-07-10 07:41:28 ----D---- C:\Program Files\PeerGuardian2
2009-07-10 06:16:49 ----RSD---- C:\WINDOWS\Fonts
2009-07-10 01:54:32 ----D---- C:\Program Files\Movie Maker
2009-07-09 23:06:06 ----D---- C:\WINDOWS\system
2009-07-09 09:51:32 ----D---- C:\WINDOWS\system32\Restore
2009-07-08 04:50:38 ----SHD---- C:\WINDOWS\Installer
2009-07-08 04:50:36 ----D---- C:\WINDOWS\Help
2009-07-07 16:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-07 15:51:38 ----D---- C:\WINDOWS\Minidump
2009-07-07 13:37:32 ----DC---- C:\Documents and Settings
2009-07-07 13:29:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-06 00:50:25 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-05 23:30:08 ----D---- C:\Program Files\Internet Explorer
2009-07-05 23:29:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-02 03:00:34 ----D---- C:\Documents and Settings\Amit\Application Data\Mozilla
2009-06-27 20:26:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-27 20:23:42 ----D---- C:\Program Files\Logitech
2009-06-26 01:17:45 ----D---- C:\Program Files\Windows Media Player
2009-06-26 01:17:43 ----A---- C:\WINDOWS\win.ini
2009-06-23 22:08:16 ----DC---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-06-19 03:58:32 ----D---- C:\Program Files\Outlook Express
2009-06-19 00:34:36 ----D---- C:\WINDOWS\Cursors
2009-06-19 00:34:35 ----D---- C:\WINDOWS\Media
2009-06-19 00:34:31 ----D---- C:\WINDOWS\system32\usmt
2009-06-19 00:23:57 ----D---- C:\WINDOWS\system32\en-us
2009-06-19 00:18:56 ----D---- C:\WINDOWS\Vista Inspirat 2
2009-06-19 00:18:56 ----A---- C:\WINDOWS\BricoPackUninst.txt
2009-06-19 00:18:56 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2009-06-19 00:16:41 ----D---- C:\Program Files\Messenger
2009-06-19 00:14:15 ----D---- C:\WINDOWS\BricoPacks
2009-06-19 00:01:23 ----D---- C:\Program Files\Vista Inspirat 2
2009-06-18 23:56:06 ----D---- C:\WINDOWS\system32\Setup
2009-06-18 23:56:06 ----D---- C:\WINDOWS\AppPatch
2009-06-18 23:56:05 ----D---- C:\WINDOWS\system32\wbem
2009-06-18 23:54:29 ----D---- C:\WINDOWS\security
2009-06-18 23:50:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-18 23:50:35 ----D---- C:\WINDOWS\peernet
2009-06-18 23:46:47 ----D---- C:\WINDOWS\system32\npp
2009-06-18 23:46:46 ----D---- C:\WINDOWS\msagent
2009-06-18 23:46:44 ----D---- C:\WINDOWS\srchasst
2009-06-18 23:46:43 ----D---- C:\WINDOWS\ime
2009-06-18 23:46:43 ----D---- C:\Program Files\NetMeeting
2009-06-18 23:46:41 ----D---- C:\WINDOWS\system32\Com
2009-06-18 23:46:38 ----D---- C:\Program Files\Windows NT
2009-06-18 23:46:34 ----D---- C:\Program Files\Common Files\System
2009-06-18 23:46:14 ----D---- C:\WINDOWS\system32\oobe
2009-06-18 23:38:01 ----D---- C:\WINDOWS\EHome
2009-06-18 22:42:40 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-06-18 22:33:52 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-18 22:26:07 ----D---- C:\WINDOWS\Debug
2009-06-18 22:17:06 ----RASHC---- C:\boot.ini
2009-06-18 22:09:32 ----D---- C:\Program Files\ASUS
2009-06-18 22:03:55 ----SD---- C:\WINDOWS\Web
2009-06-18 22:03:30 ----RASH---- C:\NTDETECT.COM
2009-06-18 22:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-06-18 21:21:45 ----D---- C:\WINDOWS\twain_32
2009-06-18 21:21:18 ----D---- C:\WINDOWS\system32\icsxml
2009-06-18 21:20:31 ----D---- C:\WINDOWS\system32\ias
2009-06-18 21:20:23 ----D---- C:\WINDOWS\system32\1033
2009-06-18 21:17:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-18 21:17:05 ----D---- C:\WINDOWS\Driver Cache
2009-06-18 21:17:04 ----D---- C:\WINDOWS\WinSxS
2009-06-18 21:04:01 ----D---- C:\WINDOWS\Registration
2009-06-18 20:59:13 ----SHD---- C:\System Volume Information
2009-06-18 20:56:38 ----D---- C:\WINDOWS\system32\config
2009-06-18 20:49:16 ----A---- C:\WINDOWS\ODBCINST.INI
2009-06-18 20:44:13 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-06-18 20:40:51 ----RSD---- C:\WINDOWS\assembly
2009-06-18 20:38:58 ----D---- C:\WINDOWS\system32\DirectX
2009-06-18 20:27:31 ----AC---- C:\WINDOWS\system.ini
2009-06-18 20:27:06 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-06-16 15:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 15:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 01:36:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-08 23:09:41 ----D---- C:\Program Files\Yahoo!
2009-06-08 23:02:45 ----SD---- C:\Documents and Settings\Amit\Application Data\Microsoft
2009-06-03 20:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-30 02:26:14 ----D---- C:\Documents and Settings\Amit\Application Data\Adobe
2009-05-28 01:31:17 ----D---- C:\WINDOWS\network diagnostic
2009-05-18 22:17:26 ----HD---- C:\WINDOWS\ShellNew
2009-05-08 04:10:29 ----D---- C:\Program Files\Microsoft Works
2009-05-07 16:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-30 22:22:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-30 22:22:32 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-04-30 22:22:32 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-30 22:22:31 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-30 12:21:08 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 21:17:27 ----D---- C:\Documents and Settings\Amit\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 easdrv;easdrv; C:\WINDOWS\System32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;EAMON; C:\WINDOWS\System32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2008-01-10 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2008-01-10 16176]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-09 313856]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424]
R3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5ln.sys [2003-12-08 36256]
R3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\System32\DRIVERS\Camdrl.sys [2004-10-08 326656]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2008-04-28 38176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2008-08-01 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2007-08-21 21760]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-03-19 613244]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2008-08-01 54784]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RAIDmSvr;Promise Array Message Server; C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe [2003-06-03 323584]
S2 .EsetTrialReset;Eset Trial Reset; C:\WINDOWS\reset.exe /s []
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-12-21 520192]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-27 152984]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\System32\regedt32.exe [2001-08-23 3584]
S2 nSvcIp;ForceWare IP service; C:\Program Files\bin32\nSvcIp.exe [2008-01-29 163840]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-17 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#11 htv8

htv8

  • Members
  • 1,694 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:14 AM

Posted 16 July 2009 - 03:44 PM

Hello again, p0rty.

[..]
2009-06-11 21:05:42 ----D---- C:\Program Files\WGA Crack
[..]

Also running a cracked/illegal Operating System, right? Please know that I feel a bit uncomfortable cleaning your computer as I know that you will be reinfected in short order. It seems like a waste of my valuable time, and so many others (who in contrast to you did buy their OS) are waiting to be helped. I will clean you off for now, but please know that we may not be able to provide any more support after this.

[..]
MSVCRT doesnt appear in my add/remove list of installed programs! How are you seeing this and where is it located?
[..]

After some additional research, MSVCRT appears to me to be a legit program. So don't worry about it.

[..]
- Also you mentioned I have FAVORIT installed. Again, this does not appear in my add/remove programs list. What is this and how do I remove it?

Hmm, ok. The uninstall list in the Attach.txt file showed Favorit installed. However, the uninstall list provided by RSIT (info.txt) doesn't show the program installed. So it may in fact may not be there. If the program is indeed not listed in Add or Remove Programs, then that is good. If it is there, it should be uninstalled.

[..]
I was not aware of this policy about the active desktop, what are the implications of this?
[..]

Windows Active Desktop allows you to add HTML content to the desktop, along with some other features. And because this ability appears to be restricted, you are not able use Active Desktop. As you did not set this restriction yourself and are not aware of it, we will fix it so you can use Active Desktop again. :thumbup2:

You haven't followed my instructions on removing your cracks and cracked software from your system. Please remove your ESET NOD32 Antivirus and its crack/FIX program from your system using Add or Remove Programs, then install one good free antivirus as an alternative (following the instructions of my previous post). Cracks are detected as malware and these have to be removed in order to clean your computer.



Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.


Step #1: Registry Backup with ERUNT
We need to backup your registry with ERUNT before we continue:
  • Please download ERUNT from the link below and save it to your Desktop. (ERUNT [Emergency Recovery Utility NT] is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Double-click the downloaded erunt-setup.exe file to start the ERUNT installer.
  • Install ERUNT by following the prompts. (Use the default install settings but say No to the portion that asks you to add ERUNT to the startup folder, if you like you can enable this option later.)
  • Start ERUNT (either by double-clicking on the Desktop icon or choosing to start the program at the end of the setup).
  • Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable!).
  • Check all items to be backed up and click OK.
  • Press Yes to create the folder.
  • Once registry backup is complete, click OK to close ERUNT.
Step #2: OTM Fix
We need to re-run OTM with a specified script:
  • Please download the OTM by OldTimer and save it to your Desktop.
  • Double-click the OTM icon on your Desktop (OTM.exe) to run OTM.
  • Copy the lines in the CODE box below to the clipboard by highlighting ALL of them and pressing Ctrl + C (or, after highlighting, right-click and choose Copy):
    :Reg
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "0137061243211311mcinstcleanup"=-
    :Services
    .EsetTrialReset
    :Files
    C:\WINDOWS\reset.exe
    C:\WINDOWS\zhehyxh.txt
    :Commands
    [EmptyTemp]
    WARNING: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
  • Return to OTM, right-click in the Paste Instructions for Items to be Moved area (under the yellow bar) and choose Paste. Do NOT include the word "CODE" from the CODE box!
  • Click the red MoveIt! button.
    NOTE: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL contents and pressing Ctrl + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply. Then close OTM.
    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start > All Programs > Accessories > Notepad), click File > Open..., in the "File name:" box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Step #3: Malwarebytes' Anti-Malware (MbAM) scan
As I see, you already have Malwarebytes' Anti-Malware (MbAM) installed. I would like you to run a scan with it:
  • IMPORTANT: MbAM may make changes to the registry as part of its disinfection routine. If using other security programs that detect registry changes (i.e., Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Launch Malwarebytes' Anti-Malware.
  • Once the program is started, click the Update tab.
  • Click the Check for Updates button in order to update the program before performing a scan. If an update is found, the program will automatically update itself.
  • Once the program states that it has finished its update, press the OK button to close that information box and continue.
    NOTE: If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install them.
  • On the Scanner tab, make sure the "Perform quick scan" option is selected; then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • << The scan will begin and "Scan in progress (Scan type: Quick Scan)" will show at the top. It may take some time to complete, so please be patient. >>
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found."; click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs tab in MbAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MbAM when done.

    NOTE: ** If MbAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into Safe Mode) will prevent MbAM from removing all the malware. **
Step #4: DDS scan
Rescan with DDS and post its resultant DDS.txt log file please.



So in your next reply, please post the entire contents of:
  • OTM's log
  • MbAM's log
  • a fresh DDS.txt log
NOTE: Use several posts if necessary to include everything in the requested logs.

I guess you installed the PeerGuardian and ProxyChecker programs yourself?
If I have not posted back within 24 hours, feel free to send me a PM with your topic link.

Posted Image

#12 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 16 July 2009 - 04:14 PM

Hi there


I am not sure what programs were installed previously on the machine. It is a family computer, so may well have been installed by my brother. I did not even realise there were cracked programs on here as there was no need to look for them. I will clean said files after we have finished up.

#13 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 16 July 2009 - 04:25 PM

OTM LOG:

All processes killed
========== REGISTRY ==========
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\0137061243211311mcinstcleanup deleted successfully.
========== SERVICES/DRIVERS ==========

Service\Driver .EsetTrialReset deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\reset.exe not found.
File/Folder C:\WINDOWS\zhehyxh.txt not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Amit
File delete failed. C:\Documents and Settings\Amit\Local Settings\Temp\etilqs_042BLYv6yV5GjbMrtMXd scheduled to be deleted on reboot.
->Temp folder emptied: 105957 bytes
->Temporary Internet Files folder emptied: 949605 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29905864 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.56 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07162009_233511

Files moved on Reboot...
File C:\Documents and Settings\Amit\Local Settings\Temp\etilqs_042BLYv6yV5GjbMrtMXd not found!

Registry entries deleted on Reboot...

Edited by p0rty, 16 July 2009 - 05:40 PM.


#14 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 16 July 2009 - 05:26 PM

MBAM


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

16/07/2009 23:26:36
mbam-log-2009-07-16 (23-26-36).txt

Scan type: Quick Scan
Objects scanned: 91548
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#15 p0rty

p0rty
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:10:14 AM

Posted 16 July 2009 - 05:31 PM

DDS.TXT:





DDS (Ver_09-06-26.01) - NTFSx86
Run by Amit at 23:27:12.60 on 16/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1927 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Amit\Desktop\OTM.exe
C:\Documents and Settings\Amit\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\amit\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239307851970
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239397546765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amit\applic~1\mozilla\firefox\profiles\s7cfjkze.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\amit\application data\mozilla\firefox\profiles\s7cfjkze.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\amit\application data\mozilla\firefox\profiles\s7cfjkze.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\amit\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2009-4-10 77312]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336]
R3 alcan5ln;SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2009-4-7 36256]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-6-18 38176]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe /s --> c:\windows\reset.exe [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S2 wlidsvc;Windows Live ID Sign-in Assistant;"c:\program files\common files\microsoft shared\windows live\wlidsvc.exe" --> c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-07-15 23:56 <DIR> -cd----- C:\_OTM
2009-07-15 23:47 <DIR> --d----- c:\docume~1\amit\applic~1\avidemux
2009-07-14 00:20 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys
2009-07-14 00:20 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2009-07-13 19:50 <DIR> -cd-h--- C:\GooredFix Backups
2009-07-11 01:44 <DIR> --d----- c:\program files\VideoLAN
2009-07-10 06:16 <DIR> --d----- c:\program files\Total Video Converter
2009-07-10 02:06 31 a------- c:\windows\system32\windosdwsp32.dll
2009-07-10 01:31 200 a------- c:\windows\asfbinapp.INI
2009-07-08 04:50 <DIR> --d----- c:\program files\Microsoft Calculator Plus
2009-07-07 13:40 <DIR> --d----- c:\documents and settings\amit\DoctorWeb
2009-07-07 13:29 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-07 13:29 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-07 13:29 <DIR> --d----- c:\docume~1\amit\applic~1\SUPERAntiSpyware.com
2009-07-05 23:28 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 01:16 <DIR> -cd-h--- C:\86e56eedd6f8740f2ffcc341b81ff3
2009-06-20 07:10 <DIR> --d----- c:\program files\WinPcap
2009-06-19 00:22 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-06-19 00:22 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 00:22 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-19 00:22 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-06-19 00:18 76 a------- c:\windows\BricoPackFoldersDelete.cmd
2009-06-18 23:28 1,306,624 -c------ c:\windows\system32\dllcache\msxml6.dll
2009-06-18 23:28 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2009-06-18 23:28 102,912 -c------ c:\windows\system32\dllcache\dpcdll.dll
2009-06-18 23:28 24,064 -c------ c:\windows\system32\dllcache\pidgen.dll
2009-06-18 22:53 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-18 22:53 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-06-18 22:53 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-06-18 22:53 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-06-18 22:53 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-06-18 22:53 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-06-18 22:53 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-06-18 22:52 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-18 22:52 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-18 22:52 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-18 22:51 345,600 -c------ c:\windows\system32\dllcache\localspl.dll
2009-06-18 22:51 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-18 22:51 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-18 22:51 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-18 22:51 585,216 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-06-18 22:50 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-06-18 22:50 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-06-18 22:50 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-18 22:50 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-06-18 22:21 53,760 ac------ c:\windows\system32\dllcache\vfwwdm32.dll
2009-06-18 22:21 28,672 ac------ c:\windows\system32\dllcache\vidcap.ax
2009-06-18 22:21 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-06-18 22:21 28,672 a------- c:\windows\system32\vidcap.ax
2009-06-18 22:21 49,408 ac------ c:\windows\system32\dllcache\stream.sys
2009-06-18 22:21 16,896 ac------ c:\windows\system32\dllcache\msyuv.dll
2009-06-18 22:21 294,912 a------- c:\windows\system32\msh263.drv
2009-06-18 22:21 49,408 a------- c:\windows\system32\drivers\stream.sys
2009-06-18 22:21 16,896 a------- c:\windows\system32\msyuv.dll
2009-06-18 22:19 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-18 22:19 446,464 a------- c:\windows\system32\nvunrm.exe
2009-06-18 22:19 6,045 a------- c:\windows\system32\nvnrm.nvu
2009-06-18 22:19 380,416 -------- c:\windows\system32\irprops.cpl
2009-06-18 22:19 57,667 a------- c:\windows\system32\ieuinit.inf
2009-06-18 22:19 929 a------- c:\windows\system32\homepage.inf
2009-06-18 22:12 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 22:10 <DIR> --d----- c:\windows\system32\Asuscq_V21711
2009-06-18 22:09 1,746 a------- c:\windows\Language_trs.ini
2009-06-18 22:06 8,192 ac------ c:\windows\system32\dllcache\tsbyuv.dll
2009-06-18 22:06 8,192 a------- c:\windows\system32\tsbyuv.dll
2009-06-18 22:06 47,616 ac------ c:\windows\system32\dllcache\iyuv_32.dll
2009-06-18 22:06 47,616 a------- c:\windows\system32\iyuv_32.dll
2009-06-18 22:04 442,368 a------- c:\windows\system32\nvuhda.exe
2009-06-18 22:04 41,984 a------- c:\windows\system32\nvcohda.dll
2009-06-18 22:04 38,176 a------- c:\windows\system32\drivers\nvhda32.sys
2009-06-18 22:04 351 a------- c:\windows\system32\nvhda.nvu
2009-06-18 22:04 <DIR> --d----- c:\windows\system32\HDMI
2009-06-18 22:00 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-06-18 21:58 213,016 a------- c:\windows\system32\wuaucpl.cpl
2009-06-18 21:42 30,600 a------- c:\windows\system32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 30,600 a------- c:\windows\system32\BMXState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 29,604 a------- c:\windows\system32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 29,604 a------- c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 11,564 a------- c:\windows\system32\DVCState-{00000001-00000000-00000008-00001102-00000008-10211102}.rfx
2009-06-18 21:42 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-06-18 21:42 1,080 a------- c:\windows\system32\settings.sfm
2009-06-18 21:41 4,958,588 a------- c:\windows\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-06-18 21:30 <DIR> -cd-h--- C:\f2c6246b83671395532e90b9d0c99e92
2009-06-18 21:25 <DIR> --d----- c:\windows\ASUSInstAll
2009-06-18 21:23 28,160 a------- c:\windows\system32\PostProc.dll
2009-06-18 21:23 392,960 a------- c:\windows\system32\drivers\senfilt.sys
2009-06-18 21:23 313,856 a------- c:\windows\system32\drivers\ADIHdAud.sys
2009-06-18 21:23 103,424 a------- c:\windows\system32\drivers\aeaudio.sys
2009-06-18 21:23 1,285,632 -------- c:\windows\system32\SMMedia.dll
2009-06-18 21:23 53,248 -------- c:\windows\system32\wdmioctl.dll
2009-06-18 21:23 <DIR> --d----- c:\program files\Analog Devices
2009-06-18 21:23 49,152 -------- c:\windows\system32\DSndUp.exe
2009-06-18 21:23 45,056 -------- c:\windows\system32\CleanUp.exe
2009-06-18 21:22 <DIR> --d----- c:\program files\profile
2009-06-18 21:22 <DIR> --d----- c:\program files\bin32
2009-06-18 21:21 215,465 a------- c:\windows\system32\nvapps.nvb
2009-06-18 21:20 13,312 a----r-- c:\windows\system32\drivers\nvsmu.sys
2009-06-18 21:19 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-18 21:19 195,973 a------- c:\windows\system32\nvapps.xml
2009-06-18 21:19 453,152 a------- c:\windows\system32\nvudisp.exe
2009-06-18 21:19 19,054 a------- c:\windows\system32\nvdisp.nvu
2009-06-18 21:19 <DIR> --d----- c:\windows\nview
2009-06-18 21:19 53,248 a----r-- c:\windows\system32\InstMed.exe
2009-06-18 21:18 256 a------- c:\windows\_delis32.ini
2009-06-18 21:18 3,948 a----r-- c:\windows\system32\drivers\nvphy.bin
2009-06-18 21:18 356,352 a----r-- c:\windows\system32\nvusmu.exe
2009-06-18 21:18 659 a----r-- c:\windows\system32\nvsmu.nvu
2009-06-18 21:18 442,368 a----r-- c:\windows\system32\nvusmb.exe
2009-06-18 21:18 2,016 a----r-- c:\windows\system32\nvsmb.nvu
2009-06-18 21:18 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-06-18 21:17 34,836 a------- c:\windows\Ascd_log.ini
2009-06-18 21:16 5,810 a----r-- c:\windows\system32\drivers\ASACPI.sys
2009-06-18 21:15 <DIR> --d----- c:\program files\Creative
2009-06-18 21:14 46,593 a----r-- c:\windows\system32\e10kxwdm.ini
2009-06-18 21:14 11,776 a------- c:\windows\INRES.DLL
2009-06-18 21:14 10,240 a------- c:\windows\CTDCRES.DLL
2009-06-18 21:14 0 a------- c:\windows\system32\ctzapxx.ini
2009-06-18 21:14 <DIR> --d----- c:\windows\system32\Data
2009-06-18 21:10 16,176 -------- c:\windows\system32\drivers\NVXBAR.SYS
2009-06-18 21:10 141,246 -------- c:\windows\system32\drivers\NVCAP.SYS
2009-06-18 21:10 29,696 -------- c:\windows\system32\FILTER.AX
2009-06-18 20:51 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-06-18 20:50 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-06-18 20:49 544 a------- c:\windows\DFC.INI
2009-06-18 20:44 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-18 20:44 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-18 20:41 267,272 a------- c:\windows\system32\xactengine2_10.dll
2009-06-18 20:40 261,480 a------- c:\windows\system32\xactengine2_7.dll
2009-06-18 20:39 51,200 a------- c:\windows\system32\drivers\msdv.sys
2009-06-18 20:39 83,456 a------- c:\windows\system32\l3codecx.ax
2009-06-18 20:39 66,056 a------- c:\windows\system32\dxdllreg.exe
2009-06-18 20:38 <DIR> --d----- c:\program files\XpertVision
2009-06-18 20:34 <DIR> -cd-h--- c:\windows\$xpsp1hfm$
2009-06-18 20:34 <DIR> -cd-h--- C:\63272dd
2009-06-18 20:34 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-18 20:34 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-18 20:32 60,032 a------- c:\windows\system32\drivers\usbaudio.sys
2009-06-18 20:30 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-06-18 20:29 8,832 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-06-18 20:28 196,224 a------- c:\windows\system32\drivers\rdpdr.sys
2009-06-18 20:28 40,840 a------- c:\windows\system32\drivers\termdd.sys

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-07 13:38 6,724 a------- c:\windows\system32\d3d9caps.dat
2009-06-19 00:18 66,706 a------- c:\windows\BricoPackUninst.cmd
2009-06-19 00:18 218,624 a------- c:\windows\system32\uxtheme.dll
2009-06-18 21:15 233,472 a------- c:\windows\system32\wrap_oal.dll
2009-06-18 21:15 81,920 a------- c:\windows\system32\OpenAL32.dll
2009-06-18 20:48 86,665 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-18 20:40 23,720 a------- c:\windows\system32\emptyregdb.dat
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-27 02:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll

============= FINISH: 23:27:52.50 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users